23:18:53.0921 1768 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
23:18:54.0046 1768 ============================================================
23:18:54.0046 1768 Current date / time: 2012/06/28 23:18:54.0046
23:18:54.0046 1768 SystemInfo:
23:18:54.0046 1768
23:18:54.0046 1768 OS Version: 5.1.2600 ServicePack: 3.0
23:18:54.0046 1768 Product type: Workstation
23:18:54.0046 1768 ComputerName: RODINA-CDC56827
23:18:54.0046 1768 UserName: this computer
23:18:54.0046 1768 Windows directory: C:\WINDOWS
23:18:54.0046 1768 System windows directory: C:\WINDOWS
23:18:54.0046 1768 Processor architecture: Intel x86
23:18:54.0046 1768 Number of processors: 1
23:18:54.0046 1768 Page size: 0x1000
23:18:54.0046 1768 Boot type: Safe boot with network
23:18:54.0046 1768 ============================================================
23:18:57.0031 1768 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:18:57.0031 1768 ============================================================
23:18:57.0031 1768 \Device\Harddisk0\DR0:
23:18:57.0031 1768 MBR partitions:
23:18:57.0031 1768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
23:18:57.0031 1768 ============================================================
23:18:57.0078 1768 C: <-> \Device\Harddisk0\DR0\Partition0
23:18:57.0156 1768 ============================================================
23:18:57.0156 1768 Initialize success
23:18:57.0156 1768 ============================================================
23:19:01.0656 0216 ============================================================
23:19:01.0656 0216 Scan started
23:19:01.0656 0216 Mode: Manual;
23:19:01.0656 0216 ============================================================
23:19:05.0437 0216 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:19:05.0437 0216 Aavmker4 - ok
23:19:05.0500 0216 Abiosdsk - ok
23:19:05.0531 0216 abp480n5 - ok
23:19:05.0718 0216 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:19:05.0781 0216 ACPI - ok
23:19:05.0828 0216 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:19:05.0843 0216 ACPIEC - ok
23:19:05.0890 0216 ADILOADER (6278ab04aae16c1438f3c4d34706c3b7) C:\WINDOWS\system32\Drivers\adildr.sys
23:19:05.0906 0216 ADILOADER - ok
23:19:06.0015 0216 adiusbaw (88fa846846e5080fa2d2fbec1ef2aeaa) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
23:19:06.0046 0216 adiusbaw - ok
23:19:06.0250 0216 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:19:06.0359 0216 AdobeFlashPlayerUpdateSvc - ok
23:19:06.0375 0216 adpu160m - ok
23:19:06.0484 0216 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:19:06.0531 0216 aec - ok
23:19:06.0625 0216 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:19:06.0687 0216 AFD - ok
23:19:06.0718 0216 Aha154x - ok
23:19:06.0765 0216 aic78u2 - ok
23:19:06.0796 0216 aic78xx - ok
23:19:08.0171 0216 ALCXWDM (d9026163ed32a13923a2c909897a6b87) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:19:09.0328 0216 ALCXWDM - ok
23:19:09.0562 0216 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
23:19:09.0562 0216 Alerter - ok
23:19:09.0625 0216 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
23:19:09.0640 0216 ALG - ok
23:19:09.0703 0216 AliIde - ok
23:19:09.0750 0216 amsint - ok
23:19:09.0843 0216 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
23:19:09.0859 0216 AppMgmt - ok
23:19:09.0890 0216 asc - ok
23:19:09.0937 0216 asc3350p - ok
23:19:09.0984 0216 asc3550 - ok
23:19:10.0187 0216 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:19:10.0203 0216 aspnet_state - ok
23:19:10.0234 0216 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:19:10.0250 0216 aswFsBlk - ok
23:19:10.0296 0216 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
23:19:10.0343 0216 aswMon2 - ok
23:19:10.0390 0216 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
23:19:10.0390 0216 aswRdr - ok
23:19:10.0500 0216 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
23:19:10.0546 0216 aswSP - ok
23:19:10.0593 0216 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
23:19:10.0609 0216 aswTdi - ok
23:19:10.0671 0216 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:19:10.0671 0216 AsyncMac - ok
23:19:10.0750 0216 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:19:10.0750 0216 atapi - ok
23:19:10.0765 0216 Atdisk - ok
23:19:11.0000 0216 Ati HotKey Poller (9c9064c0d6147e233fcbc44ff6cb3a09) C:\WINDOWS\system32\Ati2evxx.exe
23:19:11.0171 0216 Ati HotKey Poller - ok
23:19:11.0390 0216 ATI Smart (960f36a5382db8b7a95f9ccfeebff761) C:\WINDOWS\system32\ati2sgag.exe
23:19:11.0578 0216 ATI Smart - ok
23:19:12.0687 0216 ati2mtag (b1ae41cfe277e043837aa2b875adb757) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:19:13.0656 0216 ati2mtag - ok
23:19:14.0031 0216 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\WINDOWS\system32\DRIVERS\atksgt.sys
23:19:14.0125 0216 atksgt - ok
23:19:14.0187 0216 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:19:14.0203 0216 Atmarpc - ok
23:19:14.0281 0216 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
23:19:14.0296 0216 AudioSrv - ok
23:19:14.0359 0216 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:19:14.0359 0216 audstub - ok
23:19:14.0484 0216 avast! Antivirus (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:19:14.0500 0216 avast! Antivirus - ok
23:19:14.0531 0216 avast! Mail Scanner (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:19:14.0531 0216 avast! Mail Scanner - ok
23:19:14.0562 0216 avast! Web Scanner (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:19:14.0562 0216 avast! Web Scanner - ok
23:19:14.0640 0216 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:19:14.0640 0216 Beep - ok
23:19:14.0796 0216 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
23:19:14.0921 0216 BITS - ok
23:19:15.0000 0216 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
23:19:15.0031 0216 Browser - ok
23:19:15.0093 0216 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:19:15.0093 0216 cbidf2k - ok
23:19:15.0140 0216 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:19:15.0140 0216 CCDECODE - ok
23:19:15.0171 0216 cd20xrnt - ok
23:19:15.0234 0216 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:19:15.0234 0216 Cdaudio - ok
23:19:15.0296 0216 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:19:15.0312 0216 Cdfs - ok
23:19:15.0375 0216 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:19:15.0375 0216 Cdrom - ok
23:19:15.0406 0216 Changer - ok
23:19:15.0484 0216 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
23:19:15.0484 0216 CiSvc - ok
23:19:15.0562 0216 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
23:19:15.0562 0216 ClipSrv - ok
23:19:15.0734 0216 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:15.0750 0216 clr_optimization_v2.0.50727_32 - ok
23:19:15.0890 0216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:15.0937 0216 clr_optimization_v4.0.30319_32 - ok
23:19:15.0984 0216 CmdIde - ok
23:19:16.0015 0216 cmuda - ok
23:19:16.0062 0216 COMSysApp - ok
23:19:16.0125 0216 Cpqarray - ok
23:19:16.0203 0216 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
23:19:16.0218 0216 CryptSvc - ok
23:19:16.0234 0216 dac2w2k - ok
23:19:16.0281 0216 dac960nt - ok
23:19:16.0437 0216 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
23:19:16.0546 0216 DcomLaunch - ok
23:19:16.0656 0216 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
23:19:16.0703 0216 Dhcp - ok
23:19:16.0750 0216 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:19:16.0765 0216 Disk - ok
23:19:16.0796 0216 dmadmin - ok
23:19:16.0921 0216 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
23:19:16.0984 0216 dmboot - ok
23:19:17.0093 0216 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
23:19:17.0140 0216 dmio - ok
23:19:17.0203 0216 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:19:17.0203 0216 dmload - ok
23:19:17.0265 0216 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
23:19:17.0265 0216 dmserver - ok
23:19:17.0328 0216 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:19:17.0359 0216 DMusic - ok
23:19:17.0421 0216 Dnscache (0634b791684b84f4a331f3d3536feef8) C:\WINDOWS\System32\dnsrslvr.dll
23:19:17.0437 0216 Dnscache - ok
23:19:17.0531 0216 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
23:19:17.0593 0216 Dot3svc - ok
23:19:17.0625 0216 dpti2o - ok
23:19:17.0671 0216 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:19:17.0671 0216 drmkaud - ok
23:19:17.0859 0216 dump_wmimmc - ok
23:19:18.0093 0216 EagleNT - ok
23:19:18.0140 0216 EagleXNt - ok
23:19:18.0218 0216 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
23:19:18.0218 0216 EapHost - ok
23:19:18.0312 0216 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
23:19:18.0328 0216 ERSvc - ok
23:19:18.0421 0216 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:19:18.0468 0216 Eventlog - ok
23:19:18.0593 0216 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
23:19:18.0671 0216 EventSystem - ok
23:19:18.0781 0216 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:19:18.0828 0216 Fastfat - ok
23:19:18.0921 0216 FastUserSwitchingCompatibility (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
23:19:18.0968 0216 FastUserSwitchingCompatibility - ok
23:19:19.0031 0216 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:19:19.0031 0216 Fdc - ok
23:19:19.0078 0216 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
23:19:19.0093 0216 FETNDIS - ok
23:19:19.0140 0216 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
23:19:19.0156 0216 Fips - ok
23:19:19.0234 0216 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:19:19.0234 0216 Flpydisk - ok
23:19:19.0328 0216 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:19:19.0375 0216 FltMgr - ok
23:19:19.0484 0216 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:19:19.0500 0216 FontCache3.0.0.0 - ok
23:19:19.0546 0216 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:19:19.0546 0216 Fs_Rec - ok
23:19:19.0625 0216 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:19:19.0656 0216 Ftdisk - ok
23:19:19.0687 0216 GMSIPCI - ok
23:19:19.0765 0216 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:19:19.0781 0216 Gpc - ok
23:19:19.0953 0216 gupdate1c9ae3cc6d08096 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:19:19.0984 0216 gupdate1c9ae3cc6d08096 - ok
23:19:20.0000 0216 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:19:20.0000 0216 gupdatem - ok
23:19:20.0109 0216 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:19:20.0171 0216 gusvc - ok
23:19:20.0265 0216 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:19:20.0265 0216 helpsvc - ok
23:19:20.0343 0216 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
23:19:20.0343 0216 HidServ - ok
23:19:20.0406 0216 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:19:20.0406 0216 HidUsb - ok
23:19:20.0484 0216 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
23:19:20.0500 0216 hkmsvc - ok
23:19:20.0531 0216 hpn - ok
23:19:20.0687 0216 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:19:20.0765 0216 HTTP - ok
23:19:20.0812 0216 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
23:19:20.0828 0216 HTTPFilter - ok
23:19:20.0859 0216 i2omgmt - ok
23:19:20.0890 0216 i2omp - ok
23:19:20.0968 0216 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:19:20.0984 0216 i8042prt - ok
23:19:21.0109 0216 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:19:21.0156 0216 IDriverT - ok
23:19:21.0218 0216 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:19:21.0234 0216 Imapi - ok
23:19:21.0343 0216 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
23:19:21.0390 0216 ImapiService - ok
23:19:21.0437 0216 ini910u - ok
23:19:21.0500 0216 IntelIde - ok
23:19:21.0578 0216 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:19:21.0593 0216 intelppm - ok
23:19:21.0656 0216 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:19:21.0656 0216 Ip6Fw - ok
23:19:21.0734 0216 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:19:21.0734 0216 IpFilterDriver - ok
23:19:21.0781 0216 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:19:21.0796 0216 IpInIp - ok
23:19:21.0890 0216 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:19:21.0953 0216 IpNat - ok
23:19:22.0031 0216 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:19:22.0046 0216 IPSec - ok
23:19:22.0125 0216 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:19:22.0125 0216 IRENUM - ok
23:19:22.0203 0216 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:19:22.0218 0216 isapnp - ok
23:19:22.0328 0216 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
23:19:22.0343 0216 ISODrive - ok
23:19:22.0468 0216 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
23:19:22.0515 0216 JavaQuickStarterService - ok
23:19:22.0578 0216 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:19:22.0578 0216 Kbdclass - ok
23:19:22.0625 0216 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:19:22.0640 0216 kbdhid - ok
23:19:22.0718 0216 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:19:22.0781 0216 kmixer - ok
23:19:22.0843 0216 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:19:22.0875 0216 KSecDD - ok
23:19:22.0953 0216 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
23:19:22.0984 0216 lanmanserver - ok
23:19:23.0078 0216 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
23:19:23.0125 0216 lanmanworkstation - ok
23:19:23.0171 0216 lbrtfdc - ok
23:19:23.0281 0216 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23:19:23.0281 0216 lirsgt - ok
23:19:23.0343 0216 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
23:19:23.0359 0216 LmHosts - ok
23:19:24.0062 0216 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
23:19:24.0671 0216 LVcKap - ok
23:19:24.0859 0216 LVCOMSer (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
23:19:24.0921 0216 LVCOMSer - ok
23:19:25.0906 0216 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
23:19:26.0484 0216 LVMVDrv - ok
23:19:26.0781 0216 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
23:19:26.0781 0216 LVPr2Mon - ok
23:19:26.0953 0216 LVPrcSrv (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
23:19:27.0015 0216 LVPrcSrv - ok
23:19:27.0109 0216 LVSrvLauncher (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
23:19:27.0140 0216 LVSrvLauncher - ok
23:19:27.0203 0216 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\drivers\LVUSBSta.sys
23:19:27.0218 0216 LVUSBSta - ok
23:19:27.0281 0216 massfilter (0b058116d3d4ecca7ded38f16e0581b2) C:\WINDOWS\system32\drivers\massfilter.sys
23:19:27.0281 0216 massfilter - ok
23:19:27.0468 0216 MDM (8527345a4a47ee5fb329c42821955606) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
23:19:27.0546 0216 MDM - ok
23:19:27.0640 0216 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
23:19:27.0640 0216 Messenger - ok
23:19:27.0703 0216 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:19:27.0703 0216 mnmdd - ok
23:19:27.0765 0216 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
23:19:27.0765 0216 mnmsrvc - ok
23:19:27.0859 0216 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
23:19:27.0859 0216 Modem - ok
23:19:27.0906 0216 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:19:27.0906 0216 Mouclass - ok
23:19:27.0937 0216 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:19:27.0953 0216 mouhid - ok
23:19:28.0015 0216 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:19:28.0031 0216 MountMgr - ok
23:19:28.0062 0216 mraid35x - ok
23:19:28.0187 0216 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:19:28.0234 0216 MRxDAV - ok
23:19:28.0453 0216 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:19:28.0578 0216 MRxSmb - ok
23:19:28.0640 0216 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
23:19:28.0640 0216 MSDTC - ok
23:19:28.0750 0216 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:19:28.0750 0216 Msfs - ok
23:19:28.0765 0216 MSIServer - ok
23:19:28.0828 0216 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:19:28.0828 0216 MSKSSRV - ok
23:19:28.0859 0216 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:19:28.0875 0216 MSPCLOCK - ok
23:19:28.0937 0216 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:19:28.0937 0216 MSPQM - ok
23:19:28.0984 0216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:19:28.0984 0216 mssmbios - ok
23:19:29.0062 0216 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
23:19:29.0062 0216 MSTEE - ok
23:19:29.0140 0216 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:19:29.0187 0216 Mup - ok
23:19:29.0265 0216 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:19:29.0281 0216 NABTSFEC - ok
23:19:29.0421 0216 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
23:19:29.0515 0216 napagent - ok
23:19:29.0625 0216 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:19:29.0671 0216 NDIS - ok
23:19:29.0718 0216 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:19:29.0734 0216 NdisIP - ok
23:19:29.0781 0216 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:19:29.0781 0216 NdisTapi - ok
23:19:29.0843 0216 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:19:29.0843 0216 Ndisuio - ok
23:19:29.0906 0216 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:19:29.0937 0216 NdisWan - ok
23:19:30.0000 0216 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:19:30.0015 0216 NDProxy - ok
23:19:30.0078 0216 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:19:30.0078 0216 NetBIOS - ok
23:19:30.0187 0216 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:19:30.0234 0216 NetBT - ok
23:19:30.0312 0216 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:19:30.0359 0216 NetDDE - ok
23:19:30.0390 0216 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:19:30.0390 0216 NetDDEdsdm - ok
23:19:30.0453 0216 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:19:30.0453 0216 Netlogon - ok
23:19:30.0546 0216 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
23:19:30.0609 0216 Netman - ok
23:19:30.0781 0216 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:19:30.0828 0216 NetTcpPortSharing - ok
23:19:30.0968 0216 Nla (1289b7611ccd6cb27596ae92cbf03e35) C:\WINDOWS\System32\mswsock.dll
23:19:31.0031 0216 Nla - ok
23:19:31.0250 0216 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23:19:31.0390 0216 NMIndexingService - ok
23:19:31.0484 0216 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:19:31.0484 0216 nmwcd - ok
23:19:31.0531 0216 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:19:31.0531 0216 nmwcdc - ok
23:19:31.0609 0216 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:19:31.0609 0216 Npfs - ok
23:19:31.0640 0216 npggsvc - ok
23:19:31.0718 0216 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
23:19:31.0718 0216 NPPTNT2 - ok
23:19:31.0765 0216 NTACCESS - ok
23:19:31.0953 0216 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:19:32.0125 0216 Ntfs - ok
23:19:32.0187 0216 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:19:32.0187 0216 NtLmSsp - ok
23:19:32.0390 0216 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
23:19:32.0515 0216 NtmsSvc - ok
23:19:32.0593 0216 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:19:32.0593 0216 Null - ok
23:19:32.0640 0216 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:19:32.0656 0216 NwlnkFlt - ok
23:19:32.0687 0216 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:19:32.0703 0216 NwlnkFwd - ok
23:19:32.0859 0216 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:19:32.0875 0216 ose - ok
23:19:32.0953 0216 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
23:19:32.0984 0216 Parport - ok
23:19:33.0031 0216 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:19:33.0031 0216 PartMgr - ok
23:19:33.0109 0216 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
23:19:33.0109 0216 ParVdm - ok
23:19:33.0171 0216 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:19:33.0187 0216 pccsmcfd - ok
23:19:33.0250 0216 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
23:19:33.0281 0216 PCI - ok
23:19:33.0312 0216 PCIDump - ok
23:19:33.0343 0216 PCIIde - ok
23:19:33.0421 0216 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:19:33.0453 0216 Pcmcia - ok
23:19:33.0484 0216 PDCOMP - ok
23:19:33.0531 0216 PDFRAME - ok
23:19:33.0578 0216 PDRELI - ok
23:19:33.0609 0216 PDRFRAME - ok
23:19:33.0671 0216 pepifilter (c5d5ea6a29523e0f6016741e9851c6db) C:\WINDOWS\system32\DRIVERS\lv302af.sys
23:19:33.0671 0216 pepifilter - ok
23:19:33.0703 0216 perc2 - ok
23:19:33.0734 0216 perc2hib - ok
23:19:34.0250 0216 PID_PEPI (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
23:19:34.0625 0216 PID_PEPI - ok
23:19:34.0718 0216 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:19:34.0718 0216 PlugPlay - ok
23:19:34.0828 0216 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
23:19:34.0843 0216 PnkBstrA - ok
23:19:34.0921 0216 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:19:34.0921 0216 PolicyAgent - ok
23:19:35.0031 0216 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:19:35.0046 0216 PptpMiniport - ok
23:19:35.0078 0216 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:19:35.0078 0216 ProtectedStorage - ok
23:19:35.0156 0216 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:19:35.0171 0216 PSched - ok
23:19:35.0218 0216 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:19:35.0218 0216 Ptilink - ok
23:19:35.0281 0216 ql1080 - ok
23:19:35.0312 0216 Ql10wnt - ok
23:19:35.0343 0216 ql12160 - ok
23:19:35.0390 0216 ql1240 - ok
23:19:35.0421 0216 ql1280 - ok
23:19:35.0468 0216 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:19:35.0468 0216 RasAcd - ok
23:19:35.0531 0216 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
23:19:35.0562 0216 RasAuto - ok
23:19:35.0640 0216 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:19:35.0656 0216 Rasl2tp - ok
23:19:35.0750 0216 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
23:19:35.0796 0216 RasMan - ok
23:19:35.0875 0216 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:19:35.0890 0216 RasPppoe - ok
23:19:35.0937 0216 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:19:35.0937 0216 Raspti - ok
23:19:36.0031 0216 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:19:36.0078 0216 Rdbss - ok
23:19:36.0140 0216 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:19:36.0140 0216 RDPCDD - ok
23:19:36.0250 0216 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:19:36.0312 0216 rdpdr - ok
23:19:36.0437 0216 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:19:36.0468 0216 RDPWD - ok
23:19:36.0562 0216 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
23:19:36.0609 0216 RDSessMgr - ok
23:19:36.0656 0216 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:19:36.0687 0216 redbook - ok
23:19:36.0750 0216 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
23:19:36.0765 0216 RemoteAccess - ok
23:19:36.0843 0216 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
23:19:36.0875 0216 RemoteRegistry - ok
23:19:36.0968 0216 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
23:19:36.0984 0216 RpcLocator - ok
23:19:37.0156 0216 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
23:19:37.0156 0216 RpcSs - ok
23:19:37.0265 0216 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
23:19:37.0312 0216 RSVP - ok
23:19:37.0390 0216 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:19:37.0390 0216 SamSs - ok
23:19:37.0484 0216 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
23:19:37.0515 0216 SCardSvr - ok
23:19:37.0625 0216 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
23:19:37.0687 0216 Schedule - ok
23:19:37.0750 0216 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:19:37.0750 0216 Secdrv - ok
23:19:37.0812 0216 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
23:19:37.0828 0216 seclogon - ok
23:19:37.0859 0216 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
23:19:37.0890 0216 SENS - ok
23:19:37.0953 0216 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:19:37.0953 0216 serenum - ok
23:19:38.0015 0216 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
23:19:38.0031 0216 Serial - ok
23:19:38.0109 0216 sermouse (61490899036b14dedc24babd847d7001) C:\WINDOWS\system32\DRIVERS\sermouse.sys
23:19:38.0109 0216 sermouse - ok
23:19:38.0406 0216 ServiceLayer (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:19:38.0593 0216 ServiceLayer - ok
23:19:38.0734 0216 SetupNTGLM7X - ok
23:19:38.0812 0216 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
23:19:38.0828 0216 sfdrv01 - ok
23:19:38.0875 0216 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
23:19:38.0890 0216 sfhlp02 - ok
23:19:38.0937 0216 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:19:38.0937 0216 Sfloppy - ok
23:19:39.0000 0216 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
23:19:39.0000 0216 sfsync02 - ok
23:19:39.0171 0216 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
23:19:39.0265 0216 SharedAccess - ok
23:19:39.0359 0216 ShellHWDetection (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
23:19:39.0390 0216 ShellHWDetection - ok
23:19:39.0421 0216 Simbad - ok
23:19:39.0531 0216 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
23:19:39.0578 0216 SkypeUpdate - ok
23:19:39.0609 0216 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:19:39.0625 0216 SLIP - ok
23:19:39.0687 0216 Sparrow - ok
23:19:39.0734 0216 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:19:39.0734 0216 splitter - ok
23:19:39.0796 0216 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:19:39.0812 0216 Spooler - ok
23:19:39.0906 0216 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
23:19:39.0921 0216 sr - ok
23:19:40.0031 0216 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
23:19:40.0093 0216 srservice - ok
23:19:40.0265 0216 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
23:19:40.0359 0216 Srv - ok
23:19:40.0437 0216 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
23:19:40.0453 0216 SSDPSRV - ok
23:19:40.0609 0216 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
23:19:40.0718 0216 stisvc - ok
23:19:40.0781 0216 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:19:40.0781 0216 streamip - ok
23:19:40.0843 0216 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:19:40.0843 0216 swenum - ok
23:19:40.0906 0216 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:19:40.0921 0216 swmidi - ok
23:19:40.0968 0216 SwPrv - ok
23:19:41.0031 0216 symc810 - ok
23:19:41.0062 0216 symc8xx - ok
23:19:41.0093 0216 sym_hi - ok
23:19:41.0140 0216 sym_u3 - ok
23:19:41.0203 0216 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:19:41.0234 0216 sysaudio - ok
23:19:41.0328 0216 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
23:19:41.0343 0216 SysmonLog - ok
23:19:41.0453 0216 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
23:19:41.0546 0216 TapiSrv - ok
23:19:41.0703 0216 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:19:41.0828 0216 Tcpip - ok
23:19:41.0890 0216 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:19:41.0890 0216 TDPIPE - ok
23:19:41.0937 0216 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:19:41.0937 0216 TDTCP - ok
23:19:42.0000 0216 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:19:42.0000 0216 TermDD - ok
23:19:42.0171 0216 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
23:19:42.0171 0216 TermService - ok
23:19:42.0250 0216 Themes (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
23:19:42.0265 0216 Themes - ok
23:19:42.0343 0216 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
23:19:42.0359 0216 TlntSvr - ok
23:19:42.0406 0216 TosIde - ok
23:19:42.0484 0216 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
23:19:42.0515 0216 TrkWks - ok
23:19:42.0609 0216 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:19:42.0625 0216 uagp35 - ok
23:19:42.0687 0216 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:19:42.0703 0216 Udfs - ok
23:19:42.0734 0216 ultra - ok
23:19:42.0921 0216 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:19:43.0031 0216 Update - ok
23:19:43.0156 0216 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
23:19:43.0203 0216 upnphost - ok
23:19:43.0265 0216 upperdev (a34560a5d516a2f5240180370866b99d) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:19:43.0265 0216 upperdev - ok
23:19:43.0328 0216 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
23:19:43.0343 0216 UPS - ok
23:19:43.0406 0216 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:19:43.0421 0216 usbaudio - ok
23:19:43.0468 0216 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:19:43.0484 0216 usbccgp - ok
23:19:43.0531 0216 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:19:43.0531 0216 usbehci - ok
23:19:43.0578 0216 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:19:43.0593 0216 usbhub - ok
23:19:43.0656 0216 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:19:43.0671 0216 usbprint - ok
23:19:43.0718 0216 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:19:43.0734 0216 usbscan - ok
23:19:43.0781 0216 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
23:19:43.0781 0216 usbser - ok
23:19:43.0828 0216 UsbserFilt (6410eebd6e0427466812858ee84c8467) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:19:43.0843 0216 UsbserFilt - ok
23:19:43.0890 0216 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:19:43.0890 0216 USBSTOR - ok
23:19:43.0968 0216 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:19:43.0968 0216 usbuhci - ok
23:19:44.0015 0216 USB_RNDIS (f39039d5c96c1d3ac2a637a659dbf282) C:\WINDOWS\system32\DRIVERS\usb8023k.sys
23:19:44.0015 0216 USB_RNDIS - ok
23:19:44.0093 0216 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:19:44.0093 0216 VgaSave - ok
23:19:44.0171 0216 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:19:44.0171 0216 ViaIde - ok
23:19:44.0312 0216 VIAudio (ec14fedcfc97f0af98215ce385afec23) C:\WINDOWS\system32\drivers\viaudios.sys
23:19:44.0421 0216 VIAudio - ok
23:19:44.0484 0216 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
23:19:44.0500 0216 VolSnap - ok
23:19:44.0546 0216 Vsp (aaf94bc88ecdf0ae0586805dad1e59c4) C:\WINDOWS\system32\drivers\Vsp.sys
23:19:44.0546 0216 Vsp - ok
23:19:44.0671 0216 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
23:19:44.0765 0216 VSS - ok
23:19:44.0875 0216 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
23:19:44.0921 0216 W32Time - ok
23:19:44.0984 0216 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:19:45.0000 0216 Wanarp - ok
23:19:45.0203 0216 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:19:45.0343 0216 Wdf01000 - ok
23:19:45.0375 0216 WDICA - ok
23:19:45.0453 0216 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:19:45.0468 0216 wdmaud - ok
23:19:45.0546 0216 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
23:19:45.0562 0216 WebClient - ok
23:19:45.0718 0216 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:19:45.0765 0216 winmgmt - ok
23:19:45.0906 0216 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:19:45.0906 0216 WmdmPmSN - ok
23:19:46.0171 0216 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
23:19:46.0359 0216 Wmi - ok
23:19:46.0500 0216 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:19:46.0531 0216 WmiApSrv - ok
23:19:46.0609 0216 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:19:46.0609 0216 WpdUsb - ok
23:19:47.0015 0216 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:19:47.0234 0216 WPFFontCache_v0400 - ok
23:19:47.0328 0216 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
23:19:47.0359 0216 wscsvc - ok
23:19:47.0421 0216 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:19:47.0421 0216 WSTCODEC - ok
23:19:47.0453 0216 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
23:19:47.0468 0216 wuauserv - ok
23:19:47.0656 0216 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
23:19:47.0796 0216 WZCSVC - ok
23:19:47.0828 0216 XDva392 - ok
23:19:47.0921 0216 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
23:19:47.0937 0216 xmlprov - ok
23:19:48.0000 0216 ZTEusbmdm6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
23:19:48.0031 0216 ZTEusbmdm6k - ok
23:19:48.0109 0216 ZTEusbnmea (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
23:19:48.0156 0216 ZTEusbnmea - ok
23:19:48.0218 0216 ZTEusbser6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
23:19:48.0250 0216 ZTEusbser6k - ok
23:19:48.0359 0216 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
23:19:48.0890 0216 \Device\Harddisk0\DR0 - ok
23:19:48.0937 0216 Boot (0x1200) (e83e5c0913714c325dbac2e7c3db4d45) \Device\Harddisk0\DR0\Partition0
23:19:48.0937 0216 \Device\Harddisk0\DR0\Partition0 - ok
23:19:48.0953 0216 ============================================================
23:19:48.0953 0216 Scan finished
23:19:48.0953 0216 ============================================================
23:19:49.0015 0200 Detected object count: 0
23:19:49.0015 0200 Actual detected object count: 0
23:20:01.0203 1772 Deinitialize success
ComboFix 12-06-28.03 - this computer 28.06.2012 23:37:03.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.332 [GMT 2:00]
Spuštěný z: c:\documents and settings\this computer\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\documents and settings\this computer\Data aplikací\Microsoft\Windows\aRsoEZr.cfg
c:\documents and settings\this computer\Data aplikací\Microsoft\Windows\aRsoEZr.dat
c:\documents and settings\this computer\Recent\cb.dll
c:\documents and settings\this computer\Recent\cb.tmp
c:\documents and settings\this computer\Recent\cid.sys
c:\documents and settings\this computer\Recent\CLSV.drv
c:\documents and settings\this computer\Recent\DBOLE.tmp
c:\documents and settings\this computer\Recent\ddv.sys
c:\documents and settings\this computer\Recent\eb.dll
c:\documents and settings\this computer\Recent\eb.tmp
c:\documents and settings\this computer\Recent\energy.tmp
c:\documents and settings\this computer\Recent\fix.drv
c:\documents and settings\this computer\Recent\fix.sys
c:\documents and settings\this computer\Recent\PE.drv
c:\documents and settings\this computer\Recent\PE.exe
c:\documents and settings\this computer\Recent\runddlkey.sys
c:\documents and settings\this computer\Recent\sld.exe
c:\documents and settings\this computer\Recent\SM.exe
c:\documents and settings\this computer\Recent\Thumbs.db
c:\documents and settings\this computer\Recent\tjd.tmp
c:\documents and settings\this computer\WINDOWS
c:\program files\4StoryGSP20120405_full.exe
c:\windows\IsUn0405.exe
c:\windows\system32\DC120fc7_32.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\OLD14.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 16:39 . 2012-06-28 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-06-28 16:39 . 2012-06-28 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 16:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 11:53 . 2012-06-26 11:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\.minecraft
2012-06-26 10:37 . 2012-06-26 10:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2012-06-25 16:38 . 2012-06-25 16:39 44 ----a-w- c:\windows\system_32.bat
2012-06-25 16:38 . 2012-06-25 16:39 160 ----a-w- c:\windows\y.reg
2012-06-25 16:38 . 2012-06-25 16:39 156 ----a-w- c:\windows\z.reg
2012-06-19 13:29 . 2012-06-20 05:09 -------- d-----w- c:\program files\ezvid
2012-06-19 13:25 . 2012-06-19 13:25 -------- d-----w- c:\program files\MSBuild
2012-06-19 13:21 . 2012-06-19 13:24 -------- d-----w- C:\4736b01f7c39091f791f5f4c2269f92e
2012-06-06 15:41 . 2012-06-06 15:49 -------- d-----w- c:\program files\Infogrames
2012-06-03 08:45 . 2012-06-03 08:45 -------- d-----w- c:\windows\AppData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:43 . 2012-04-10 19:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 17:43 . 2012-04-10 19:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 12:23 . 2009-12-23 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-03-30 19:28 . 2009-03-30 19:28 2267944 ----a-w- c:\program files\SkypeSetup.exe
1999-03-01 11:33 . 2010-06-29 22:11 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-10-20 323392]
"Facebook Update"="c:\documents and settings\this computer\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system_tray"="shutdown -s -f -t 0" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"ImagePath"="c:\windows\system_32.bat" [2012-06-25 44]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\
Registration Brothers In Arms.LNK - e:\support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-3-9 67128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AudioDeck.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Digimax Viewer 2.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Digimax Viewer 2.0.lnk
backup=c:\windows\pss\Digimax Viewer 2.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Blanka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Blanka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^this computer^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 17:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\this computer\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\this computer\\Plocha\\herní složky\\DARKORBIT HACKY !!\\dark\\WP\\WP669.exe"=
"c:\\Program Files\\QuadCoreM2\\pack\\core.bin"=
"c:\\Program Files\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59131:TCP"= 59131:TCP:Pando Media Booster
"59131:UDP"= 59131:UDP:Pando Media Booster
"59025:TCP"= 59025:TCP:Pando Media Booster
"59025:UDP"= 59025:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
.
S2 gupdate1c9ae3cc6d08096;Služba Google Update (gupdate1c9ae3cc6d08096);c:\program files\Google\Update\GoogleUpdate.exe [26.3.2009 20:00 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.4.2012 21:23 250056]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Zemi Interactive\4Story_US\GameGuard\dump_wmimmc.sys --> c:\program files\Zemi Interactive\4Story_US\GameGuard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.3.2009 20:00 133104]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.1.2012 19:54 9216]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [21.1.2009 17:50 3351]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:43]
.
2012-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 17:22]
.
2012-06-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:25390
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.162.96.10 192.162.97.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe
HKCU-Run-KBot control center - c:\program files\KBot\KBot 5.76\KBotcc.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 06:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,53,42,5b,c3,78,8c,6a,d1,09,31,b0,f7,c8,47,64,f4,71,39,e2,7a,c6,53,
bf,41,02,4e,6d,9c,b5,99,0f,0c,b0,80,b6,23,4c,0a,35,4b,e3,12,35,bb,95,80,47,\
"??"=hex:77,30,0c,60,27,17,9a,4c,78,5e,63,bc,02,31,5c,5a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Celkový čas: 2012-06-29 06:49:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-29 04:49
.
Před spuštěním: Volných bajtů: 19 026 284 544
Po spuštění: Volných bajtů: 20 081 012 736
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A16438F2C11BDB22A470D634DD6F95BF
Vir jako příkazoví řádek
Re: Vir jako příkazoví řádek
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.28.08
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
this computer :: RODINA-CDC56827 [administrator]
28.6.2012 23:01:43
mbam-log-2012-06-28 (23-01-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254719
Time elapsed: 10 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Database version: v2012.06.28.08
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
this computer :: RODINA-CDC56827 [administrator]
28.6.2012 23:01:43
mbam-log-2012-06-28 (23-01-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254719
Time elapsed: 10 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir jako příkazoví řádek
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\system_32.bat
c:\windows\y.reg
c:\windows\z.reg
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Zemi Interactive\4Story_US\GameGuard\dump_wmimmc.sys
c:\windows\system32\drivers\EagleXNt.sys
c:\windows\system32\GameMon.des -service
f:\NTGLM7X.sys
c:\windows\system32\XDva392.sys
Dirlook::
C:\4736b01f7c39091f791f5f4c2269f92e
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system_tray"=-
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
Driver::
gupdate1c9ae3cc6d08096
dump_wmimmc
EagleXNt
gupdatem
npggsvc
SetupNTGLM7X
XDva392
DDS::
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir jako příkazoví řádek
zajímavé teť se mi to nespustilo (CMD) a píšu z normálního profylu tak doufám že to vydrží :)
Re: Vir jako příkazoví řádek
jo a ten log 
ComboFix 12-06-28.03 - this computer 29.06.2012 11:47:05.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.234 [GMT 2:00]
Spuštěný z: c:\documents and settings\this computer\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\this computer\Plocha\CFScript.txt
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Zemi Interactive\4Story_US\GameGuard\dump_wmimmc.sys"
"c:\windows\system_32.bat"
"c:\windows\system32\drivers\EagleXNt.sys"
"c:\windows\system32\GameMon.des -service"
"c:\windows\system32\XDva392.sys"
"c:\windows\y.reg"
"c:\windows\z.reg"
"f:\NTGLM7X.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DUMP_WMIMMC
-------\Legacy_EAGLEXNT
-------\Legacy_GUPDATE1C9AE3CC6D08096
-------\Legacy_SETUPNTGLM7X
-------\Legacy_XDVA392
-------\Service_dump_wmimmc
-------\Service_EagleXNt
-------\Service_gupdate1c9ae3cc6d08096
-------\Service_gupdatem
-------\Service_npggsvc
-------\Service_SetupNTGLM7X
-------\Service_XDva392
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 16:39 . 2012-06-28 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-06-28 16:39 . 2012-06-28 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 16:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 11:53 . 2012-06-26 11:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\.minecraft
2012-06-26 10:37 . 2012-06-26 10:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2012-06-25 16:38 . 2012-06-25 16:39 44 ----a-w- c:\windows\system_32.bat
2012-06-25 16:38 . 2012-06-25 16:39 160 ----a-w- c:\windows\y.reg
2012-06-25 16:38 . 2012-06-25 16:39 156 ----a-w- c:\windows\z.reg
2012-06-19 13:29 . 2012-06-20 05:09 -------- d-----w- c:\program files\ezvid
2012-06-19 13:25 . 2012-06-19 13:25 -------- d-----w- c:\program files\MSBuild
2012-06-19 13:21 . 2012-06-19 13:24 -------- d-----w- C:\4736b01f7c39091f791f5f4c2269f92e
2012-06-06 15:41 . 2012-06-06 15:49 -------- d-----w- c:\program files\Infogrames
2012-06-03 08:45 . 2012-06-03 08:45 -------- d-----w- c:\windows\AppData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:43 . 2012-04-10 19:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 17:43 . 2012-04-10 19:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 12:23 . 2009-12-23 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-03-30 19:28 . 2009-03-30 19:28 2267944 ----a-w- c:\program files\SkypeSetup.exe
1999-03-01 11:33 . 2010-06-29 22:11 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\4736b01f7c39091f791f5f4c2269f92e ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-29_04.39.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 10:06 . 2012-06-29 10:06 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-10-20 323392]
"Facebook Update"="c:\documents and settings\this computer\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\
Registration Brothers In Arms.LNK - e:\support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-3-9 67128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AudioDeck.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Digimax Viewer 2.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Digimax Viewer 2.0.lnk
backup=c:\windows\pss\Digimax Viewer 2.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Blanka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Blanka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^this computer^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 17:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\this computer\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\this computer\\Plocha\\herní složky\\DARKORBIT HACKY !!\\dark\\WP\\WP669.exe"=
"c:\\Program Files\\QuadCoreM2\\pack\\core.bin"=
"c:\\Program Files\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59131:TCP"= 59131:TCP:Pando Media Booster
"59131:UDP"= 59131:UDP:Pando Media Booster
"59025:TCP"= 59025:TCP:Pando Media Booster
"59025:UDP"= 59025:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
.
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.4.2012 21:23 250056]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.1.2012 19:54 9216]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [21.1.2009 17:50 3351]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:43]
.
2012-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 17:22]
.
2012-06-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-03 20:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:25390
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.162.96.10 192.162.97.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 12:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,53,42,5b,c3,78,8c,6a,d1,09,31,b0,f7,c8,47,64,f4,71,39,e2,7a,c6,53,
bf,41,02,4e,6d,9c,b5,99,0f,0c,b0,80,b6,23,4c,0a,35,4b,e3,12,35,bb,95,80,47,\
"??"=hex:77,30,0c,60,27,17,9a,4c,78,5e,63,bc,02,31,5c,5a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(7292)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-06-29 12:57:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-29 10:57
ComboFix2.txt 2012-06-29 04:49
.
Před spuštěním: Volných bajtů: 20 079 595 520
Po spuštění: Volných bajtů: 20 056 522 752
.
- - End Of File - - 315D24CE00A09F8A4672FBE4CC56BD70
ComboFix 12-06-28.03 - this computer 29.06.2012 11:47:05.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.234 [GMT 2:00]
Spuštěný z: c:\documents and settings\this computer\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\this computer\Plocha\CFScript.txt
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Zemi Interactive\4Story_US\GameGuard\dump_wmimmc.sys"
"c:\windows\system_32.bat"
"c:\windows\system32\drivers\EagleXNt.sys"
"c:\windows\system32\GameMon.des -service"
"c:\windows\system32\XDva392.sys"
"c:\windows\y.reg"
"c:\windows\z.reg"
"f:\NTGLM7X.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DUMP_WMIMMC
-------\Legacy_EAGLEXNT
-------\Legacy_GUPDATE1C9AE3CC6D08096
-------\Legacy_SETUPNTGLM7X
-------\Legacy_XDVA392
-------\Service_dump_wmimmc
-------\Service_EagleXNt
-------\Service_gupdate1c9ae3cc6d08096
-------\Service_gupdatem
-------\Service_npggsvc
-------\Service_SetupNTGLM7X
-------\Service_XDva392
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 16:39 . 2012-06-28 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-06-28 16:39 . 2012-06-28 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 16:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 11:53 . 2012-06-26 11:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\.minecraft
2012-06-26 10:37 . 2012-06-26 10:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2012-06-25 16:38 . 2012-06-25 16:39 44 ----a-w- c:\windows\system_32.bat
2012-06-25 16:38 . 2012-06-25 16:39 160 ----a-w- c:\windows\y.reg
2012-06-25 16:38 . 2012-06-25 16:39 156 ----a-w- c:\windows\z.reg
2012-06-19 13:29 . 2012-06-20 05:09 -------- d-----w- c:\program files\ezvid
2012-06-19 13:25 . 2012-06-19 13:25 -------- d-----w- c:\program files\MSBuild
2012-06-19 13:21 . 2012-06-19 13:24 -------- d-----w- C:\4736b01f7c39091f791f5f4c2269f92e
2012-06-06 15:41 . 2012-06-06 15:49 -------- d-----w- c:\program files\Infogrames
2012-06-03 08:45 . 2012-06-03 08:45 -------- d-----w- c:\windows\AppData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:43 . 2012-04-10 19:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 17:43 . 2012-04-10 19:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 12:23 . 2009-12-23 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-03-30 19:28 . 2009-03-30 19:28 2267944 ----a-w- c:\program files\SkypeSetup.exe
1999-03-01 11:33 . 2010-06-29 22:11 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\4736b01f7c39091f791f5f4c2269f92e ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-29_04.39.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 10:06 . 2012-06-29 10:06 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-10-20 323392]
"Facebook Update"="c:\documents and settings\this computer\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\
Registration Brothers In Arms.LNK - e:\support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-3-9 67128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AudioDeck.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Digimax Viewer 2.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Digimax Viewer 2.0.lnk
backup=c:\windows\pss\Digimax Viewer 2.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Blanka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Blanka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^this computer^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 17:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\this computer\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\this computer\\Plocha\\herní složky\\DARKORBIT HACKY !!\\dark\\WP\\WP669.exe"=
"c:\\Program Files\\QuadCoreM2\\pack\\core.bin"=
"c:\\Program Files\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59131:TCP"= 59131:TCP:Pando Media Booster
"59131:UDP"= 59131:UDP:Pando Media Booster
"59025:TCP"= 59025:TCP:Pando Media Booster
"59025:UDP"= 59025:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
.
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.4.2012 21:23 250056]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.1.2012 19:54 9216]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [21.1.2009 17:50 3351]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:43]
.
2012-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 17:22]
.
2012-06-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-03 20:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:25390
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.162.96.10 192.162.97.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 12:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,53,42,5b,c3,78,8c,6a,d1,09,31,b0,f7,c8,47,64,f4,71,39,e2,7a,c6,53,
bf,41,02,4e,6d,9c,b5,99,0f,0c,b0,80,b6,23,4c,0a,35,4b,e3,12,35,bb,95,80,47,\
"??"=hex:77,30,0c,60,27,17,9a,4c,78,5e,63,bc,02,31,5c,5a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(7292)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-06-29 12:57:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-29 10:57
ComboFix2.txt 2012-06-29 04:49
.
Před spuštěním: Volných bajtů: 20 079 595 520
Po spuštění: Volných bajtů: 20 056 522 752
.
- - End Of File - - 315D24CE00A09F8A4672FBE4CC56BD70
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Vir jako příkazoví řádek
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\system_32.bat
c:\windows\y.reg
c:\windows\z.reg
c:\program files\Uninstall Spy Blocker.dll
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\WGASetup.job
Folder::
C:\4736b01f7c39091f791f5f4c2269f92e
c:\program files\Spybot - Search & Destroy
DirLook::
c:\windows\AppData
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Vir jako příkazoví řádek
ComboFix 12-06-28.03 - this computer 29.06.2012 16:21:34.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.192 [GMT 2:00]
Spuštěný z: c:\documents and settings\this computer\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\this computer\Plocha\CFScript.txt
.
FILE ::
"c:\program files\Uninstall Spy Blocker.dll"
"c:\windows\system_32.bat"
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\WGASetup.job"
"c:\windows\y.reg"
"c:\windows\z.reg"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\4736b01f7c39091f791f5f4c2269f92e
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 16:39 . 2012-06-28 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-06-28 16:39 . 2012-06-28 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 16:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 11:53 . 2012-06-26 11:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\.minecraft
2012-06-26 10:37 . 2012-06-26 10:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2012-06-25 16:38 . 2012-06-25 16:39 44 ----a-w- c:\windows\system_32.bat
2012-06-25 16:38 . 2012-06-25 16:39 160 ----a-w- c:\windows\y.reg
2012-06-25 16:38 . 2012-06-25 16:39 156 ----a-w- c:\windows\z.reg
2012-06-19 13:29 . 2012-06-20 05:09 -------- d-----w- c:\program files\ezvid
2012-06-19 13:25 . 2012-06-19 13:25 -------- d-----w- c:\program files\MSBuild
2012-06-06 15:41 . 2012-06-06 15:49 -------- d-----w- c:\program files\Infogrames
2012-06-03 08:45 . 2012-06-03 08:45 -------- d-----w- c:\windows\AppData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:43 . 2012-04-10 19:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 17:43 . 2012-04-10 19:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 12:23 . 2009-12-23 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-03-30 19:28 . 2009-03-30 19:28 2267944 ----a-w- c:\program files\SkypeSetup.exe
1999-03-01 11:33 . 2010-06-29 22:11 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\AppData ----
.
2012-06-03 08:45 . 2012-06-03 08:45 41472 ----a-w- c:\windows\AppData\isvchost.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-29_04.39.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 14:41 . 2012-06-29 14:41 16384 c:\windows\temp\Perflib_Perfdata_760.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-10-20 323392]
"Facebook Update"="c:\documents and settings\this computer\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\
Registration Brothers In Arms.LNK - e:\support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-3-9 67128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AudioDeck.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Digimax Viewer 2.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Digimax Viewer 2.0.lnk
backup=c:\windows\pss\Digimax Viewer 2.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Blanka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Blanka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^this computer^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 17:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\this computer\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\this computer\\Plocha\\herní složky\\DARKORBIT HACKY !!\\dark\\WP\\WP669.exe"=
"c:\\Program Files\\QuadCoreM2\\pack\\core.bin"=
"c:\\Program Files\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59131:TCP"= 59131:TCP:Pando Media Booster
"59131:UDP"= 59131:UDP:Pando Media Booster
"59025:TCP"= 59025:TCP:Pando Media Booster
"59025:UDP"= 59025:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
.
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.4.2012 21:23 250056]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.1.2012 19:54 9216]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [21.1.2009 17:50 3351]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:43]
.
2012-06-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 17:22]
.
2012-06-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-03 20:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:25390
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.162.96.10 192.162.97.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,53,42,5b,c3,78,8c,6a,d1,09,31,b0,f7,c8,47,64,f4,71,39,e2,7a,c6,53,
bf,41,02,4e,6d,9c,b5,99,0f,0c,b0,80,b6,23,4c,0a,35,4b,e3,12,35,bb,95,80,47,\
"??"=hex:77,30,0c,60,27,17,9a,4c,78,5e,63,bc,02,31,5c,5a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(7544)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-06-29 16:53:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-29 14:52
ComboFix2.txt 2012-06-29 10:57
ComboFix3.txt 2012-06-29 04:49
.
Před spuštěním: Volných bajtů: 20 049 281 024
Po spuštění: Volných bajtů: 20 025 573 376
.
- - End Of File - - 0B76003B665DEDD51FF8A88B62BEF94B
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.192 [GMT 2:00]
Spuštěný z: c:\documents and settings\this computer\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\this computer\Plocha\CFScript.txt
.
FILE ::
"c:\program files\Uninstall Spy Blocker.dll"
"c:\windows\system_32.bat"
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\WGASetup.job"
"c:\windows\y.reg"
"c:\windows\z.reg"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\4736b01f7c39091f791f5f4c2269f92e
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 16:39 . 2012-06-28 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-06-28 16:39 . 2012-06-28 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 16:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 11:53 . 2012-06-26 11:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\.minecraft
2012-06-26 10:37 . 2012-06-26 10:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2012-06-25 16:38 . 2012-06-25 16:39 44 ----a-w- c:\windows\system_32.bat
2012-06-25 16:38 . 2012-06-25 16:39 160 ----a-w- c:\windows\y.reg
2012-06-25 16:38 . 2012-06-25 16:39 156 ----a-w- c:\windows\z.reg
2012-06-19 13:29 . 2012-06-20 05:09 -------- d-----w- c:\program files\ezvid
2012-06-19 13:25 . 2012-06-19 13:25 -------- d-----w- c:\program files\MSBuild
2012-06-06 15:41 . 2012-06-06 15:49 -------- d-----w- c:\program files\Infogrames
2012-06-03 08:45 . 2012-06-03 08:45 -------- d-----w- c:\windows\AppData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:43 . 2012-04-10 19:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 17:43 . 2012-04-10 19:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 12:23 . 2009-12-23 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-03-30 19:28 . 2009-03-30 19:28 2267944 ----a-w- c:\program files\SkypeSetup.exe
1999-03-01 11:33 . 2010-06-29 22:11 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\AppData ----
.
2012-06-03 08:45 . 2012-06-03 08:45 41472 ----a-w- c:\windows\AppData\isvchost.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-29_04.39.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 14:41 . 2012-06-29 14:41 16384 c:\windows\temp\Perflib_Perfdata_760.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-10-20 323392]
"Facebook Update"="c:\documents and settings\this computer\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-11-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-13 161336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\
Registration Brothers In Arms.LNK - e:\support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-3-9 67128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AudioDeck.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Digimax Viewer 2.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Digimax Viewer 2.0.lnk
backup=c:\windows\pss\Digimax Viewer 2.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DSLMON.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Blanka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Blanka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^this computer^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\this computer\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 17:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\this computer\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\this computer\\Plocha\\herní složky\\DARKORBIT HACKY !!\\dark\\WP\\WP669.exe"=
"c:\\Program Files\\QuadCoreM2\\pack\\core.bin"=
"c:\\Program Files\\Infogrames\\Robot Arena 2\\Robot Arena 2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59131:TCP"= 59131:TCP:Pando Media Booster
"59131:UDP"= 59131:UDP:Pando Media Booster
"59025:TCP"= 59025:TCP:Pando Media Booster
"59025:UDP"= 59025:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
.
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.4.2012 21:23 250056]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.1.2012 19:54 9216]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [21.1.2009 17:50 3351]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:43]
.
2012-06-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 17:22]
.
2012-06-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-03 20:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:25390
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.162.96.10 192.162.97.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,53,42,5b,c3,78,8c,6a,d1,09,31,b0,f7,c8,47,64,f4,71,39,e2,7a,c6,53,
bf,41,02,4e,6d,9c,b5,99,0f,0c,b0,80,b6,23,4c,0a,35,4b,e3,12,35,bb,95,80,47,\
"??"=hex:77,30,0c,60,27,17,9a,4c,78,5e,63,bc,02,31,5c,5a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(7544)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-06-29 16:53:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-29 14:52
ComboFix2.txt 2012-06-29 10:57
ComboFix3.txt 2012-06-29 04:49
.
Před spuštěním: Volných bajtů: 20 049 281 024
Po spuštění: Volných bajtů: 20 025 573 376
.
- - End Of File - - 0B76003B665DEDD51FF8A88B62BEF94B
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Vir jako příkazoví řádek
Toto otestuj na Virustotal
c:\windows\AppData\isvchost.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
c:\windows\AppData\isvchost.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Vir jako příkazoví řádek
Pc už šlape jak má.
Takže to mám ještě otestovat nebo už ne pokud všechno funguje ??
Takže to mám ještě otestovat nebo už ne pokud všechno funguje ??
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Vir jako příkazoví řádek
KDyby byl v pořádku, nic bychom netestovali... Pošli to na ten virustotal
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 84 hostů