Prosím o kontrolu - pomalé pc - dík Vyřešeno

[jiri.muzikar]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:34:37, on 8.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NETHDD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ProgeCAD\NLM Server 2011 PRO CSY\srvany.exe
C:\Program Files\ProgeCAD\NLM Server 2011 PRO CSY\NLMServer.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\jiri.muzikar\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\jiri.muzikar\Plocha\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3108729321
O16 - DPF: {C1D592D2-D4F6-4E9C-968D-797449DC0ADC} (WebViewerX Control) - http://www.dvrstation.com/webServer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mbns.local
O17 - HKLM\Software\..\Telephony: DomainName = mbns.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mbns.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mbns.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel Local License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: NETHDD Service (NETHDD) - UNICON Co., Ltd. - C:\WINDOWS\system32\NETHDD.exe
O23 - Service: ProgeCAD NLM Server 2011 PRO CSY - Unknown owner - C:\Program Files\ProgeCAD\NLM Server 2011 PRO CSY\srvany.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 9015 bytes

[Reklama]

[memphisto]

Odinstaluj SweetIM a vše s tím spojené

v logu fixni:
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[jiri.muzikar]

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.08.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jiri.muzikar :: WKS-007 [administrátor]

8.2.2013 11:42:54
mbam-log-2013-02-08 (11-42-54).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 411026
Uplynulý čas: 10 minut, 35 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)



# AdwCleaner v2.111 - Logfile created 02/08/2013 at 11:57:13
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jiri.muzikar - WKS-007
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jiri.muzikar\Dokumenty\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\administrator.MBNS\Data aplikací\Search Settings
Folder Found : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found : C:\Documents and Settings\jiri.muzikar\Data aplikací\pdfforge
Folder Found : C:\Documents and Settings\mares\Data aplikací\Search Settings
Folder Found : C:\Documents and Settings\muzikar\Data aplikací\pdfforge
Folder Found : C:\Documents and Settings\muzikar\Data aplikací\Search Settings
Folder Found : C:\Documents and Settings\Samuel\Data aplikací\AD ON Multimedia
Folder Found : C:\Documents and Settings\Samuel\Data aplikací\pdfforge
Folder Found : C:\Documents and Settings\Samuel\Data aplikací\Search Settings
Folder Found : C:\Program Files\ICQ6Toolbar

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\jiri.muzikar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\muzikar\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2117 octets] - [08/02/2013 11:57:13]

########## EOF - C:\AdwCleaner[R1].txt - [2177 octets] ##########

[memphisto]

Spusť znovu AdwCleaner a nehc vše smazat.

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

[jiri.muzikar]

10:46:28.0264 3388 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:46:28.0732 3388 Current date / time: 2013/02/11 10:46:28.0732
10:46:28.0732 3388 SystemInfo:
10:46:28.0732 3388
10:46:28.0732 3388 OS Version: 5.1.2600 ServicePack: 3.0
10:46:28.0732 3388 Product type: Workstation
10:46:28.0732 3388 ComputerName: WKS-007
10:46:28.0732 3388 UserName: jiri.muzikar
10:46:28.0732 3388 Windows directory: C:\WINDOWS
10:46:28.0732 3388 System windows directory: C:\WINDOWS
10:46:28.0732 3388 Processor architecture: Intel x86
10:46:28.0732 3388 Number of processors: 2
10:46:28.0732 3388 Page size: 0x1000
10:46:28.0732 3388 Boot type: Normal boot
10:46:28.0732 3388 ============================================================
10:46:40.0319 3388 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:46:40.0366 3388 ============================================================
10:46:40.0366 3388 \Device\Harddisk0\DR0:
10:46:40.0366 3388 MBR partitions:
10:46:40.0366 3388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
10:46:40.0366 3388 ============================================================
10:46:40.0460 3388 C: <-> \Device\Harddisk0\DR0\Partition1
10:46:40.0460 3388 Initialize success
10:46:43.0891 1728 Scan started
10:46:43.0891 1728 Mode: Manual;
10:46:48.0647 1728 System memory - ok
10:46:48.0818 1728 [ 42FAEEF297D64C132862266418DBEF7F ] 602XML Updater C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
10:46:48.0818 1728 602XML Updater - ok
10:46:48.0912 1728 Abiosdsk - ok
10:46:48.0928 1728 abp480n5 - ok
10:46:48.0943 1728 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:46:48.0943 1728 ACPI - ok
10:46:48.0974 1728 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:46:49.0006 1728 ACPIEC - ok
10:46:49.0115 1728 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:46:49.0115 1728 AdobeFlashPlayerUpdateSvc - ok
10:46:49.0130 1728 adpu160m - ok
10:46:49.0146 1728 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:46:49.0193 1728 aec - ok
10:46:49.0255 1728 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:46:49.0255 1728 AFD - ok
10:46:49.0271 1728 Aha154x - ok
10:46:49.0271 1728 aic78u2 - ok
10:46:49.0286 1728 aic78xx - ok
10:46:49.0318 1728 [ A7F74629628B7F16734418121B61CA99 ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
10:46:49.0458 1728 aksfridge - ok
10:46:49.0505 1728 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:46:49.0505 1728 Alerter - ok
10:46:49.0520 1728 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
10:46:49.0551 1728 ALG - ok
10:46:49.0551 1728 AliIde - ok
10:46:49.0551 1728 amsint - ok
10:46:49.0614 1728 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:46:49.0629 1728 AppMgmt - ok
10:46:49.0629 1728 asc - ok
10:46:49.0645 1728 asc3350p - ok
10:46:49.0645 1728 asc3550 - ok
10:46:49.0754 1728 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:46:49.0817 1728 aspnet_state - ok
10:46:49.0832 1728 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:46:49.0863 1728 AsyncMac - ok
10:46:49.0879 1728 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:46:49.0879 1728 atapi - ok
10:46:49.0879 1728 Atdisk - ok
10:46:49.0910 1728 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:46:49.0941 1728 Atmarpc - ok
10:46:49.0988 1728 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:46:50.0019 1728 AudioSrv - ok
10:46:50.0066 1728 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:46:50.0097 1728 audstub - ok
10:46:50.0160 1728 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:46:50.0191 1728 Beep - ok
10:46:50.0269 1728 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
10:46:50.0316 1728 BITS - ok
10:46:50.0362 1728 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
10:46:50.0362 1728 Browser - ok
10:46:50.0378 1728 C-Dilla - ok
10:46:50.0440 1728 catchme - ok
10:46:50.0472 1728 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:46:50.0503 1728 cbidf2k - ok
10:46:50.0581 1728 [ ED5411A69C5BAC78D245C893AF64352A ] cbVSCService C:\Program Files\Cobian Backup 10\cbVSCService.exe
10:46:50.0581 1728 cbVSCService - ok
10:46:50.0596 1728 cd20xrnt - ok
10:46:50.0643 1728 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:46:50.0705 1728 Cdaudio - ok
10:46:50.0721 1728 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:46:50.0721 1728 Cdfs - ok
10:46:50.0752 1728 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:46:50.0783 1728 Cdrom - ok
10:46:50.0799 1728 Changer - ok
10:46:50.0830 1728 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:46:50.0846 1728 CiSvc - ok
10:46:50.0861 1728 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:46:50.0861 1728 ClipSrv - ok
10:46:50.0955 1728 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:46:51.0049 1728 clr_optimization_v2.0.50727_32 - ok
10:46:51.0095 1728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:46:51.0298 1728 clr_optimization_v4.0.30319_32 - ok
10:46:51.0314 1728 CmdIde - ok
10:46:51.0392 1728 [ 06302EA7EDA9DCDD7F82CEC2A03D2015 ] CobianBackup10 C:\Program Files\Cobian Backup 10\cbService.exe
10:46:51.0423 1728 CobianBackup10 - ok
10:46:51.0438 1728 COMSysApp - ok
10:46:51.0454 1728 Cpqarray - ok
10:46:51.0516 1728 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:46:51.0516 1728 CryptSvc - ok
10:46:51.0532 1728 dac2w2k - ok
10:46:51.0532 1728 dac960nt - ok
10:46:51.0657 1728 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:46:51.0657 1728 DcomLaunch - ok
10:46:51.0719 1728 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:46:51.0719 1728 Dhcp - ok
10:46:51.0766 1728 [ 96F74BD303006971DE644BCA1A7ED858 ] Di1611VM11 C:\WINDOWS\system32\Drivers\Di1611.sys
10:46:51.0828 1728 Di1611VM11 - ok
10:46:51.0828 1728 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:46:51.0828 1728 Disk - ok
10:46:51.0844 1728 dmadmin - ok
10:46:51.0922 1728 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:46:52.0062 1728 dmboot - ok
10:46:52.0109 1728 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:46:52.0109 1728 dmio - ok
10:46:52.0156 1728 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:46:52.0156 1728 dmload - ok
10:46:52.0171 1728 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:46:52.0171 1728 dmserver - ok
10:46:52.0203 1728 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:46:52.0234 1728 DMusic - ok
10:46:52.0265 1728 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:46:52.0265 1728 Dnscache - ok
10:46:52.0296 1728 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:46:52.0312 1728 Dot3svc - ok
10:46:52.0312 1728 dpti2o - ok
10:46:52.0374 1728 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:46:52.0437 1728 drmkaud - ok
10:46:52.0437 1728 [ D42DD9021ACD47683B33ADF21BCA49AA ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
10:46:52.0437 1728 eamon - ok
10:46:52.0483 1728 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:46:52.0514 1728 EapHost - ok
10:46:52.0561 1728 [ FE7824239D132AD9EBD8645FE1199B30 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
10:46:52.0592 1728 ehdrv - ok
10:46:52.0655 1728 [ 68D91A34CE51CF15C45DD68F7F1257E8 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
10:46:52.0655 1728 EhttpSrv - ok
10:46:52.0686 1728 [ 191D8ECCC40F05B52FAC0513F35BA01D ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
10:46:52.0764 1728 ekrn - ok
10:46:52.0858 1728 [ AA0667EB9A92414ABB784C101A6C7FEC ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
10:46:52.0904 1728 epfwtdir - ok
10:46:52.0951 1728 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:46:52.0982 1728 ERSvc - ok
10:46:52.0982 1728 EST_BusEnum - ok
10:46:53.0029 1728 [ 690A824B4920867487791AFCE287C291 ] EST_Server C:\WINDOWS\system32\DRIVERS\GenHC.sys
10:46:53.0091 1728 EST_Server - ok
10:46:53.0154 1728 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
10:46:53.0154 1728 Eventlog - ok
10:46:53.0216 1728 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
10:46:53.0232 1728 EventSystem - ok
10:46:53.0232 1728 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:46:53.0247 1728 Fastfat - ok
10:46:53.0310 1728 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:46:53.0310 1728 FastUserSwitchingCompatibility - ok
10:46:53.0325 1728 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:46:53.0357 1728 Fdc - ok
10:46:53.0419 1728 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:46:53.0466 1728 Fips - ok
10:46:53.0497 1728 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:46:53.0559 1728 Flpydisk - ok
10:46:53.0591 1728 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:46:53.0622 1728 FltMgr - ok
10:46:53.0684 1728 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:46:53.0684 1728 FontCache3.0.0.0 - ok
10:46:53.0700 1728 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:46:53.0731 1728 Fs_Rec - ok
10:46:53.0746 1728 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:46:53.0746 1728 Ftdisk - ok
10:46:53.0809 1728 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:46:53.0809 1728 GEARAspiWDM - ok
10:46:53.0856 1728 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:46:53.0887 1728 Gpc - ok
10:46:53.0949 1728 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
10:46:53.0980 1728 grmnusb - ok
10:46:54.0090 1728 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:46:54.0090 1728 gupdate - ok
10:46:54.0090 1728 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:46:54.0090 1728 gupdatem - ok
10:46:54.0168 1728 [ 506097D91E96AEE4BAD61800782E8FB6 ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
10:46:54.0277 1728 hardlock - ok
10:46:54.0277 1728 hasplms - ok
10:46:54.0292 1728 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:46:54.0339 1728 HDAudBus - ok
10:46:54.0448 1728 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:46:54.0464 1728 helpsvc - ok
10:46:54.0495 1728 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:46:54.0495 1728 HidServ - ok
10:46:54.0542 1728 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:46:54.0589 1728 HidUsb - ok
10:46:54.0667 1728 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:46:54.0667 1728 hkmsvc - ok
10:46:54.0682 1728 hpn - ok
10:46:54.0760 1728 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:46:54.0760 1728 HTTP - ok
10:46:54.0823 1728 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:46:54.0838 1728 HTTPFilter - ok
10:46:54.0838 1728 i2omgmt - ok
10:46:54.0838 1728 i2omp - ok
10:46:54.0885 1728 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:46:54.0932 1728 i8042prt - ok
10:46:55.0134 1728 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:46:55.0337 1728 ialm - ok
10:46:55.0462 1728 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:46:55.0509 1728 idsvc - ok
10:46:55.0524 1728 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:46:55.0555 1728 Imapi - ok
10:46:55.0618 1728 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:46:55.0649 1728 ImapiService - ok
10:46:55.0649 1728 ini910u - ok
10:46:55.0821 1728 [ DBC702FBC70DC58D9122CE56EADBD659 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:46:55.0961 1728 IntcAzAudAddService - ok
10:46:55.0977 1728 IntelIde - ok
10:46:56.0039 1728 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:46:56.0086 1728 intelppm - ok
10:46:56.0101 1728 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:46:56.0179 1728 Ip6Fw - ok
10:46:56.0210 1728 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:46:56.0273 1728 IpFilterDriver - ok
10:46:56.0304 1728 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:46:56.0335 1728 IpInIp - ok
10:46:56.0382 1728 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:46:56.0460 1728 IpNat - ok
10:46:56.0538 1728 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:46:56.0569 1728 IPSec - ok
10:46:56.0585 1728 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:46:56.0616 1728 IRENUM - ok
10:46:56.0663 1728 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:46:56.0663 1728 isapnp - ok
10:46:56.0834 1728 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:46:56.0850 1728 JavaQuickStarterService - ok
10:46:56.0850 1728 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:46:56.0881 1728 Kbdclass - ok
10:46:56.0897 1728 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:46:56.0912 1728 kmixer - ok
10:46:56.0943 1728 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:46:56.0943 1728 KSecDD - ok
10:46:57.0006 1728 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:46:57.0006 1728 lanmanserver - ok
10:46:57.0068 1728 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:46:57.0068 1728 lanmanworkstation - ok
10:46:57.0084 1728 lbrtfdc - ok
10:46:57.0131 1728 [ 29C8789084881030495174A492F0EFA2 ] LFXACT C:\WINDOWS\system32\Drivers\LFXACT.sys
10:46:57.0177 1728 LFXACT - ok
10:46:57.0240 1728 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:46:57.0271 1728 LmHosts - ok
10:46:57.0333 1728 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
10:46:57.0349 1728 LMIGuardianSvc - ok
10:46:57.0349 1728 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
10:46:57.0349 1728 LMIInfo - ok
10:46:57.0411 1728 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
10:46:57.0442 1728 LMIMaint - ok
10:46:57.0489 1728 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
10:46:57.0520 1728 lmimirr - ok
10:46:57.0520 1728 LMIRfsClientNP - ok
10:46:57.0536 1728 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
10:46:57.0536 1728 LMIRfsDriver - ok
10:46:57.0583 1728 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
10:46:57.0614 1728 LogMeIn - ok
10:46:57.0692 1728 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
10:46:57.0723 1728 MBAMSwissArmy - ok
10:46:57.0754 1728 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:46:57.0754 1728 Messenger - ok
10:46:57.0801 1728 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:46:57.0864 1728 mnmdd - ok
10:46:57.0879 1728 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:46:57.0910 1728 mnmsrvc - ok
10:46:57.0910 1728 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:46:57.0942 1728 Modem - ok
10:46:57.0957 1728 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:46:57.0988 1728 Mouclass - ok
10:46:58.0035 1728 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:46:58.0066 1728 mouhid - ok
10:46:58.0082 1728 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:46:58.0082 1728 MountMgr - ok
10:46:58.0082 1728 mraid35x - ok
10:46:58.0097 1728 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:46:58.0097 1728 MRxDAV - ok
10:46:58.0175 1728 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:46:58.0191 1728 MRxSmb - ok
10:46:58.0253 1728 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:46:58.0253 1728 MSDTC - ok
10:46:58.0269 1728 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:46:58.0300 1728 Msfs - ok
10:46:58.0300 1728 MSIServer - ok
10:46:58.0347 1728 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:46:58.0378 1728 MSKSSRV - ok
10:46:58.0409 1728 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:46:58.0441 1728 MSPCLOCK - ok
10:46:58.0456 1728 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:46:58.0487 1728 MSPQM - ok
10:46:58.0550 1728 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:46:58.0581 1728 mssmbios - ok
10:46:58.0612 1728 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:46:58.0612 1728 Mup - ok
10:46:58.0659 1728 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:46:58.0690 1728 napagent - ok
10:46:58.0721 1728 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:46:58.0721 1728 NDIS - ok
10:46:58.0752 1728 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:46:58.0768 1728 NdisTapi - ok
10:46:58.0799 1728 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:46:58.0830 1728 Ndisuio - ok
10:46:58.0830 1728 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:46:58.0862 1728 NdisWan - ok
10:46:58.0908 1728 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:46:58.0940 1728 NDProxy - ok
10:46:58.0986 1728 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
10:46:59.0002 1728 Net Driver HPZ12 - ok
10:46:59.0018 1728 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:46:59.0018 1728 NetBIOS - ok
10:46:59.0049 1728 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:46:59.0096 1728 NetBT - ok
10:46:59.0158 1728 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:46:59.0174 1728 NetDDE - ok
10:46:59.0174 1728 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:46:59.0174 1728 NetDDEdsdm - ok
10:46:59.0236 1728 [ 0133BF41481F0ED3CE1F8B4A8A8C5282 ] NETHDD C:\WINDOWS\system32\NETHDD.exe
10:46:59.0251 1728 NETHDD - ok
10:46:59.0283 1728 [ 725097CF0A3116BDADDB5CE2FDF208A6 ] NETHDDIM C:\WINDOWS\system32\DRIVERS\nethddim.sys
10:46:59.0283 1728 NETHDDIM - ok
10:46:59.0329 1728 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:46:59.0329 1728 Netlogon - ok
10:46:59.0392 1728 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
10:46:59.0407 1728 Netman - ok
10:46:59.0439 1728 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:46:59.0454 1728 NetTcpPortSharing - ok
10:46:59.0501 1728 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
10:46:59.0501 1728 Nla - ok
10:46:59.0517 1728 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:46:59.0517 1728 Npfs - ok
10:46:59.0548 1728 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:46:59.0548 1728 Ntfs - ok
10:46:59.0563 1728 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:46:59.0563 1728 NtLmSsp - ok
10:46:59.0626 1728 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:46:59.0626 1728 NtmsSvc - ok
10:46:59.0704 1728 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:46:59.0735 1728 Null - ok
10:46:59.0766 1728 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:46:59.0797 1728 NwlnkFlt - ok
10:46:59.0813 1728 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:46:59.0875 1728 NwlnkFwd - ok
10:46:59.0922 1728 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:46:59.0938 1728 ose - ok
10:46:59.0969 1728 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:47:00.0000 1728 Parport - ok
10:47:00.0016 1728 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:47:00.0016 1728 PartMgr - ok
10:47:00.0078 1728 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:47:00.0109 1728 ParVdm - ok
10:47:00.0125 1728 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:47:00.0125 1728 PCI - ok
10:47:00.0125 1728 PCIDump - ok
10:47:00.0156 1728 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:47:00.0156 1728 PCIIde - ok
10:47:00.0172 1728 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:47:00.0234 1728 Pcmcia - ok
10:47:00.0234 1728 PDCOMP - ok
10:47:00.0250 1728 PDFRAME - ok
10:47:00.0250 1728 PDRELI - ok
10:47:00.0265 1728 PDRFRAME - ok
10:47:00.0265 1728 perc2 - ok
10:47:00.0281 1728 perc2hib - ok
10:47:00.0328 1728 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
10:47:00.0328 1728 PlugPlay - ok
10:47:00.0343 1728 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
10:47:00.0343 1728 Pml Driver HPZ12 - ok
10:47:00.0359 1728 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:47:00.0359 1728 PolicyAgent - ok
10:47:00.0390 1728 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:47:00.0468 1728 PptpMiniport - ok
10:47:00.0499 1728 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:47:00.0530 1728 Processor - ok
10:47:00.0624 1728 [ 4635935FC972C582632BF45C26BFCB0E ] ProgeCAD NLM Server 2011 PRO CSY C:\Program Files\ProgeCAD\NLM Server 2011 PRO CSY\srvany.exe
10:47:00.0655 1728 ProgeCAD NLM Server 2011 PRO CSY - ok
10:47:00.0655 1728 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:47:00.0655 1728 ProtectedStorage - ok
10:47:00.0671 1728 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:47:00.0733 1728 PSched - ok
10:47:00.0749 1728 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:47:00.0780 1728 Ptilink - ok
10:47:00.0795 1728 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:47:00.0858 1728 PxHelp20 - ok
10:47:00.0858 1728 ql1080 - ok
10:47:00.0873 1728 Ql10wnt - ok
10:47:00.0873 1728 ql12160 - ok
10:47:00.0873 1728 ql1240 - ok
10:47:00.0889 1728 ql1280 - ok
10:47:00.0936 1728 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:47:00.0983 1728 RasAcd - ok
10:47:01.0014 1728 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:47:01.0029 1728 RasAuto - ok
10:47:01.0029 1728 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:47:01.0076 1728 Rasl2tp - ok
10:47:01.0107 1728 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:47:01.0123 1728 RasMan - ok
10:47:01.0123 1728 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:47:01.0154 1728 RasPppoe - ok
10:47:01.0201 1728 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:47:01.0232 1728 Raspti - ok
10:47:01.0294 1728 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:47:01.0310 1728 Rdbss - ok
10:47:01.0372 1728 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:47:01.0404 1728 RDPCDD - ok
10:47:01.0466 1728 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:47:01.0544 1728 rdpdr - ok
10:47:01.0622 1728 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:47:01.0622 1728 RDPWD - ok
10:47:01.0653 1728 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:47:01.0669 1728 RDSessMgr - ok
10:47:01.0700 1728 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:47:01.0731 1728 redbook - ok
10:47:01.0793 1728 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:47:01.0793 1728 RemoteAccess - ok
10:47:01.0809 1728 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:47:01.0809 1728 RemoteRegistry - ok
10:47:01.0825 1728 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:47:01.0825 1728 RpcLocator - ok
10:47:01.0856 1728 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:47:01.0856 1728 RpcSs - ok
10:47:01.0903 1728 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:47:01.0903 1728 RSVP - ok
10:47:01.0934 1728 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:47:01.0965 1728 rtl8139 - ok
10:47:01.0996 1728 [ E6E5AF7D6920824B066832D3E1665506 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:47:02.0012 1728 RTLE8023xp - ok
10:47:02.0043 1728 [ E1AB463B36A7EF31D8A73A97A9B57AFA ] s115bus C:\WINDOWS\system32\DRIVERS\s115bus.sys
10:47:02.0059 1728 s115bus - ok
10:47:02.0090 1728 [ E24113FC13B8737C94CF4E3415488C76 ] s115mdfl C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
10:47:02.0137 1728 s115mdfl - ok
10:47:02.0168 1728 [ 4029E49E7C673AA0670BD206B0AF1B5B ] s115mdm C:\WINDOWS\system32\DRIVERS\s115mdm.sys
10:47:02.0230 1728 s115mdm - ok
10:47:02.0246 1728 [ EB02AB4CA8BCCECFDE236CAD8FC6E135 ] s115mgmt C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
10:47:02.0261 1728 s115mgmt - ok
10:47:02.0277 1728 [ 089869DB9FFD2AC807FA87FE82AC7761 ] s115obex C:\WINDOWS\system32\DRIVERS\s115obex.sys
10:47:02.0308 1728 s115obex - ok
10:47:02.0339 1728 [ 06847AA6F3A9BF7C44134D00A2E578C0 ] s125bus C:\WINDOWS\system32\DRIVERS\s125bus.sys
10:47:02.0339 1728 s125bus - ok
10:47:02.0370 1728 [ F83F88E1B125308FB5015EA0349502B0 ] s125mdfl C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
10:47:02.0402 1728 s125mdfl - ok
10:47:02.0433 1728 [ 402A97756C14940AD6AE5169C2FB105E ] s125mdm C:\WINDOWS\system32\DRIVERS\s125mdm.sys
10:47:02.0495 1728 s125mdm - ok
10:47:02.0526 1728 [ 82B14C51DE76825EC769A6374E4C57D6 ] s125mgmt C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
10:47:02.0526 1728 s125mgmt - ok
10:47:02.0604 1728 [ BEDFC5707C356FD073BF1A4AFE442D91 ] s125obex C:\WINDOWS\system32\DRIVERS\s125obex.sys
10:47:02.0667 1728 s125obex - ok
10:47:02.0698 1728 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
10:47:02.0698 1728 SamSs - ok
10:47:02.0698 1728 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:47:02.0714 1728 SCardSvr - ok
10:47:02.0729 1728 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:47:02.0729 1728 Schedule - ok
10:47:02.0792 1728 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:47:02.0823 1728 Secdrv - ok
10:47:02.0854 1728 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:47:02.0869 1728 seclogon - ok
10:47:02.0869 1728 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
10:47:02.0869 1728 SENS - ok
10:47:02.0932 1728 [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
10:47:02.0994 1728 Sentinel - ok
10:47:03.0103 1728 [ 6C03A85AE13D8D0D95A1F1E050DCD6E2 ] SentinelKeysServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
10:47:03.0119 1728 SentinelKeysServer - ok
10:47:03.0228 1728 [ EA13A8D992649C0CAF9E0200C28E58C2 ] SentinelProtectionServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
10:47:03.0322 1728 SentinelProtectionServer - ok
10:47:03.0337 1728 [ 4C9849A61DFE324170C807808D925D05 ] SentinelSecurityRuntime C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
10:47:03.0353 1728 SentinelSecurityRuntime - ok
10:47:03.0400 1728 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:47:03.0431 1728 serenum - ok
10:47:03.0493 1728 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:47:03.0556 1728 Serial - ok
10:47:03.0602 1728 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:47:03.0665 1728 Sfloppy - ok
10:47:03.0712 1728 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:47:03.0727 1728 SharedAccess - ok
10:47:03.0743 1728 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:47:03.0743 1728 ShellHWDetection - ok
10:47:03.0758 1728 Simbad - ok
10:47:03.0868 1728 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:47:03.0946 1728 SkypeUpdate - ok
10:47:03.0946 1728 Sparrow - ok
10:47:04.0008 1728 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:47:04.0039 1728 splitter - ok
10:47:04.0070 1728 [ 60784F891563FB1B767F70117FC2428F ] spooler C:\WINDOWS\system32\spoolsv.exe
10:47:04.0070 1728 spooler - ok
10:47:04.0133 1728 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
10:47:04.0133 1728 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9
10:47:04.0133 1728 sptd ( LockedFile.Multi.Generic ) - warning
10:47:04.0133 1728 sptd - detected LockedFile.Multi.Generic (1)
10:47:04.0164 1728 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:47:04.0164 1728 sr - ok
10:47:04.0179 1728 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
10:47:04.0195 1728 srservice - ok
10:47:04.0211 1728 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:47:04.0242 1728 Srv - ok
10:47:04.0289 1728 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:47:04.0304 1728 SSDPSRV - ok
10:47:04.0398 1728 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:47:04.0398 1728 stisvc - ok
10:47:04.0460 1728 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:47:04.0507 1728 swenum - ok
10:47:04.0585 1728 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:47:04.0663 1728 swmidi - ok
10:47:04.0679 1728 SwPrv - ok
10:47:04.0679 1728 symc810 - ok
10:47:04.0694 1728 symc8xx - ok
10:47:04.0694 1728 sym_hi - ok
10:47:04.0710 1728 sym_u3 - ok
10:47:04.0725 1728 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:47:04.0741 1728 sysaudio - ok
10:47:04.0772 1728 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:47:04.0788 1728 SysmonLog - ok
10:47:04.0803 1728 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:47:04.0819 1728 TapiSrv - ok
10:47:04.0881 1728 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:47:04.0881 1728 Tcpip - ok
10:47:04.0928 1728 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:47:04.0959 1728 TDPIPE - ok
10:47:05.0006 1728 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:47:05.0053 1728 TDTCP - ok
10:47:05.0084 1728 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:47:05.0162 1728 TermDD - ok
10:47:05.0209 1728 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
10:47:05.0209 1728 TermService - ok
10:47:05.0240 1728 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:47:05.0240 1728 Themes - ok
10:47:05.0271 1728 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:47:05.0271 1728 TlntSvr - ok
10:47:05.0287 1728 TosIde - ok
10:47:05.0287 1728 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:47:05.0302 1728 TrkWks - ok
10:47:05.0318 1728 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:47:05.0349 1728 Udfs - ok
10:47:05.0349 1728 ultra - ok
10:47:05.0427 1728 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:47:05.0583 1728 Update - ok
10:47:05.0599 1728 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
10:47:05.0599 1728 upnphost - ok
10:47:05.0614 1728 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
10:47:05.0614 1728 UPS - ok
10:47:05.0661 1728 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:47:05.0708 1728 usbaudio - ok
10:47:05.0770 1728 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:47:05.0817 1728 usbccgp - ok
10:47:05.0879 1728 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:47:05.0911 1728 usbehci - ok
10:47:05.0957 1728 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:47:05.0988 1728 usbhub - ok
10:47:06.0035 1728 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:47:06.0066 1728 usbohci - ok
10:47:06.0113 1728 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:47:06.0176 1728 usbprint - ok
10:47:06.0207 1728 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:47:06.0238 1728 usbscan - ok
10:47:06.0269 1728 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:47:06.0316 1728 USBSTOR - ok
10:47:06.0363 1728 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:47:06.0394 1728 usbuhci - ok
10:47:06.0441 1728 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:47:06.0472 1728 VgaSave - ok
10:47:06.0488 1728 ViaIde - ok
10:47:06.0534 1728 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:47:06.0597 1728 VolSnap - ok
10:47:06.0659 1728 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
10:47:06.0659 1728 VSS - ok
10:47:06.0737 1728 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
10:47:06.0737 1728 W32Time - ok
10:47:06.0753 1728 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:47:06.0784 1728 Wanarp - ok
10:47:06.0784 1728 WDICA - ok
10:47:06.0815 1728 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:47:06.0877 1728 wdmaud - ok
10:47:06.0924 1728 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:47:06.0955 1728 WebClient - ok
10:47:07.0080 1728 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:47:07.0080 1728 winmgmt - ok
10:47:07.0127 1728 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:47:07.0127 1728 WmdmPmSN - ok
10:47:07.0189 1728 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:47:07.0205 1728 Wmi - ok
10:47:07.0236 1728 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:47:07.0236 1728 WmiApSrv - ok
10:47:07.0330 1728 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:47:07.0408 1728 WMPNetworkSvc - ok
10:47:07.0454 1728 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:47:07.0486 1728 WpdUsb - ok
10:47:07.0595 1728 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:47:07.0626 1728 WPFFontCache_v0400 - ok
10:47:07.0688 1728 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:47:07.0720 1728 WS2IFSL - ok
10:47:07.0782 1728 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:47:07.0797 1728 wscsvc - ok
10:47:07.0844 1728 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:47:07.0907 1728 wuauserv - ok
10:47:07.0953 1728 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:47:07.0953 1728 WudfPf - ok
10:47:08.0000 1728 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:47:08.0000 1728 WudfRd - ok
10:47:08.0031 1728 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:47:08.0047 1728 WudfSvc - ok
10:47:08.0109 1728 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:47:08.0172 1728 WZCSVC - ok
10:47:08.0234 1728 [ 56C5ECDE3BB3A3EA19B63825D8E11F20 ] XMLDIUSB C:\WINDOWS\system32\Drivers\XMLDIUSB.sys
10:47:08.0265 1728 XMLDIUSB - ok
10:47:08.0297 1728 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:47:08.0297 1728 xmlprov - ok
10:47:08.0312 1728 ================ Scan global ===============================
10:47:08.0343 1728 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
10:47:08.0390 1728 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
10:47:08.0406 1728 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
10:47:08.0437 1728 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
10:47:08.0437 1728 [Global] - ok
10:47:08.0437 1728 ================ Scan MBR ==================================
10:47:08.0484 1728 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
10:47:08.0671 1728 \Device\Harddisk0\DR0 - ok
10:47:08.0671 1728 ================ Scan VBR ==================================
10:47:08.0671 1728 [ 7B65275D707CC6E44085037939245758 ] \Device\Harddisk0\DR0\Partition1
10:47:08.0671 1728 \Device\Harddisk0\DR0\Partition1 - ok
10:47:08.0671 1728 ============================================================
10:47:08.0671 1728 Scan finished
10:47:08.0671 1728 ============================================================
10:47:08.0686 2632 Detected object count: 1
10:47:08.0686 2632 Actual detected object count: 1
10:47:22.0082 2632 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:47:22.0082 2632 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:47:24.0905 2944 Deinitialize success


ComboFix 13-02-07.02 - jiri.muzikar 11.02.2013 11:08:12.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.434 [GMT 1:00]
Spuštěný z: c:\documents and settings\jiri.muzikar\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jiri.muzikar\Dokumenty\TEST.SCR
c:\documents and settings\muzikar\System
c:\documents and settings\muzikar\System\win_qs8.jqx
c:\windows\d.ini
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-11 do 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-11 06:35 . 2013-02-11 06:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-08 10:41 . 2013-02-08 10:41 -------- d-----w- c:\documents and settings\jiri.muzikar\Data aplikací\Malwarebytes
2013-02-04 10:09 . 2013-02-04 10:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-29 06:26 . 2013-01-29 06:26 -------- d-----w- c:\program files\Common Files\Skype
2013-01-16 11:40 . 2013-01-16 11:40 -------- d-----w- c:\program files\Foxit Software
2013-01-16 11:23 . 2013-01-16 11:47 -------- d-----w- c:\program files\Tracker Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 08:46 . 2012-04-11 06:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 08:46 . 2011-05-18 04:16 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-04 10:08 . 2010-12-13 12:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-04 10:08 . 2012-08-30 10:33 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-04 10:08 . 2010-12-13 12:19 782240 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-27 09:43 . 2011-06-29 07:30 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-12-27 09:43 . 2011-06-29 07:30 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-12-27 09:42 . 2011-06-29 07:30 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-12-27 09:42 . 2011-06-29 07:30 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-12-16 12:23 . 2008-05-25 10:31 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-22 10:01 . 2012-11-22 10:01 34064 ----a-w- c:\windows\system32\lhacm.acm
2012-11-13 11:55 . 2008-05-25 10:31 1866368 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Share]
@="{B00DFEC8-C278-40FD-8832-76A9409991F3}"
[HKEY_CLASSES_ROOT\CLSID\{B00DFEC8-C278-40FD-8832-76A9409991F3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_ShareSync]
@="{2022959D-8296-427A-9D9F-E59CC016F006}"
[HKEY_CLASSES_ROOT\CLSID\{2022959D-8296-427A-9D9F-E59CC016F006}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Sync]
@="{B2483E28-1631-4E80-AA62-29B35EFEC7F0}"
[HKEY_CLASSES_ROOT\CLSID\{B2483E28-1631-4E80-AA62-29B35EFEC7F0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\jiri.muzikar\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-12-27 09:42 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3326349489-3490851393-425600365-1171\Scripts\Logon\0\0]
"Script"=MAP_DATA_Q.CMD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3326349489-3490851393-425600365-1260\Scripts\Logon\0\0]
"Script"=MAP_DATA_Q.CMD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3326349489-3490851393-425600365-500\Scripts\Logon\0\0]
"Script"=MAP_Admin_Q.CMD
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-19 10:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-19 10:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
2008-03-11 11:17 387584 ----a-w- c:\program files\Labtec\Keyboard\V5.1\KBDAP32A.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 10:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-09 14:25 16859648 ----a-r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 03:22 143872 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\e-TRAYz\\e-TRAYz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.4.2008 7:27 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.3.2011 9:59 84520]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [5.5.2011 9:27 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [5.5.2011 9:27 1125376]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 15:41 810144]
R2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8.6.2011 12:04 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.1.2011 18:04 12856]
R2 NETHDD;NETHDD Service;c:\windows\system32\NETHDD.exe [9.7.2010 9:42 249896]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [20.10.2010 0:03 374048]
R3 NETHDDIM;NETHDD NDIS IM Service;c:\windows\system32\drivers\nethddim.sys [9.7.2010 9:42 27208]
S2 ProgeCAD NLM Server 2011 PRO CSY;ProgeCAD NLM Server 2011 PRO CSY;c:\program files\ProgeCAD\NLM Server 2011 PRO CSY\srvany.exe [7.7.2011 15:14 8192]
S3 Di1611VM11;KONICA MINOLTA Di1611;c:\windows\system32\drivers\Di1611.SYS [13.6.2011 13:40 13824]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys --> c:\windows\system32\DRIVERS\GenBus.sys [?]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [12.4.2011 5:49 171136]
S3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\drivers\LFXACT.sys [10.3.2008 12:00 20672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11.2.2013 7:35 40776]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [3.4.2008 6:50 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [3.4.2008 6:51 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [3.4.2008 6:51 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [3.4.2008 6:51 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [3.4.2008 6:51 98568]
S3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [10.3.2008 12:00 31879]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-06 06:29 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:46]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-14 06:43]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-14 06:43]
.
2013-02-11 c:\windows\Tasks\User_Feed_Synchronization-{7E1DAF89-16AC-4A79-A4BF-6748EE5E1E02}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2013-02-08 c:\windows\Tasks\Vyčištění disku.job
- c:\windows\system32\cleanmgr.exe [2008-05-25 03:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 172.29.97.5
DPF: {C1D592D2-D4F6-4E9C-968D-797449DC0ADC} - hxxp://www.dvrstation.com/webServer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-11 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2013-02-11 11:31:56
ComboFix-quarantined-files.txt 2013-02-11 10:31
ComboFix2.txt 2012-05-16 06:42
ComboFix3.txt 2012-05-15 05:30
ComboFix4.txt 2012-05-10 12:57
.
Před spuštěním: Volných bajtů: 166 167 126 016
Po spuštění: Volných bajtů: 166 466 678 784
.
- - End Of File - - E0DE058E7A7B673DC7374C201F5EDF82

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Vyčištění disku.job

Folder::
c:\program files\Google\Update

Driver::
hasplms
EST_BusEnum

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=-

DDS::
DPF: {C1D592D2-D4F6-4E9C-968D-797449DC0ADC} - hxxp://www.dvrstation.com/webServer.cab

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Sentinel Local License Manager
c:\windows\system32\hasplms.exe

Network USB Device Bus
c:\windows\system32\DRIVERS\GenBus.sys
v těchto programech Ti chybí zvýrazněné soubory.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[jiri.muzikar]

ComboFix 13-02-12.01 - jiri.muzikar 12.02.2013 8:30.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.480 [GMT 1:00]
Spuštěný z: c:\documents and settings\jiri.muzikar\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\jiri.muzikar\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Vyčištění disku.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.57\24.0.1312.57_24.0.1312.56_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HASPLMS
-------\Service_EST_BusEnum
-------\Service_hasplms
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-12 do 2013-02-12 )))))))))))))))))))))))))))))))
.
.
2013-02-11 13:12 . 2013-02-11 13:14 -------- d-----w- c:\documents and settings\jiri.muzikar\Data aplikací\calibre
2013-02-11 13:12 . 2013-02-11 13:12 -------- d-----w- c:\program files\Calibre2
2013-02-11 12:02 . 2013-01-11 10:39 88576 ----a-w- c:\windows\system32\pdfcmon.dll
2013-02-11 12:02 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-02-11 12:02 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-02-11 06:35 . 2013-02-11 06:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-08 10:41 . 2013-02-08 10:41 -------- d-----w- c:\documents and settings\jiri.muzikar\Data aplikací\Malwarebytes
2013-02-04 10:09 . 2013-02-04 10:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-29 06:26 . 2013-01-29 06:26 -------- d-----w- c:\program files\Common Files\Skype
2013-01-16 11:40 . 2013-01-16 11:40 -------- d-----w- c:\program files\Foxit Software
2013-01-16 11:23 . 2013-01-16 11:47 -------- d-----w- c:\program files\Tracker Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 08:46 . 2012-04-11 06:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 08:46 . 2011-05-18 04:16 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-04 10:08 . 2010-12-13 12:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-04 10:08 . 2012-08-30 10:33 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-04 10:08 . 2010-12-13 12:19 782240 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-27 09:43 . 2011-06-29 07:30 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-12-27 09:43 . 2011-06-29 07:30 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-12-27 09:42 . 2011-06-29 07:30 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-12-27 09:42 . 2011-06-29 07:30 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-12-16 12:23 . 2008-05-25 10:31 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-22 10:01 . 2012-11-22 10:01 34064 ----a-w- c:\windows\system32\lhacm.acm
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Share]
@="{B00DFEC8-C278-40FD-8832-76A9409991F3}"
[HKEY_CLASSES_ROOT\CLSID\{B00DFEC8-C278-40FD-8832-76A9409991F3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_ShareSync]
@="{2022959D-8296-427A-9D9F-E59CC016F006}"
[HKEY_CLASSES_ROOT\CLSID\{2022959D-8296-427A-9D9F-E59CC016F006}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Sync]
@="{B2483E28-1631-4E80-AA62-29B35EFEC7F0}"
[HKEY_CLASSES_ROOT\CLSID\{B2483E28-1631-4E80-AA62-29B35EFEC7F0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\jiri.muzikar\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-12-27 09:42 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3326349489-3490851393-425600365-1171\Scripts\Logon\0\0]
"Script"=MAP_DATA_Q.CMD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3326349489-3490851393-425600365-1260\Scripts\Logon\0\0]
"Script"=MAP_DATA_Q.CMD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3326349489-3490851393-425600365-500\Scripts\Logon\0\0]
"Script"=MAP_Admin_Q.CMD
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-19 10:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-19 10:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
2008-03-11 11:17 387584 ----a-w- c:\program files\Labtec\Keyboard\V5.1\KBDAP32A.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 10:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-09 14:25 16859648 ----a-r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 03:22 143872 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\e-TRAYz\\e-TRAYz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.4.2008 7:27 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.3.2011 9:59 84520]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [5.5.2011 9:27 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [5.5.2011 9:27 1125376]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 15:41 810144]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8.6.2011 12:04 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.1.2011 18:04 12856]
R2 NETHDD;NETHDD Service;c:\windows\system32\NETHDD.exe [9.7.2010 9:42 249896]
R2 ProgeCAD NLM Server 2011 PRO CSY;ProgeCAD NLM Server 2011 PRO CSY;c:\program files\ProgeCAD\NLM Server 2011 PRO CSY\srvany.exe [7.7.2011 15:14 8192]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [20.10.2010 0:03 374048]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [20.10.2010 0:00 292128]
R3 NETHDDIM;NETHDD NDIS IM Service;c:\windows\system32\drivers\nethddim.sys [9.7.2010 9:42 27208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 Di1611VM11;KONICA MINOLTA Di1611;c:\windows\system32\drivers\Di1611.SYS [13.6.2011 13:40 13824]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [12.4.2011 5:49 171136]
S3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\drivers\LFXACT.sys [10.3.2008 12:00 20672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11.2.2013 7:35 40776]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [3.4.2008 6:50 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [3.4.2008 6:51 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [3.4.2008 6:51 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [3.4.2008 6:51 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [3.4.2008 6:51 98568]
S3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [10.3.2008 12:00 31879]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-06 06:29 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:46]
.
2013-02-12 c:\windows\Tasks\User_Feed_Synchronization-{7E1DAF89-16AC-4A79-A4BF-6748EE5E1E02}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2013-02-08 c:\windows\Tasks\Vyčištění disku.job
- c:\windows\system32\cleanmgr.exe [2008-05-25 03:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 172.29.97.5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-12 08:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\AcSignIcon.dll
c:\progra~1\e-TRAYz\ETRAYZ~1.DLL
c:\documents and settings\jiri.muzikar\Data aplikací\Dropbox\bin\DropboxExt.17.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\ProgeCAD\NLM Server 2011 PRO CSY\NLMServer.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2013-02-12 08:49:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-12 07:49
ComboFix2.txt 2013-02-11 10:31
ComboFix3.txt 2012-05-16 06:42
ComboFix4.txt 2012-05-15 05:30
ComboFix5.txt 2013-02-12 07:25
.
Před spuštěním: Volných bajtů: 166 068 039 680
Po spuštění: Volných bajtů: 166 036 463 616
.
- - End Of File - - FB7DE1F4F37EEDDF5929EF896C2C199F

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:52:19, on 12.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NETHDD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ProgeCAD\NLM Server 2011 PRO CSY\srvany.exe
C:\Program Files\ProgeCAD\NLM Server 2011 PRO CSY\NLMServer.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\jiri.muzikar\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jiri.muzikar\Plocha\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3108729321
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mbns.local
O17 - HKLM\Software\..\Telephony: DomainName = mbns.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mbns.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mbns.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: NETHDD Service (NETHDD) - UNICON Co., Ltd. - C:\WINDOWS\system32\NETHDD.exe
O23 - Service: ProgeCAD NLM Server 2011 PRO CSY - Unknown owner - C:\Program Files\ProgeCAD\NLM Server 2011 PRO CSY\srvany.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6929 bytes

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 08:56:07
-----------------------------
08:56:07.315 OS Version: Windows 5.1.2600 Service Pack 3
08:56:07.315 Number of processors: 2 586 0xF0D
08:56:07.315 ComputerName: WKS-007 UserName:
08:56:09.543 Initialize success
08:56:17.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
08:56:17.154 Disk 0 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3
08:56:17.185 Disk 0 MBR read successfully
08:56:17.185 Disk 0 MBR scan
08:56:17.185 Disk 0 Windows XP default MBR code
08:56:17.185 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
08:56:17.185 Disk 0 scanning sectors +625137345
08:56:17.247 Disk 0 scanning C:\WINDOWS\system32\drivers
08:56:28.694 Service scanning
08:56:34.542 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
08:56:36.568 Modules scanning
08:56:43.050 Disk 0 trace - called modules:
08:56:43.065 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkf.sys >>UNKNOWN [0x86d87938]<<
08:56:43.065 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d19ab8]
08:56:43.065 3 CLASSPNP.SYS[f7576fd7] -> nt!IofCallDriver -> \Device\00000076[0x86cdd9e8]
08:56:43.081 5 ACPI.sys[f72f4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86d1dd98]
08:56:43.081 Scan finished successfully
08:57:23.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jiri.muzikar\Plocha\MBR.dat"
08:57:23.812 The log file has been saved successfully to "C:\Documents and Settings\jiri.muzikar\Plocha\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Jak to vypadá nyní?

[jiri.muzikar]

Díky moc - zdá se mně to OK