PC-HELP.CZ

mizi mi soubory, nektere se zobrazi modre, jine jsou prazdne, nefunguji mi sluchatka, nevim jestli je to hardware, nebo software a pri zapnuti intern. prohlizece mi vzdy naskoci virus - navic je pomaly

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:29, on 12.2.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Emotum\Mobile Broadband\Mobile.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {416ae1cb-7257-484a-b912-aebc7fdad4ce} - C:\Program Files\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Emotum Mobile Broadband] C:\Program Files\Emotum\Mobile Broadband\Mobile.exe
O4 - HKUS\S-1-5-19\..\Run: [appcertdns.exe] "C:\Documents and Settings\pokus\appcertdns.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [upd_debug.exe] "C:\Documents and Settings\pokus\Data aplikací\906E707554F70DDF62B35C05C0A7688A\upd_debug.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [resntfssrv.exe] "C:\Documents and Settings\All Users\Nabídka Start\Programy\resntfssrv.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [baseappcert.exe] "C:\Documents and Settings\All Users\Data aplikací\baseappcert.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [corebridgeapp.exe] "C:\Documents and Settings\LocalService\Data aplikací\corebridgeapp.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [appcertdns.exe] "C:\Documents and Settings\pokus\appcertdns.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://tbedits.mywebsearch.com/one-tool ... 2011020617
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = pilsfree.czf
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = pilsfree.czf
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eLock Service (eLockService) - - C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: GtDetectSc Service (GTDetectSc) - OptionNV - C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Unknown owner - C:\Program Files\Sony\Sony PC Companion\PCCService.exe (file missing)

--
End of file - 13028 bytes

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

a kdyz pouzivam google chrome? opera mi blbne

Tak pokračuj dál...

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 15:45:45
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : pokus - APOLLO-NOTE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\pokus\Dokumenty\Downloads\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\pokus\Data aplikací\cacaoweb
Folder Found : C:\Documents and Settings\pokus\Data aplikací\FissaSearch
Folder Found : C:\Documents and Settings\pokus\Data aplikací\freeTVRadio
Folder Found : C:\Documents and Settings\pokus\Data aplikací\PriceGong
Folder Found : C:\Documents and Settings\pokus\Data aplikací\searchquband
Folder Found : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Conduit
Folder Found : C:\Documents and Settings\pokus\Local Settings\Data aplikací\freetvradio Air
Folder Found : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Ilivid Player
Folder Found : C:\Program Files\cacaoweb
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\PriceGong
Folder Found : C:\Program Files\Windows iLivid Toolbar
Folder Found : C:\WINDOWS\Installer\{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}
Folder Found : C:\WINDOWS\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}

***** [Registry] *****

Key Found : HKCU\Software\cacaoweb
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\FissaSearch
Key Found : HKCU\Software\freeTVRadio
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\freeTVRadio
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D110684-626C-41A5-B737-9FA4613D7398}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3763EE44-612E-457D-8932-F3E2BDE560D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{746B5408-3579-4CED-B76A-BEC915730F45}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C36E7FF-9860-4437-A5FF-B1349A43835B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.Spointer
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.Spointer.4
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.SpointerAdProvider
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.SpointerAdProvider.4
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.SpointerBanner
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.SpointerBanner.4
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.SpointerCtrl
Key Found : HKLM\SOFTWARE\Classes\Freetvradio.SpointerWebDisp
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C
Key Found : HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C
Key Found : HKLM\SOFTWARE\Classes\Interface\{1E5CEE40-211D-4FEF-B03F-6D784089A445}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{596117CB-19F1-47B4-AA3A-CFF13970450A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{746B5408-3579-4CED-B76A-BEC915730F45}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7C36E7FF-9860-4437-A5FF-B1349A43835B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C20001AC-EA08-4185-A47F-423473FA96E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FA417304-519C-4278-9155-9B6562942C39}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1640187
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{303D092C-7A38-4F1A-BB61-4C5A90BDA313}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F46EF622-9190-44FF-A3EF-FC1DDD82BC65}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F5419E28-D7D4-4B5E-89D4-008BC67B51B4}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FissaSearch
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpdfidbfmmnmppkboomdjjjlkbccdgbc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3763EE44-612E-457D-8932-F3E2BDE560D4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKU\S-1-5-21-1960408961-1897051121-1801674531-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1960408961-1897051121-1801674531-1007\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-1960408961-1897051121-1801674531-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\S-1-5-21-1960408961-1897051121-1801674531-1007\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freetvradio@spointer.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17055

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406

-\\ Mozilla Firefox v9.0.1 (cs)

File : C:\Documents and Settings\pokus\Data aplikací\Mozilla\Firefox\Profiles\uucpjufd.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Found : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=");


-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

Found [l.14] : homepage = "hxxp://www.searchqu.com/406",
Found [l.18] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Found [l.1683] : homepage = "hxxp://www.searchqu.com/406",
Found [l.2287] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [11453 octets] - [12/02/2013 15:45:45]

########## EOF - C:\AdwCleaner[R1].txt - [11514 octets] ##########

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.12.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
pokus :: APOLLO-NOTE [administrátor]

Ochrana: Povolena

12.2.2013 16:07:31
MBAM-log-2013-02-12 (16-16-09).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 236887
Uplynulý čas: 7 minut, 38 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Zentom System Guard (Rogue.ZentomSystemGuard) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\cdfss (Rootkit.Agent) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\wcscd (Rootkit.Agent) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\WINDOWS\system32\winlogon.Del (Heuristics.Reserved.Word.Exploit) -> Nebyla provedena žádná instrukce.

(konec)

tak ted nevim, asi jsem to udelala spatne.. v HJT se oznacene soubory smazou? preskocila jsem postup, jak jsi upozornil na konci, at nic nemazu,.. a jak si to tak procitam znovu, asi jsem to udelat mela coz? (jelikoz mi to neustale zlobi)
Opakovat postup od zacatku pocinaje HJT?

V HJT po fixnutí položky zmizí

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“)
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt), jeho obsah sem celý vlož.

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 19:28:41
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : pokus - APOLLO-NOTE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\pokus\Plocha\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\pokus\Data aplikací\cacaoweb
Folder Deleted : C:\Documents and Settings\pokus\Data aplikací\FissaSearch
Folder Deleted : C:\Documents and Settings\pokus\Data aplikací\freeTVRadio
Folder Deleted : C:\Documents and Settings\pokus\Data aplikací\PriceGong
Folder Deleted : C:\Documents and Settings\pokus\Data aplikací\searchquband
Folder Deleted : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\pokus\Local Settings\Data aplikací\freetvradio Air
Folder Deleted : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Ilivid Player
Folder Deleted : C:\Program Files\cacaoweb
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\WINDOWS\Installer\{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}
Folder Deleted : C:\WINDOWS\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}

***** [Registry] *****

Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FissaSearch
Key Deleted : HKCU\Software\freeTVRadio
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\freeTVRadio
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D110684-626C-41A5-B737-9FA4613D7398}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3763EE44-612E-457D-8932-F3E2BDE560D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{746B5408-3579-4CED-B76A-BEC915730F45}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C36E7FF-9860-4437-A5FF-B1349A43835B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.Spointer
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.Spointer.4
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerAdProvider
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerAdProvider.4
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerBanner
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerBanner.4
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerCtrl
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerWebDisp
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C
Key Deleted : HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E5CEE40-211D-4FEF-B03F-6D784089A445}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{596117CB-19F1-47B4-AA3A-CFF13970450A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{746B5408-3579-4CED-B76A-BEC915730F45}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7C36E7FF-9860-4437-A5FF-B1349A43835B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C20001AC-EA08-4185-A47F-423473FA96E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA417304-519C-4278-9155-9B6562942C39}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1640187
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{303D092C-7A38-4F1A-BB61-4C5A90BDA313}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F46EF622-9190-44FF-A3EF-FC1DDD82BC65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F5419E28-D7D4-4B5E-89D4-008BC67B51B4}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FissaSearch
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpdfidbfmmnmppkboomdjjjlkbccdgbc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3763EE44-612E-457D-8932-F3E2BDE560D4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freetvradio@spointer.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17055

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (cs)

File : C:\Documents and Settings\pokus\Data aplikací\Mozilla\Firefox\Profiles\uucpjufd.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=");

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

Deleted [l.14] : homepage = "hxxp://www.searchqu.com/406",
Deleted [l.18] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Deleted [l.1683] : homepage = "hxxp://www.searchqu.com/406",
Deleted [l.2287] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [11584 octets] - [12/02/2013 15:45:45]
AdwCleaner[S1].txt - [10771 octets] - [12/02/2013 19:28:41]

########## EOF - C:\AdwCleaner[S1].txt - [10832 octets] ##########

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.12.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
pokus :: APOLLO-NOTE [administrátor]

Ochrana: Povolena

12.2.2013 19:44:27
mbam-log-2013-02-12 (19-44-27).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 236584
Uplynulý čas: 15 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Zentom System Guard (Rogue.ZentomSystemGuard) -> Přesun do karantény a smazání se zdařilo.
HKLM\SYSTEM\CurrentControlSet\Services\cdfss (Rootkit.Agent) -> Přesun do karantény a smazání se zdařilo.
HKLM\SYSTEM\CurrentControlSet\Services\wcscd (Rootkit.Agent) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\WINDOWS\system32\winlogon.Del (Heuristics.Reserved.Word.Exploit) -> Přesun do karantény a smazání se zdařilo.

(konec)

20:41:28.0812 3352 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:41:29.0031 3352 ============================================================
20:41:29.0031 3352 Current date / time: 2013/02/12 20:41:29.0031
20:41:29.0031 3352 SystemInfo:
20:41:29.0031 3352
20:41:29.0031 3352 OS Version: 5.1.2600 ServicePack: 2.0
20:41:29.0031 3352 Product type: Workstation
20:41:29.0031 3352 ComputerName: APOLLO-NOTE
20:41:29.0046 3352 UserName: pokus
20:41:29.0046 3352 Windows directory: C:\WINDOWS
20:41:29.0046 3352 System windows directory: C:\WINDOWS
20:41:29.0046 3352 Processor architecture: Intel x86
20:41:29.0046 3352 Number of processors: 1
20:41:29.0046 3352 Page size: 0x1000
20:41:29.0046 3352 Boot type: Normal boot
20:41:29.0046 3352 ============================================================
20:41:31.0312 3352 BG loaded
20:41:32.0078 3352 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
20:41:32.0171 3352 ============================================================
20:41:32.0171 3352 \Device\Harddisk0\DR0:
20:41:32.0171 3352 MBR partitions:
20:41:32.0171 3352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140635B, BlocksNum 0x4854531
20:41:32.0171 3352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5C5A88C, BlocksNum 0x38B3C35
20:41:32.0171 3352 ============================================================
20:41:32.0265 3352 C: <-> \Device\Harddisk0\DR0\Partition1
20:41:32.0312 3352 D: <-> \Device\Harddisk0\DR0\Partition2
20:41:32.0453 3352 ============================================================
20:41:32.0453 3352 Initialize success
20:41:32.0453 3352 ============================================================
20:46:59.0062 5100 ============================================================
20:46:59.0062 5100 Scan started
20:46:59.0062 5100 Mode: Manual;
20:46:59.0062 5100 ============================================================
20:46:59.0281 5100 ================ Scan system memory ========================
20:47:01.0781 5100 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
20:47:01.0781 5100 System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
20:47:01.0781 5100 ================ Scan services =============================
20:47:02.0203 5100 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:47:02.0203 5100 Aavmker4 - ok
20:47:02.0218 5100 Abiosdsk - ok
20:47:02.0250 5100 abp480n5 - ok
20:47:02.0296 5100 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:47:02.0312 5100 ACPI - ok
20:47:02.0390 5100 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:47:02.0390 5100 ACPIEC - ok
20:47:02.0515 5100 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:02.0515 5100 AdobeFlashPlayerUpdateSvc - ok
20:47:02.0546 5100 adpu160m - ok
20:47:02.0593 5100 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
20:47:02.0609 5100 aec - ok
20:47:02.0671 5100 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:47:02.0687 5100 AFD - ok
20:47:02.0687 5100 Aha154x - ok
20:47:02.0703 5100 aic78u2 - ok
20:47:02.0734 5100 aic78xx - ok
20:47:02.0765 5100 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:47:02.0812 5100 Alerter - ok
20:47:02.0828 5100 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
20:47:02.0843 5100 ALG - ok
20:47:02.0843 5100 AliIde - ok
20:47:02.0859 5100 amsint - ok
20:47:02.0906 5100 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:47:02.0906 5100 AppMgmt - ok
20:47:02.0921 5100 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:47:02.0921 5100 Arp1394 - ok
20:47:02.0937 5100 asc - ok
20:47:02.0953 5100 asc3350p - ok
20:47:02.0953 5100 asc3550 - ok
20:47:03.0250 5100 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:47:03.0390 5100 aspnet_state - ok
20:47:03.0421 5100 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:47:03.0421 5100 aswFsBlk - ok
20:47:03.0453 5100 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:47:03.0468 5100 aswMon2 - ok
20:47:03.0500 5100 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:47:03.0515 5100 AswRdr - ok
20:47:03.0593 5100 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:47:03.0687 5100 aswSnx - ok
20:47:03.0796 5100 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:47:03.0843 5100 aswSP - ok
20:47:03.0875 5100 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:47:03.0906 5100 aswTdi - ok
20:47:03.0937 5100 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:47:03.0953 5100 AsyncMac - ok
20:47:04.0015 5100 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:47:04.0015 5100 atapi - ok
20:47:04.0015 5100 Atdisk - ok
20:47:04.0234 5100 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:47:04.0234 5100 Atmarpc - ok
20:47:04.0281 5100 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:47:04.0281 5100 AudioSrv - ok
20:47:04.0328 5100 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:47:04.0343 5100 audstub - ok
20:47:04.0500 5100 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:47:04.0515 5100 avast! Antivirus - ok
20:47:04.0562 5100 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:47:04.0609 5100 b57w2k - ok
20:47:04.0781 5100 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:47:04.0796 5100 BCM43XX - ok
20:47:04.0890 5100 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:47:04.0906 5100 Beep - ok
20:47:04.0937 5100 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
20:47:04.0984 5100 BITS - ok
20:47:05.0046 5100 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
20:47:05.0062 5100 Browser - ok
20:47:05.0171 5100 [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
20:47:05.0250 5100 btaudio - ok
20:47:05.0328 5100 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
20:47:05.0328 5100 BTDriver - ok
20:47:05.0500 5100 [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:47:05.0562 5100 BTKRNL - ok
20:47:05.0750 5100 [ 49E9ED37FAEC5E8C03E81FD73D3884D6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
20:47:05.0781 5100 btwdins - ok
20:47:05.0781 5100 BTWDNDIS - ok
20:47:05.0812 5100 [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
20:47:05.0843 5100 btwhid - ok
20:47:05.0859 5100 btwmodem - ok
20:47:05.0906 5100 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
20:47:05.0906 5100 BTWUSB - ok
20:47:06.0125 5100 catchme - ok
20:47:06.0187 5100 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:47:06.0187 5100 cbidf2k - ok
20:47:06.0234 5100 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:47:06.0281 5100 CCDECODE - ok
20:47:06.0296 5100 cd20xrnt - ok
20:47:06.0328 5100 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:47:06.0328 5100 Cdaudio - ok
20:47:06.0390 5100 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:47:06.0390 5100 Cdfs - ok
20:47:06.0406 5100 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:47:06.0406 5100 Cdrom - ok
20:47:06.0453 5100 [ DAF1A8193B6CAF0FB858CADCC5C4AF4A ] Changer C:\WINDOWS\system32\drivers\Changer.sys
20:47:06.0484 5100 Changer - ok
20:47:06.0781 5100 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:47:06.0781 5100 CiSvc - ok
20:47:06.0812 5100 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:47:06.0812 5100 ClipSrv - ok
20:47:06.0859 5100 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:06.0906 5100 clr_optimization_v2.0.50727_32 - ok
20:47:06.0968 5100 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:47:07.0015 5100 CmBatt - ok
20:47:07.0031 5100 CmdIde - ok
20:47:07.0109 5100 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:47:07.0203 5100 Compbatt - ok
20:47:07.0203 5100 COMSysApp - ok
20:47:07.0218 5100 Cpqarray - ok
20:47:07.0296 5100 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:47:07.0312 5100 CryptSvc - ok
20:47:07.0328 5100 dac2w2k - ok
20:47:07.0328 5100 dac960nt - ok
20:47:07.0453 5100 [ 2B269C916766BDB43404F043B763427D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:47:07.0453 5100 DcomLaunch - ok
20:47:07.0515 5100 [ 06A30F453CA4CB1431037E4813F697CB ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:47:07.0531 5100 Dhcp - ok
20:47:07.0578 5100 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:47:07.0593 5100 Disk - ok
20:47:07.0640 5100 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
20:47:07.0640 5100 DKbFltr - ok
20:47:07.0640 5100 dmadmin - ok
20:47:07.0734 5100 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:47:07.0750 5100 dmboot - ok
20:47:07.0796 5100 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:47:07.0812 5100 dmio - ok
20:47:07.0828 5100 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:47:07.0828 5100 dmload - ok
20:47:07.0843 5100 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:47:07.0859 5100 dmserver - ok
20:47:07.0921 5100 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:47:07.0921 5100 DMusic - ok
20:47:08.0000 5100 [ 0EEF8922D46D4846B472B1F6FD0541BC ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:47:08.0000 5100 Dnscache - ok
20:47:08.0000 5100 dpti2o - ok
20:47:08.0046 5100 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:47:08.0046 5100 drmkaud - ok
20:47:08.0218 5100 [ D33EC04D1F0B5F388DE86CCC3333A59F ] eLockService C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
20:47:08.0234 5100 eLockService - ok
20:47:08.0250 5100 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:47:08.0265 5100 ERSvc - ok
20:47:08.0312 5100 [ 4F9F7B567970B524F31D9970A23F7C24 ] Eventlog C:\WINDOWS\system32\services.exe
20:47:08.0343 5100 Eventlog - ok
20:47:08.0453 5100 [ 398314DF0B21338C4996B469101750D1 ] EventSystem C:\WINDOWS\system32\es.dll
20:47:08.0484 5100 EventSystem - ok
20:47:08.0562 5100 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:47:08.0562 5100 Fastfat - ok
20:47:08.0609 5100 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:47:08.0625 5100 FastUserSwitchingCompatibility - ok
20:47:08.0671 5100 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:47:08.0687 5100 Fdc - ok
20:47:08.0734 5100 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:47:08.0750 5100 Fips - ok
20:47:08.0812 5100 [ 5575EE5823DE1558F8486EB4E33FFA99 ] FlashUSB C:\WINDOWS\system32\DRIVERS\FlashUSB.sys
20:47:08.0828 5100 FlashUSB - ok
20:47:08.0859 5100 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:47:08.0875 5100 Flpydisk - ok
20:47:08.0890 5100 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:47:08.0890 5100 FltMgr - ok
20:47:08.0953 5100 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:47:08.0968 5100 FontCache3.0.0.0 - ok
20:47:09.0000 5100 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:47:09.0000 5100 fssfltr - ok
20:47:09.0171 5100 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:47:09.0187 5100 fsssvc - ok
20:47:09.0218 5100 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:47:09.0265 5100 Fs_Rec - ok
20:47:09.0296 5100 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:47:09.0296 5100 Ftdisk - ok
20:47:09.0343 5100 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:47:09.0343 5100 Gpc - ok
20:47:09.0406 5100 [ 20A940D96E69BE65F9B6E4695BAAC6DC ] GT72NDISIPXP C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys
20:47:09.0406 5100 GT72NDISIPXP - ok
20:47:09.0468 5100 [ 1678D49EA3E76CCABDE89D7B26D5061C ] GT72UBUS C:\WINDOWS\system32\DRIVERS\gt72ubus.sys
20:47:09.0484 5100 GT72UBUS - ok
20:47:09.0562 5100 [ 4A58B52E866BC50F81F63FE181384982 ] GTDetectSc C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe
20:47:09.0578 5100 GTDetectSc - ok
20:47:09.0625 5100 [ 346DDAEFA04E49AD804EE12D4BAA0ED3 ] GTPTSER C:\WINDOWS\system32\DRIVERS\gtptser.sys
20:47:09.0656 5100 GTPTSER - ok
20:47:09.0703 5100 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:47:09.0734 5100 HDAudBus - ok
20:47:09.0875 5100 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:47:09.0906 5100 helpsvc - ok
20:47:09.0906 5100 HidServ - ok
20:47:09.0953 5100 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:47:09.0953 5100 HidUsb - ok
20:47:09.0953 5100 hpn - ok
20:47:10.0015 5100 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:47:10.0031 5100 HSFHWAZL - ok
20:47:10.0093 5100 [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:47:10.0187 5100 HSF_DPV - ok
20:47:10.0328 5100 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:47:10.0343 5100 HTTP - ok
20:47:10.0375 5100 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:47:10.0390 5100 HTTPFilter - ok
20:47:10.0453 5100 [ 2310CA92D37D97C9231ADF1796B47B9D ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:47:10.0453 5100 hwdatacard - ok
20:47:10.0500 5100 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:47:10.0515 5100 i2omgmt - ok
20:47:10.0531 5100 i2omp - ok
20:47:10.0593 5100 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:47:10.0609 5100 i8042prt - ok
20:47:11.0218 5100 [ 28423512370705AEDA6A652FEDB25468 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:47:12.0250 5100 ialm - ok
20:47:12.0328 5100 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:47:12.0375 5100 idsvc - ok
20:47:12.0390 5100 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:47:12.0406 5100 Imapi - ok
20:47:12.0468 5100 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:47:12.0484 5100 ImapiService - ok
20:47:12.0500 5100 ini910u - ok
20:47:12.0531 5100 [ F8F75594C17FE7BCE1B4045BB7199868 ] int15 C:\WINDOWS\system32\drivers\int15.sys
20:47:12.0546 5100 int15 - ok
20:47:13.0109 5100 [ 12F4D2AA29745DC2A403FF42E75CF7FA ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:47:13.0593 5100 IntcAzAudAddService - ok
20:47:13.0593 5100 IntelIde - ok
20:47:13.0625 5100 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:47:13.0640 5100 intelppm - ok
20:47:13.0671 5100 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:47:13.0671 5100 Ip6Fw - ok
20:47:13.0718 5100 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:47:13.0718 5100 IpFilterDriver - ok
20:47:13.0734 5100 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:47:13.0734 5100 IpInIp - ok
20:47:13.0828 5100 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:47:13.0890 5100 IpNat - ok
20:47:13.0921 5100 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:47:13.0937 5100 IPSec - ok
20:47:13.0953 5100 IpwP - ok
20:47:14.0000 5100 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
20:47:14.0000 5100 irda - ok
20:47:14.0046 5100 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:47:14.0046 5100 IRENUM - ok
20:47:14.0062 5100 [ E16AC23F81CFE1223AB470F9982DE89D ] Irmon C:\WINDOWS\System32\irmon.dll
20:47:14.0093 5100 Irmon - ok
20:47:14.0125 5100 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:47:14.0140 5100 isapnp - ok
20:47:14.0328 5100 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:47:14.0328 5100 JavaQuickStarterService - ok
20:47:14.0359 5100 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:47:14.0359 5100 Kbdclass - ok
20:47:14.0437 5100 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:47:14.0437 5100 kmixer - ok
20:47:14.0484 5100 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:47:14.0500 5100 KSecDD - ok
20:47:14.0578 5100 [ 9757F6E16FD1EAB54D6EB9D5EB3CBCB5 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:47:14.0593 5100 lanmanserver - ok
20:47:14.0671 5100 [ 6BF7BAF420DD4422D2C35DFB3E51A29C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:47:14.0703 5100 lanmanworkstation - ok
20:47:14.0734 5100 [ CC50A66548C2F285BC8A7B0B8AA578E3 ] lbrtfdc C:\WINDOWS\system32\drivers\lbrtfdc.sys
20:47:14.0750 5100 lbrtfdc - ok
20:47:14.0765 5100 lchnvcop - ok
20:47:14.0812 5100 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:47:14.0828 5100 LmHosts - ok
20:47:14.0859 5100 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:47:14.0859 5100 MBAMProtector - ok
20:47:14.0937 5100 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:47:14.0984 5100 MBAMScheduler - ok
20:47:15.0046 5100 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:47:15.0093 5100 MBAMService - ok
20:47:15.0265 5100 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:47:15.0265 5100 MDM - ok
20:47:15.0328 5100 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:47:15.0343 5100 mdmxsdk - ok
20:47:15.0375 5100 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:47:15.0390 5100 Messenger - ok
20:47:15.0500 5100 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:47:15.0500 5100 Microsoft Office Groove Audit Service - ok
20:47:15.0562 5100 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:47:15.0562 5100 mnmdd - ok
20:47:15.0640 5100 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:47:15.0671 5100 mnmsrvc - ok
20:47:15.0718 5100 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:47:15.0718 5100 Modem - ok
20:47:15.0734 5100 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:47:15.0734 5100 Mouclass - ok
20:47:15.0765 5100 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:47:15.0765 5100 mouhid - ok
20:47:15.0796 5100 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:47:15.0812 5100 MountMgr - ok
20:47:15.0828 5100 mraid35x - ok
20:47:15.0890 5100 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:47:15.0906 5100 MRxDAV - ok
20:47:16.0015 5100 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:47:16.0031 5100 MRxSmb - ok
20:47:16.0078 5100 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:47:16.0109 5100 MSDTC - ok
20:47:16.0156 5100 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:47:16.0171 5100 Msfs - ok
20:47:16.0171 5100 MSIServer - ok
20:47:16.0250 5100 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:47:16.0281 5100 MSKSSRV - ok
20:47:16.0312 5100 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:47:16.0312 5100 MSPCLOCK - ok
20:47:16.0328 5100 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:47:16.0328 5100 MSPQM - ok
20:47:16.0359 5100 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:47:16.0359 5100 mssmbios - ok
20:47:16.0390 5100 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:47:16.0390 5100 MSTEE - ok
20:47:16.0421 5100 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:47:16.0437 5100 Mup - ok
20:47:16.0484 5100 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:47:16.0500 5100 NABTSFEC - ok
20:47:16.0656 5100 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:47:16.0687 5100 NBService - ok
20:47:16.0796 5100 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:47:16.0796 5100 NDIS - ok
20:47:16.0875 5100 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:47:16.0875 5100 NdisIP - ok
20:47:16.0937 5100 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:47:16.0937 5100 NdisTapi - ok
20:47:17.0000 5100 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:47:17.0015 5100 Ndisuio - ok
20:47:17.0031 5100 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:47:17.0046 5100 NdisWan - ok
20:47:17.0046 5100 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:47:17.0046 5100 NDProxy - ok
20:47:17.0078 5100 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:47:17.0093 5100 NetBIOS - ok
20:47:17.0140 5100 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:47:17.0140 5100 NetBT - ok
20:47:17.0203 5100 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:47:17.0234 5100 NetDDE - ok
20:47:17.0250 5100 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:47:17.0296 5100 NetDDEdsdm - ok
20:47:17.0328 5100 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:47:17.0343 5100 Netlogon - ok
20:47:17.0390 5100 [ 86AD5B0E02F2C968FBB096AB4C555C9C ] Netman C:\WINDOWS\System32\netman.dll
20:47:17.0406 5100 Netman - ok
20:47:17.0453 5100 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:17.0468 5100 NetTcpPortSharing - ok
20:47:17.0500 5100 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:47:17.0500 5100 NIC1394 - ok
20:47:17.0562 5100 [ A6E79B60AC73241E5721AB6A573D2B24 ] Nla C:\WINDOWS\System32\mswsock.dll
20:47:17.0578 5100 Nla - ok
20:47:17.0609 5100 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:47:17.0625 5100 Npfs - ok
20:47:17.0671 5100 [ 6216798D29C3BA9D0D6F40BBBAB694A5 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:47:17.0671 5100 NSCIRDA - ok
20:47:17.0796 5100 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:47:17.0859 5100 Ntfs - ok
20:47:17.0875 5100 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:47:17.0875 5100 NtLmSsp - ok
20:47:18.0015 5100 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:47:18.0046 5100 NtmsSvc - ok
20:47:18.0109 5100 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:47:18.0109 5100 Null - ok
20:47:18.0140 5100 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:47:18.0171 5100 NwlnkFlt - ok
20:47:18.0203 5100 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:47:18.0203 5100 NwlnkFwd - ok
20:47:18.0421 5100 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:47:18.0453 5100 odserv - ok
20:47:18.0484 5100 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:47:18.0484 5100 ohci1394 - ok
20:47:18.0562 5100 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:18.0578 5100 ose - ok
20:47:18.0640 5100 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:47:18.0687 5100 Parport - ok
20:47:18.0718 5100 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:47:18.0734 5100 PartMgr - ok
20:47:18.0796 5100 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:47:18.0796 5100 ParVdm - ok
20:47:18.0843 5100 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:47:18.0859 5100 PCI - ok
20:47:18.0875 5100 PCIDump - ok
20:47:18.0906 5100 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:47:18.0906 5100 PCIIde - ok
20:47:18.0937 5100 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:47:18.0953 5100 Pcmcia - ok
20:47:18.0968 5100 PDCOMP - ok
20:47:18.0968 5100 PDFRAME - ok
20:47:18.0984 5100 PDRELI - ok
20:47:18.0984 5100 PDRFRAME - ok
20:47:19.0000 5100 perc2 - ok
20:47:19.0000 5100 perc2hib - ok
20:47:19.0046 5100 [ 4F9F7B567970B524F31D9970A23F7C24 ] PlugPlay C:\WINDOWS\system32\services.exe
20:47:19.0046 5100 PlugPlay - ok
20:47:19.0078 5100 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:47:19.0078 5100 PolicyAgent - ok
20:47:19.0156 5100 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:47:19.0156 5100 PptpMiniport - ok
20:47:19.0171 5100 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:47:19.0171 5100 ProtectedStorage - ok
20:47:19.0218 5100 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:47:19.0218 5100 PSched - ok
20:47:19.0265 5100 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:47:19.0281 5100 Ptilink - ok
20:47:19.0281 5100 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:47:19.0296 5100 PxHelp20 - ok
20:47:19.0296 5100 ql1080 - ok
20:47:19.0312 5100 Ql10wnt - ok
20:47:19.0312 5100 ql12160 - ok
20:47:19.0328 5100 ql1240 - ok
20:47:19.0328 5100 ql1280 - ok
20:47:19.0375 5100 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:47:19.0406 5100 RasAcd - ok
20:47:19.0453 5100 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:47:19.0453 5100 RasAuto - ok
20:47:19.0484 5100 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:47:19.0500 5100 Rasirda - ok
20:47:19.0531 5100 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:47:19.0546 5100 Rasl2tp - ok
20:47:19.0578 5100 [ 43A5C7969718EE00940A6D096960DBC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:47:19.0578 5100 RasMan - ok
20:47:19.0593 5100 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:47:19.0593 5100 RasPppoe - ok
20:47:19.0656 5100 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:47:19.0671 5100 Raspti - ok
20:47:19.0703 5100 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:47:19.0734 5100 Rdbss - ok
20:47:19.0750 5100 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:47:19.0750 5100 RDPCDD - ok
20:47:19.0843 5100 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:47:19.0859 5100 rdpdr - ok
20:47:19.0906 5100 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:47:19.0953 5100 RDPWD - ok
20:47:20.0062 5100 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:47:20.0078 5100 RDSessMgr - ok
20:47:20.0093 5100 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:47:20.0125 5100 redbook - ok
20:47:20.0171 5100 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:47:20.0187 5100 RemoteAccess - ok
20:47:20.0234 5100 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:47:20.0250 5100 RemoteRegistry - ok
20:47:20.0281 5100 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:47:20.0296 5100 RpcLocator - ok
20:47:20.0421 5100 [ 2B269C916766BDB43404F043B763427D ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:47:20.0421 5100 RpcSs - ok
20:47:20.0468 5100 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:47:20.0484 5100 RSVP - ok
20:47:20.0515 5100 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
20:47:20.0515 5100 SamSs - ok
20:47:20.0593 5100 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:47:20.0625 5100 SCardSvr - ok
20:47:20.0687 5100 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:47:20.0687 5100 Schedule - ok
20:47:20.0750 5100 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:47:20.0765 5100 sdbus - ok
20:47:20.0890 5100 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:47:20.0921 5100 SeaPort - ok
20:47:20.0937 5100 Secdrv - ok
20:47:20.0984 5100 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:47:21.0015 5100 seclogon - ok
20:47:21.0031 5100 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
20:47:21.0046 5100 SENS - ok
20:47:21.0109 5100 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:47:21.0125 5100 Serial - ok
20:47:21.0343 5100 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:47:21.0421 5100 ServiceLayer - ok
20:47:21.0453 5100 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:47:21.0468 5100 Sfloppy - ok
20:47:21.0562 5100 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:47:21.0578 5100 SharedAccess - ok
20:47:21.0625 5100 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:47:21.0640 5100 ShellHWDetection - ok
20:47:21.0640 5100 Simbad - ok
20:47:22.0343 5100 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:47:22.0968 5100 Skype C2C Service - ok
20:47:23.0078 5100 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:47:23.0078 5100 SkypeUpdate - ok
20:47:23.0140 5100 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:47:23.0156 5100 SLIP - ok
20:47:23.0171 5100 Sony PC Companion - ok
20:47:23.0187 5100 Sparrow - ok
20:47:23.0234 5100 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:47:23.0265 5100 splitter - ok
20:47:23.0328 5100 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:47:23.0328 5100 Spooler - ok
20:47:23.0500 5100 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
20:47:23.0515 5100 sptd - ok
20:47:23.0562 5100 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:47:23.0593 5100 sr - ok
20:47:23.0625 5100 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
20:47:23.0640 5100 srservice - ok
20:47:23.0687 5100 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:47:23.0687 5100 Srv - ok
20:47:23.0750 5100 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:47:23.0765 5100 SSDPSRV - ok
20:47:23.0828 5100 [ B824215A934A24928CDDD1EF7E113035 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:47:23.0843 5100 stisvc - ok
20:47:23.0890 5100 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:47:23.0906 5100 streamip - ok
20:47:23.0937 5100 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:47:23.0953 5100 swenum - ok
20:47:24.0000 5100 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:47:24.0015 5100 swmidi - ok
20:47:24.0031 5100 SwPrv - ok
20:47:24.0046 5100 symc810 - ok
20:47:24.0046 5100 symc8xx - ok
20:47:24.0062 5100 sym_hi - ok
20:47:24.0062 5100 sym_u3 - ok
20:47:24.0125 5100 [ CC5DA243CFDAC58FC0408F7CE24084C5 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:47:24.0156 5100 SynTP - ok
20:47:24.0203 5100 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:47:24.0234 5100 sysaudio - ok
20:47:24.0281 5100 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:47:24.0281 5100 SysmonLog - ok
20:47:24.0359 5100 [ 250241D65CCF692AEACC318A266413C2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:47:24.0390 5100 TapiSrv - ok
20:47:24.0500 5100 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:47:24.0515 5100 Tcpip - ok
20:47:24.0593 5100 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:47:24.0609 5100 TDPIPE - ok
20:47:24.0640 5100 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:47:24.0656 5100 TDTCP - ok
20:47:24.0687 5100 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:47:24.0687 5100 TermDD - ok
20:47:24.0750 5100 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
20:47:24.0796 5100 TermService - ok
20:47:24.0859 5100 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:47:24.0875 5100 Themes - ok
20:47:24.0953 5100 [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
20:47:25.0000 5100 tifm21 - ok
20:47:25.0062 5100 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:47:25.0078 5100 TlntSvr - ok
20:47:25.0078 5100 TosIde - ok
20:47:25.0109 5100 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:47:25.0140 5100 TrkWks - ok
20:47:25.0187 5100 [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport C:\WINDOWS\system32\drivers\tvicport.sys
20:47:25.0203 5100 tvicport - ok
20:47:25.0234 5100 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:47:25.0265 5100 Udfs - ok
20:47:25.0281 5100 UIUSys - ok
20:47:25.0281 5100 ultra - ok
20:47:25.0343 5100 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:47:25.0421 5100 Update - ok
20:47:25.0500 5100 [ 0C0C2C77C6B52181369594F2AA36AF40 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:47:25.0546 5100 upnphost - ok
20:47:25.0578 5100 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
20:47:25.0593 5100 UPS - ok
20:47:25.0640 5100 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:47:25.0640 5100 usbaudio - ok
20:47:25.0640 5100 usbbus - ok
20:47:25.0703 5100 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:47:25.0703 5100 usbccgp - ok
20:47:25.0718 5100 UsbDiag - ok
20:47:25.0750 5100 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:47:25.0765 5100 usbehci - ok
20:47:25.0812 5100 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:47:25.0812 5100 usbhub - ok
20:47:25.0828 5100 USBModem - ok
20:47:25.0875 5100 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:47:25.0890 5100 usbscan - ok
20:47:25.0937 5100 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
20:47:25.0937 5100 usbser - ok
20:47:25.0968 5100 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:47:25.0984 5100 USBSTOR - ok
20:47:26.0015 5100 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:47:26.0015 5100 usbuhci - ok
20:47:26.0031 5100 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:47:26.0062 5100 VgaSave - ok
20:47:26.0078 5100 ViaIde - ok
20:47:26.0125 5100 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:47:26.0125 5100 VolSnap - ok
20:47:26.0281 5100 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
20:47:26.0281 5100 VSS - ok
20:47:26.0375 5100 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
20:47:26.0375 5100 W32Time - ok
20:47:26.0390 5100 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:47:26.0406 5100 Wanarp - ok
20:47:26.0515 5100 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:47:26.0562 5100 Wdf01000 - ok
20:47:26.0562 5100 WDICA - ok
20:47:26.0609 5100 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:47:26.0609 5100 wdmaud - ok
20:47:26.0671 5100 [ 4BD50644CF52F00091F894AB7541E538 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:47:26.0703 5100 WebClient - ok
20:47:26.0703 5100 whckzjos - ok
20:47:26.0859 5100 [ 307D248F97835B6879BDD361086924FE ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:47:26.0906 5100 winachsf - ok
20:47:27.0093 5100 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:47:27.0109 5100 winmgmt - ok
20:47:27.0187 5100 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:47:27.0203 5100 WmdmPmSN - ok
20:47:27.0281 5100 [ E428EED87E8055FB995CF0E4D1532D4C ] Wmi C:\WINDOWS\System32\advapi32.dll
20:47:27.0296 5100 Wmi - ok
20:47:27.0359 5100 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:47:27.0375 5100 WmiAcpi - ok
20:47:27.0437 5100 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:47:27.0453 5100 WmiApSrv - ok
20:47:27.0781 5100 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:47:27.0796 5100 WMPNetworkSvc - ok
20:47:27.0843 5100 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
20:47:27.0921 5100 WpdUsb - ok
20:47:28.0000 5100 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:47:28.0015 5100 WS2IFSL - ok
20:47:28.0078 5100 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:47:28.0093 5100 wscsvc - ok
20:47:28.0156 5100 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:47:28.0156 5100 WSTCODEC - ok
20:47:28.0218 5100 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:47:28.0218 5100 wuauserv - ok
20:47:28.0281 5100 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:47:28.0312 5100 WudfPf - ok
20:47:28.0343 5100 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:47:28.0359 5100 WudfRd - ok
20:47:28.0421 5100 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:47:28.0421 5100 WudfSvc - ok
20:47:28.0500 5100 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:47:28.0531 5100 WZCSVC - ok
20:47:28.0531 5100 xcpip - ok
20:47:28.0578 5100 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:47:28.0609 5100 xmlprov - ok
20:47:28.0609 5100 xpsec - ok
20:47:28.0687 5100 [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport C:\WINDOWS\system32\drivers\zntport.sys
20:47:28.0687 5100 zntport - ok
20:47:28.0703 5100 ================ Scan global ===============================
20:47:28.0765 5100 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
20:47:28.0875 5100 [ 5869828D4A83BA8F9519630C40044C87 ] C:\WINDOWS\system32\winsrv.dll
20:47:28.0890 5100 [ 5869828D4A83BA8F9519630C40044C87 ] C:\WINDOWS\system32\winsrv.dll
20:47:28.0937 5100 [ 4F9F7B567970B524F31D9970A23F7C24 ] C:\WINDOWS\system32\services.exe
20:47:28.0953 5100 [Global] - ok
20:47:28.0953 5100 ================ Scan MBR ==================================
20:47:28.0984 5100 [ 2EE71BF0EED0EA80EA06D295A1A50104 ] \Device\Harddisk0\DR0
20:47:29.0000 5100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
20:47:29.0000 5100 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
20:47:29.0000 5100 ================ Scan VBR ==================================
20:47:29.0015 5100 [ 547DBCB024D36DE448AAAA6124F86884 ] \Device\Harddisk0\DR0\Partition1
20:47:29.0031 5100 \Device\Harddisk0\DR0\Partition1 - ok
20:47:29.0062 5100 [ 4BB30DA74C6C98EB818B7C9E216C119C ] \Device\Harddisk0\DR0\Partition2
20:47:29.0062 5100 \Device\Harddisk0\DR0\Partition2 - ok
20:47:29.0062 5100 ============================================================
20:47:29.0062 5100 Scan finished
20:47:29.0062 5100 ============================================================
20:47:29.0093 4892 Detected object count: 2
20:47:29.0093 4892 Actual detected object count: 2

jsou tam dva, nevim ktery, vkladam oba

20:34:39.0015 2496 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:34:39.0796 2496 ============================================================
20:34:39.0796 2496 Current date / time: 2013/02/12 20:34:39.0796
20:34:39.0796 2496 SystemInfo:
20:34:39.0796 2496
20:34:39.0796 2496 OS Version: 5.1.2600 ServicePack: 2.0
20:34:39.0796 2496 Product type: Workstation
20:34:39.0796 2496 ComputerName: APOLLO-NOTE
20:34:39.0796 2496 UserName: pokus
20:34:39.0796 2496 Windows directory: C:\WINDOWS
20:34:39.0796 2496 System windows directory: C:\WINDOWS
20:34:39.0796 2496 Processor architecture: Intel x86
20:34:39.0796 2496 Number of processors: 1
20:34:39.0796 2496 Page size: 0x1000
20:34:39.0796 2496 Boot type: Normal boot
20:34:39.0796 2496 ============================================================
20:34:41.0921 2496 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
20:34:41.0921 2496 ============================================================
20:34:41.0921 2496 \Device\Harddisk0\DR0:
20:34:41.0921 2496 MBR partitions:
20:34:41.0921 2496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140635B, BlocksNum 0x4854531
20:34:41.0921 2496 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5C5A88C, BlocksNum 0x38B3C35
20:34:41.0921 2496 ============================================================
20:34:41.0968 2496 C: <-> \Device\Harddisk0\DR0\Partition1
20:34:42.0000 2496 D: <-> \Device\Harddisk0\DR0\Partition2
20:34:42.0078 2496 ============================================================
20:36:45.0484 1932 Deinitialize success