prosím o kontrolu logu: zavirováno Vyřešeno

[spake]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:04, on 20.3.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\michal\Data aplikací\Seznam.cz\szninstall.exe
C:\Documents and Settings\michal\Data aplikací\Seznam.cz\bin\chromeUpdatePref.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\michal\Data aplikací\Seznam.cz\bin\szndesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [HEXelon MAX] "C:\Program Files\HEXelon MAX 6\hexelon.exe" /auto
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\michal\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [Seznam.chromeUpdatePref] C:\Documents and Settings\michal\Data aplikací\Seznam.cz\bin\chromeUpdatePref.exe 13906
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\michal\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe

--
End of file - 7901 bytes

[Reklama]

[memphisto]

Odinstaluj Spyware Terminátora

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[spake]

zde log z malware:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.03.20.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
michal :: SPAKE [administrátor]

20.3.2013 11:34:39
mbam-log-2013-03-20 (11-34-39).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 240743
Uplynulý čas: 5 minut, 51 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

a zde adw:

# AdwCleaner v2.115 - Log vytvooen 20/03/2013 v 11:45:55
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : michal - SPAKE
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\michal\Plocha\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Documents and Settings\All Users\Data aplikací\Ask
Složka Nalezeno : C:\Documents and Settings\michal\Data aplikací\OpenCandy
Složka Nalezeno : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKU\S-1-5-21-606747145-1606980848-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Nalezeno : HKU\S-1-5-21-606747145-1606980848-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Nalezeno : HKU\S-1-5-21-606747145-1606980848-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Nalezeno : HKU\S-1-5-21-606747145-1606980848-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Opera v12.14.1738.0

Soubor : C:\Documents and Settings\michal\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [4148 octets] - [20/03/2013 11:45:55]

########## EOF - C:\AdwCleaner[R1].txt - [4208 octets] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[spake]

log adw:

# AdwCleaner v2.115 - Log vytvooen 21/03/2013 v 10:35:10
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : michal - SPAKE
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\michal\Plocha\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Documents and Settings\All Users\Data aplikací\Ask
Složka Vymazáno : C:\Documents and Settings\michal\Data aplikací\OpenCandy
Složka Vymazáno : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Vymazáno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Opera v12.14.1738.0

Soubor : C:\Documents and Settings\michal\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [4277 octets] - [20/03/2013 11:45:55]
AdwCleaner[R2].txt - [4337 octets] - [21/03/2013 10:34:40]
AdwCleaner[S1].txt - [3646 octets] - [21/03/2013 10:35:10]

########## EOF - C:\AdwCleaner[S1].txt - [3706 octets] ##########


log tdss:
10:42:12.0796 0244 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:42:12.0875 0244 ============================================================
10:42:12.0875 0244 Current date / time: 2013/03/21 10:42:12.0875
10:42:12.0875 0244 SystemInfo:
10:42:12.0875 0244
10:42:12.0875 0244 OS Version: 5.1.2600 ServicePack: 3.0
10:42:12.0875 0244 Product type: Workstation
10:42:12.0875 0244 ComputerName: SPAKE
10:42:12.0875 0244 UserName: michal
10:42:12.0875 0244 Windows directory: C:\windows
10:42:12.0875 0244 System windows directory: C:\windows
10:42:12.0875 0244 Processor architecture: Intel x86
10:42:12.0875 0244 Number of processors: 3
10:42:12.0875 0244 Page size: 0x1000
10:42:12.0875 0244 Boot type: Normal boot
10:42:12.0875 0244 ============================================================
10:42:15.0703 0244 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:42:15.0703 0244 Drive \Device\Harddisk1\DR2 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:42:15.0703 0244 ============================================================
10:42:15.0703 0244 \Device\Harddisk0\DR0:
10:42:15.0703 0244 MBR partitions:
10:42:15.0703 0244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
10:42:15.0703 0244 \Device\Harddisk1\DR2:
10:42:15.0703 0244 MBR partitions:
10:42:15.0703 0244 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0x4A856E81
10:42:15.0703 0244 ============================================================
10:42:15.0734 0244 C: <-> \Device\Harddisk0\DR0\Partition1
10:42:15.0750 0244 I: <-> \Device\Harddisk1\DR2\Partition1
10:42:15.0750 0244 ============================================================
10:42:15.0750 0244 Initialize success
10:42:15.0750 0244 ============================================================
10:42:21.0671 1796 ============================================================
10:42:21.0671 1796 Scan started
10:42:21.0671 1796 Mode: Manual;
10:42:21.0671 1796 ============================================================
10:42:23.0171 1796 ================ Scan system memory ========================
10:42:23.0171 1796 System memory - ok
10:42:23.0171 1796 ================ Scan services =============================
10:42:23.0265 1796 Abiosdsk - ok
10:42:23.0265 1796 abp480n5 - ok
10:42:23.0296 1796 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
10:42:23.0296 1796 ACPI - ok
10:42:23.0312 1796 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
10:42:23.0328 1796 ACPIEC - ok
10:42:23.0375 1796 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:23.0390 1796 AdobeFlashPlayerUpdateSvc - ok
10:42:23.0390 1796 adpu160m - ok
10:42:23.0390 1796 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
10:42:23.0406 1796 aec - ok
10:42:23.0437 1796 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
10:42:23.0437 1796 AFD - ok
10:42:23.0437 1796 Aha154x - ok
10:42:23.0453 1796 aic78u2 - ok
10:42:23.0453 1796 aic78xx - ok
10:42:23.0484 1796 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\windows\system32\alrsvc.dll
10:42:23.0484 1796 Alerter - ok
10:42:23.0484 1796 [ 88842DE939A827577BF24243699AC80A ] ALG C:\windows\System32\alg.exe
10:42:23.0484 1796 ALG - ok
10:42:23.0484 1796 AliIde - ok
10:42:23.0515 1796 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\windows\system32\DRIVERS\amdide.sys
10:42:23.0515 1796 amdide - ok
10:42:23.0546 1796 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\windows\system32\DRIVERS\AmdPPM.sys
10:42:23.0546 1796 AmdPPM - ok
10:42:23.0546 1796 amsint - ok
10:42:23.0578 1796 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\windows\system32\Drivers\ssadadb.sys
10:42:23.0578 1796 androidusb - ok
10:42:23.0578 1796 AppMgmt - ok
10:42:23.0609 1796 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\windows\system32\DRIVERS\arp1394.sys
10:42:23.0625 1796 Arp1394 - ok
10:42:23.0625 1796 asc - ok
10:42:23.0625 1796 asc3350p - ok
10:42:23.0625 1796 asc3550 - ok
10:42:23.0656 1796 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:42:23.0671 1796 aspnet_state - ok
10:42:23.0671 1796 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:42:23.0687 1796 AsyncMac - ok
10:42:23.0703 1796 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
10:42:23.0703 1796 atapi - ok
10:42:23.0703 1796 Atdisk - ok
10:42:23.0718 1796 [ 96C29C702A9CCD372BA097F3F8B5AC80 ] Ati HotKey Poller C:\windows\system32\Ati2evxx.exe
10:42:23.0734 1796 Ati HotKey Poller - ok
10:42:23.0750 1796 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
10:42:23.0750 1796 ATI Smart - ok
10:42:23.0843 1796 [ C4828A671467C6FB43F2E6D54B5950EE ] ati2mtag C:\windows\system32\DRIVERS\ati2mtag.sys
10:42:23.0875 1796 ati2mtag - ok
10:42:23.0890 1796 [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
10:42:23.0890 1796 AtiHdmiService - ok
10:42:23.0921 1796 [ 72BC628AF75C4C3250F2A3BAC260265A ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
10:42:23.0937 1796 atksgt - ok
10:42:23.0937 1796 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
10:42:23.0953 1796 Atmarpc - ok
10:42:23.0968 1796 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\windows\System32\audiosrv.dll
10:42:23.0968 1796 AudioSrv - ok
10:42:23.0984 1796 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
10:42:24.0000 1796 audstub - ok
10:42:24.0015 1796 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
10:42:24.0031 1796 Beep - ok
10:42:24.0046 1796 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\windows\system32\qmgr.dll
10:42:24.0109 1796 BITS - ok
10:42:24.0171 1796 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:42:24.0171 1796 Bonjour Service - ok
10:42:24.0187 1796 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\windows\System32\browser.dll
10:42:24.0187 1796 Browser - ok
10:42:24.0203 1796 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
10:42:24.0203 1796 BthEnum - ok
10:42:24.0218 1796 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
10:42:24.0234 1796 BTHMODEM - ok
10:42:24.0234 1796 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
10:42:24.0250 1796 BthPan - ok
10:42:24.0281 1796 [ F338662A6C1FC11DD9508F6DFF2C06A2 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
10:42:24.0281 1796 BTHPORT - ok
10:42:24.0296 1796 [ 70CA4B3F634C9DCA200832F8DA76E009 ] BthServ C:\windows\System32\bthserv.dll
10:42:24.0296 1796 BthServ - ok
10:42:24.0312 1796 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
10:42:24.0328 1796 BTHUSB - ok
10:42:24.0343 1796 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
10:42:24.0359 1796 cbidf2k - ok
10:42:24.0359 1796 cd20xrnt - ok
10:42:24.0375 1796 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
10:42:24.0390 1796 Cdaudio - ok
10:42:24.0421 1796 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
10:42:24.0437 1796 Cdfs - ok
10:42:24.0437 1796 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
10:42:24.0453 1796 Cdrom - ok
10:42:24.0453 1796 Changer - ok
10:42:24.0500 1796 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\windows\system32\cisvc.exe
10:42:24.0500 1796 CiSvc - ok
10:42:24.0515 1796 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\windows\system32\clipsrv.exe
10:42:24.0515 1796 ClipSrv - ok
10:42:24.0546 1796 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:24.0578 1796 clr_optimization_v2.0.50727_32 - ok
10:42:24.0593 1796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:24.0609 1796 clr_optimization_v4.0.30319_32 - ok
10:42:24.0609 1796 CmdIde - ok
10:42:24.0609 1796 COMSysApp - ok
10:42:24.0625 1796 Cpqarray - ok
10:42:24.0640 1796 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\windows\System32\cryptsvc.dll
10:42:24.0640 1796 CryptSvc - ok
10:42:24.0640 1796 dac2w2k - ok
10:42:24.0640 1796 dac960nt - ok
10:42:24.0656 1796 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\windows\system32\rpcss.dll
10:42:24.0671 1796 DcomLaunch - ok
10:42:24.0671 1796 [ 8D949255EDC6F4AA87730B8472106591 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
10:42:24.0687 1796 dg_ssudbus - ok
10:42:24.0703 1796 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\windows\System32\dhcpcsvc.dll
10:42:24.0703 1796 Dhcp - ok
10:42:24.0734 1796 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
10:42:24.0734 1796 Disk - ok
10:42:24.0750 1796 dmadmin - ok
10:42:24.0781 1796 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\windows\system32\drivers\dmboot.sys
10:42:24.0812 1796 dmboot - ok
10:42:24.0812 1796 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\windows\system32\drivers\dmio.sys
10:42:24.0828 1796 dmio - ok
10:42:24.0859 1796 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
10:42:24.0875 1796 dmload - ok
10:42:24.0875 1796 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\windows\System32\dmserver.dll
10:42:24.0875 1796 dmserver - ok
10:42:24.0921 1796 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
10:42:24.0921 1796 DMusic - ok
10:42:24.0937 1796 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:42:24.0937 1796 Dnscache - ok
10:42:24.0953 1796 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\windows\System32\dot3svc.dll
10:42:24.0953 1796 Dot3svc - ok
10:42:24.0953 1796 dpti2o - ok
10:42:24.0953 1796 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:42:24.0968 1796 drmkaud - ok
10:42:25.0000 1796 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
10:42:25.0000 1796 dtsoftbus01 - ok
10:42:25.0015 1796 [ E31464CE787E3A0FFEA55BAA591897F0 ] eamon C:\windows\system32\DRIVERS\eamon.sys
10:42:25.0015 1796 eamon - ok
10:42:25.0015 1796 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\windows\System32\eapsvc.dll
10:42:25.0031 1796 EapHost - ok
10:42:25.0046 1796 [ 2C95A7A87E4272C1FFF9BAF579677DB3 ] ehdrv C:\windows\system32\DRIVERS\ehdrv.sys
10:42:25.0062 1796 ehdrv - ok
10:42:25.0093 1796 [ 5E245B6C66122614000ADDFCD41CEDCE ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
10:42:25.0093 1796 EhttpSrv - ok
10:42:25.0109 1796 [ A5F63285C1B6C4B396D9ACE0DFFC88EF ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
10:42:25.0125 1796 ekrn - ok
10:42:25.0140 1796 [ 4699A50183B792D994BE657C68F18E9E ] epfwtdir C:\windows\system32\DRIVERS\epfwtdir.sys
10:42:25.0171 1796 epfwtdir - ok
10:42:25.0203 1796 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\windows\System32\ersvc.dll
10:42:25.0203 1796 ERSvc - ok
10:42:25.0218 1796 [ 4A3A136762F8B2190FDAE03703C94DF5 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
10:42:25.0218 1796 ES lite Service - ok
10:42:25.0234 1796 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\windows\system32\services.exe
10:42:25.0234 1796 Eventlog - ok
10:42:25.0265 1796 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
10:42:25.0265 1796 EventSystem - ok
10:42:25.0281 1796 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
10:42:25.0296 1796 Fastfat - ok
10:42:25.0312 1796 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
10:42:25.0328 1796 FastUserSwitchingCompatibility - ok
10:42:25.0343 1796 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
10:42:25.0359 1796 Fdc - ok
10:42:25.0359 1796 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\windows\system32\drivers\Fips.sys
10:42:25.0375 1796 Fips - ok
10:42:25.0406 1796 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:42:25.0421 1796 FLEXnet Licensing Service - ok
10:42:25.0421 1796 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
10:42:25.0437 1796 Flpydisk - ok
10:42:25.0437 1796 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:42:25.0453 1796 FltMgr - ok
10:42:25.0500 1796 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:42:25.0500 1796 FontCache3.0.0.0 - ok
10:42:25.0500 1796 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
10:42:25.0515 1796 FsUsbExDisk - ok
10:42:25.0531 1796 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:42:25.0546 1796 Fs_Rec - ok
10:42:25.0562 1796 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
10:42:25.0578 1796 Ftdisk - ok
10:42:25.0593 1796 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
10:42:26.0734 1796 gdrv - ok
10:42:26.0765 1796 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
10:42:26.0781 1796 Gpc - ok
10:42:26.0781 1796 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
10:42:26.0796 1796 HDAudBus - ok
10:42:26.0843 1796 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:42:26.0843 1796 helpsvc - ok
10:42:26.0859 1796 [ 0D349DC78C6EE16E655557E325A67D9C ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
10:42:26.0875 1796 HidBth - ok
10:42:26.0906 1796 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\windows\System32\hidserv.dll
10:42:26.0906 1796 HidServ - ok
10:42:26.0937 1796 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
10:42:26.0953 1796 HidUsb - ok
10:42:26.0953 1796 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\windows\System32\kmsvc.dll
10:42:26.0968 1796 hkmsvc - ok
10:42:26.0968 1796 hpn - ok
10:42:26.0984 1796 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\windows\system32\DRIVERS\HPZid412.sys
10:42:26.0984 1796 HPZid412 - ok
10:42:27.0000 1796 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\windows\system32\DRIVERS\HPZipr12.sys
10:42:27.0000 1796 HPZipr12 - ok
10:42:27.0015 1796 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\windows\system32\DRIVERS\HPZius12.sys
10:42:27.0015 1796 HPZius12 - ok
10:42:27.0046 1796 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
10:42:27.0046 1796 HTTP - ok
10:42:27.0078 1796 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\windows\System32\w3ssl.dll
10:42:27.0078 1796 HTTPFilter - ok
10:42:27.0078 1796 i2omgmt - ok
10:42:27.0078 1796 i2omp - ok
10:42:27.0093 1796 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
10:42:27.0109 1796 i8042prt - ok
10:42:27.0140 1796 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:42:27.0140 1796 IDriverT - ok
10:42:27.0171 1796 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:42:27.0187 1796 idsvc - ok
10:42:27.0187 1796 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
10:42:27.0203 1796 Imapi - ok
10:42:27.0234 1796 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\windows\system32\imapi.exe
10:42:27.0234 1796 ImapiService - ok
10:42:27.0234 1796 ini910u - ok
10:42:27.0328 1796 [ 927CF2BE4E57FF55E23759AC0CA57AA3 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
10:42:27.0359 1796 IntcAzAudAddService - ok
10:42:27.0359 1796 IntelIde - ok
10:42:27.0390 1796 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
10:42:27.0406 1796 Ip6Fw - ok
10:42:27.0437 1796 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:42:27.0453 1796 IpFilterDriver - ok
10:42:27.0453 1796 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
10:42:27.0468 1796 IpInIp - ok
10:42:27.0468 1796 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
10:42:27.0468 1796 IpNat - ok
10:42:27.0484 1796 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
10:42:27.0500 1796 IPSec - ok
10:42:27.0515 1796 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
10:42:27.0531 1796 IRENUM - ok
10:42:27.0546 1796 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
10:42:27.0562 1796 isapnp - ok
10:42:27.0593 1796 [ DE96BBF842059A67D876B692076D8875 ] ivusb C:\windows\system32\DRIVERS\ivusb.sys
10:42:27.0609 1796 ivusb - ok
10:42:27.0656 1796 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:42:27.0656 1796 JavaQuickStarterService - ok
10:42:27.0656 1796 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
10:42:27.0671 1796 Kbdclass - ok
10:42:27.0687 1796 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
10:42:27.0703 1796 kbdhid - ok
10:42:27.0718 1796 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
10:42:27.0718 1796 kmixer - ok
10:42:27.0734 1796 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
10:42:27.0734 1796 KSecDD - ok
10:42:27.0750 1796 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\windows\System32\srvsvc.dll
10:42:27.0750 1796 lanmanserver - ok
10:42:27.0781 1796 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\windows\System32\wkssvc.dll
10:42:27.0781 1796 lanmanworkstation - ok
10:42:27.0781 1796 lbrtfdc - ok
10:42:27.0796 1796 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
10:42:27.0812 1796 lirsgt - ok
10:42:27.0843 1796 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\windows\System32\lmhsvc.dll
10:42:27.0843 1796 LmHosts - ok
10:42:27.0890 1796 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
10:42:27.0890 1796 LMIGuardianSvc - ok
10:42:27.0906 1796 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
10:42:27.0921 1796 LMIInfo - ok
10:42:27.0921 1796 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
10:42:27.0921 1796 LMIMaint - ok
10:42:27.0953 1796 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\windows\system32\DRIVERS\lmimirr.sys
10:42:27.0968 1796 lmimirr - ok
10:42:27.0968 1796 LMIRfsClientNP - ok
10:42:27.0968 1796 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\windows\system32\drivers\LMIRfsDriver.sys
10:42:27.0968 1796 LMIRfsDriver - ok
10:42:28.0031 1796 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
10:42:28.0031 1796 LogMeIn - ok
10:42:28.0062 1796 [ F90BDE6E9C7B6015EDF1DC99A97B00C9 ] LycoFltr C:\windows\system32\Drivers\Lycosa.sys
10:42:28.0062 1796 LycoFltr - ok
10:42:28.0093 1796 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
10:42:28.0093 1796 MBAMProtector - ok
10:42:28.0125 1796 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:42:28.0125 1796 MBAMScheduler - ok
10:42:28.0156 1796 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:42:28.0156 1796 MBAMService - ok
10:42:28.0171 1796 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\windows\System32\msgsvc.dll
10:42:28.0171 1796 Messenger - ok
10:42:28.0187 1796 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
10:42:28.0203 1796 mnmdd - ok
10:42:28.0218 1796 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:42:28.0218 1796 mnmsrvc - ok
10:42:28.0218 1796 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\windows\system32\drivers\Modem.sys
10:42:28.0234 1796 Modem - ok
10:42:28.0250 1796 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
10:42:28.0265 1796 Mouclass - ok
10:42:28.0265 1796 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
10:42:28.0281 1796 mouhid - ok
10:42:28.0281 1796 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
10:42:28.0296 1796 MountMgr - ok
10:42:28.0312 1796 mraid35x - ok
10:42:28.0312 1796 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
10:42:28.0343 1796 MRxDAV - ok
10:42:28.0359 1796 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:42:28.0359 1796 MRxSmb - ok
10:42:28.0375 1796 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:42:28.0390 1796 MSDTC - ok
10:42:28.0390 1796 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
10:42:28.0406 1796 Msfs - ok
10:42:28.0406 1796 MSIServer - ok
10:42:28.0406 1796 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:42:28.0421 1796 MSKSSRV - ok
10:42:28.0421 1796 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:42:28.0437 1796 MSPCLOCK - ok
10:42:28.0437 1796 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:42:28.0453 1796 MSPQM - ok
10:42:28.0468 1796 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
10:42:28.0468 1796 mssmbios - ok
10:42:28.0484 1796 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
10:42:28.0484 1796 Mup - ok
10:42:28.0515 1796 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\windows\System32\qagentrt.dll
10:42:28.0515 1796 napagent - ok
10:42:28.0515 1796 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
10:42:28.0515 1796 NDIS - ok
10:42:28.0531 1796 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:42:28.0531 1796 NdisTapi - ok
10:42:28.0562 1796 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:42:28.0578 1796 Ndisuio - ok
10:42:28.0578 1796 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:42:28.0593 1796 NdisWan - ok
10:42:28.0609 1796 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:42:28.0609 1796 NDProxy - ok
10:42:28.0656 1796 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:42:28.0656 1796 Nero BackItUp Scheduler 4.0 - ok
10:42:28.0671 1796 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:42:28.0671 1796 NetBIOS - ok
10:42:28.0687 1796 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:42:28.0703 1796 NetBT - ok
10:42:28.0703 1796 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\windows\system32\netdde.exe
10:42:28.0703 1796 NetDDE - ok
10:42:28.0703 1796 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\windows\system32\netdde.exe
10:42:28.0703 1796 NetDDEdsdm - ok
10:42:28.0718 1796 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\windows\system32\lsass.exe
10:42:28.0718 1796 Netlogon - ok
10:42:28.0734 1796 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\windows\System32\netman.dll
10:42:28.0734 1796 Netman - ok
10:42:28.0765 1796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:28.0765 1796 NetTcpPortSharing - ok
10:42:28.0781 1796 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\windows\system32\DRIVERS\nic1394.sys
10:42:28.0781 1796 NIC1394 - ok
10:42:28.0796 1796 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\windows\System32\mswsock.dll
10:42:28.0796 1796 Nla - ok
10:42:28.0828 1796 [ 431ADA51E9D032F533548688CE5A2A24 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
10:42:28.0828 1796 nosGetPlusHelper - ok
10:42:28.0828 1796 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
10:42:28.0843 1796 Npfs - ok
10:42:28.0875 1796 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:42:28.0890 1796 Ntfs - ok
10:42:28.0890 1796 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\windows\system32\lsass.exe
10:42:28.0890 1796 NtLmSsp - ok
10:42:28.0906 1796 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
10:42:28.0906 1796 NtmsSvc - ok
10:42:28.0921 1796 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
10:42:28.0921 1796 Null - ok
10:42:28.0937 1796 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
10:42:28.0953 1796 NwlnkFlt - ok
10:42:28.0953 1796 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
10:42:28.0968 1796 NwlnkFwd - ok
10:42:28.0984 1796 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
10:42:28.0984 1796 ohci1394 - ok
10:42:29.0015 1796 [ 01907300EB52206B06FACB9608F369A9 ] PanService C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
10:42:29.0015 1796 PanService - ok
10:42:29.0046 1796 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\windows\system32\drivers\Parport.sys
10:42:29.0062 1796 Parport - ok
10:42:29.0062 1796 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
10:42:29.0078 1796 PartMgr - ok
10:42:29.0093 1796 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\windows\system32\drivers\ParVdm.sys
10:42:29.0109 1796 ParVdm - ok
10:42:29.0140 1796 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys
10:42:29.0140 1796 pccsmcfd - ok
10:42:29.0140 1796 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\windows\system32\DRIVERS\pci.sys
10:42:29.0156 1796 PCI - ok
10:42:29.0156 1796 PCIDump - ok
10:42:29.0156 1796 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\windows\system32\DRIVERS\pciide.sys
10:42:29.0171 1796 PCIIde - ok
10:42:29.0171 1796 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
10:42:29.0203 1796 Pcmcia - ok
10:42:29.0250 1796 [ 02AAAFB7BA137CE5DDABCDF8090954D9 ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
10:42:29.0265 1796 pcouffin - ok
10:42:29.0265 1796 PDCOMP - ok
10:42:29.0265 1796 PDFRAME - ok
10:42:29.0281 1796 PDRELI - ok
10:42:29.0281 1796 PDRFRAME - ok
10:42:29.0281 1796 perc2 - ok
10:42:29.0281 1796 perc2hib - ok
10:42:29.0296 1796 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\windows\system32\services.exe
10:42:29.0296 1796 PlugPlay - ok
10:42:29.0328 1796 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
10:42:29.0328 1796 Pml Driver HPZ12 - ok
10:42:29.0343 1796 [ 1713D9DE407313138118D501B0E3C05B ] PnkBstrA C:\windows\system32\PnkBstrA.exe
10:42:29.0343 1796 PnkBstrA - ok
10:42:29.0359 1796 [ 3B6973D60BDE757C53BB76842D31318E ] Point32 C:\windows\system32\DRIVERS\point32.sys
10:42:29.0375 1796 Point32 - ok
10:42:29.0375 1796 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\windows\system32\lsass.exe
10:42:29.0375 1796 PolicyAgent - ok
10:42:29.0390 1796 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
10:42:29.0406 1796 PptpMiniport - ok
10:42:29.0406 1796 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\windows\system32\DRIVERS\processr.sys
10:42:29.0421 1796 Processor - ok
10:42:29.0421 1796 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\windows\system32\lsass.exe
10:42:29.0421 1796 ProtectedStorage - ok
10:42:29.0421 1796 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
10:42:29.0453 1796 PSched - ok
10:42:29.0453 1796 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
10:42:29.0468 1796 Ptilink - ok
10:42:29.0500 1796 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
10:42:29.0515 1796 PxHelp20 - ok
10:42:29.0515 1796 ql1080 - ok
10:42:29.0515 1796 Ql10wnt - ok
10:42:29.0515 1796 ql12160 - ok
10:42:29.0515 1796 ql1240 - ok
10:42:29.0515 1796 ql1280 - ok
10:42:29.0531 1796 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:42:29.0546 1796 RasAcd - ok
10:42:29.0578 1796 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\windows\System32\rasauto.dll
10:42:29.0593 1796 RasAuto - ok
10:42:29.0609 1796 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
10:42:29.0625 1796 Rasl2tp - ok
10:42:29.0656 1796 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\windows\System32\rasmans.dll
10:42:29.0656 1796 RasMan - ok
10:42:29.0656 1796 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:42:29.0671 1796 RasPppoe - ok
10:42:29.0671 1796 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
10:42:29.0687 1796 Raspti - ok
10:42:29.0703 1796 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:42:29.0750 1796 Rdbss - ok
10:42:29.0765 1796 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
10:42:29.0765 1796 RDPCDD - ok
10:42:29.0781 1796 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
10:42:29.0781 1796 RDPWD - ok
10:42:29.0812 1796 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:42:29.0812 1796 RDSessMgr - ok
10:42:29.0843 1796 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
10:42:29.0859 1796 redbook - ok
10:42:29.0875 1796 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\windows\System32\mprdim.dll
10:42:29.0875 1796 RemoteAccess - ok
10:42:29.0890 1796 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
10:42:29.0906 1796 RFCOMM - ok
10:42:29.0906 1796 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\windows\system32\locator.exe
10:42:29.0906 1796 RpcLocator - ok
10:42:29.0921 1796 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\windows\System32\rpcss.dll
10:42:29.0921 1796 RpcSs - ok
10:42:29.0937 1796 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\windows\system32\rsvp.exe
10:42:29.0937 1796 RSVP - ok
10:42:30.0031 1796 [ EE76248CA187BB50FF964A287D420FEE ] RTHDMIAzAudService C:\windows\system32\drivers\RtHDMI.sys
10:42:30.0093 1796 RTHDMIAzAudService - ok
10:42:30.0125 1796 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\windows\system32\DRIVERS\Rtenicxp.sys
10:42:30.0140 1796 RTLE8023xp - ok
10:42:30.0156 1796 [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus C:\windows\system32\DRIVERS\s1018bus.sys
10:42:30.0171 1796 s1018bus - ok
10:42:30.0171 1796 [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl C:\windows\system32\DRIVERS\s1018mdfl.sys
10:42:30.0187 1796 s1018mdfl - ok
10:42:30.0203 1796 [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm C:\windows\system32\DRIVERS\s1018mdm.sys
10:42:30.0218 1796 s1018mdm - ok
10:42:30.0234 1796 [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt C:\windows\system32\DRIVERS\s1018mgmt.sys
10:42:30.0234 1796 s1018mgmt - ok
10:42:30.0250 1796 [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5 C:\windows\system32\DRIVERS\s1018nd5.sys
10:42:30.0265 1796 s1018nd5 - ok
10:42:30.0281 1796 [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex C:\windows\system32\DRIVERS\s1018obex.sys
10:42:30.0296 1796 s1018obex - ok
10:42:30.0312 1796 [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic C:\windows\system32\DRIVERS\s1018unic.sys
10:42:30.0328 1796 s1018unic - ok
10:42:30.0343 1796 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\windows\system32\lsass.exe
10:42:30.0343 1796 SamSs - ok
10:42:30.0359 1796 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\windows\System32\SCardSvr.exe
10:42:30.0359 1796 SCardSvr - ok
10:42:30.0375 1796 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\windows\system32\schedsvc.dll
10:42:30.0375 1796 Schedule - ok
10:42:30.0406 1796 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
10:42:30.0421 1796 Secdrv - ok
10:42:30.0437 1796 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\windows\System32\seclogon.dll
10:42:30.0453 1796 seclogon - ok
10:42:30.0484 1796 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\windows\system32\sens.dll
10:42:30.0484 1796 SENS - ok
10:42:30.0484 1796 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
10:42:30.0500 1796 serenum - ok
10:42:30.0500 1796 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\windows\system32\DRIVERS\serial.sys
10:42:30.0515 1796 Serial - ok
10:42:30.0578 1796 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
10:42:30.0593 1796 ServiceLayer - ok
10:42:30.0609 1796 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
10:42:30.0625 1796 Sfloppy - ok
10:42:30.0656 1796 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\windows\System32\ipnathlp.dll
10:42:30.0656 1796 SharedAccess - ok
10:42:30.0671 1796 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:42:30.0671 1796 ShellHWDetection - ok
10:42:30.0671 1796 Simbad - ok
10:42:30.0687 1796 Sparrow - ok
10:42:30.0687 1796 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
10:42:30.0703 1796 splitter - ok
10:42:30.0734 1796 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
10:42:30.0734 1796 Spooler - ok
10:42:30.0765 1796 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\system32\Drivers\sptd.sys
10:42:30.0765 1796 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
10:42:30.0765 1796 sptd ( LockedFile.Multi.Generic ) - warning
10:42:30.0765 1796 sptd - detected LockedFile.Multi.Generic (1)
10:42:30.0781 1796 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\windows\system32\DRIVERS\sr.sys
10:42:30.0796 1796 sr - ok
10:42:30.0812 1796 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\windows\system32\srsvc.dll
10:42:30.0812 1796 srservice - ok
10:42:30.0843 1796 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
10:42:30.0843 1796 Srv - ok
10:42:30.0875 1796 [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
10:42:30.0875 1796 ssadbus - ok
10:42:30.0875 1796 [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
10:42:30.0890 1796 ssadmdfl - ok
10:42:30.0906 1796 [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
10:42:30.0921 1796 ssadmdm - ok
10:42:30.0937 1796 [ 1CAC71D756CE00AE0681F9028DDE874B ] ssadserd C:\windows\system32\DRIVERS\ssadserd.sys
10:42:30.0953 1796 ssadserd - ok
10:42:30.0984 1796 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:42:30.0984 1796 SSDPSRV - ok
10:42:31.0015 1796 [ 15376507E439F73610F83947F1727E84 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
10:42:31.0031 1796 ssudmdm - ok
10:42:31.0062 1796 [ 9C9B40829A1BAC6521BE35F3D5482221 ] ssudserd C:\windows\system32\DRIVERS\ssudserd.sys
10:42:31.0078 1796 ssudserd - ok
10:42:31.0109 1796 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\windows\system32\DRIVERS\ss_bbus.sys
10:42:31.0125 1796 ss_bbus - ok
10:42:31.0140 1796 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\windows\system32\DRIVERS\ss_bmdfl.sys
10:42:31.0156 1796 ss_bmdfl - ok
10:42:31.0156 1796 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\windows\system32\DRIVERS\ss_bmdm.sys
10:42:31.0171 1796 ss_bmdm - ok
10:42:31.0203 1796 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\windows\system32\wiaservc.dll
10:42:31.0203 1796 stisvc - ok
10:42:31.0218 1796 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
10:42:31.0234 1796 swenum - ok
10:42:31.0234 1796 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
10:42:31.0265 1796 swmidi - ok
10:42:31.0265 1796 SwPrv - ok
10:42:31.0265 1796 symc810 - ok
10:42:31.0265 1796 symc8xx - ok
10:42:31.0281 1796 sym_hi - ok
10:42:31.0281 1796 sym_u3 - ok
10:42:31.0281 1796 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
10:42:31.0281 1796 sysaudio - ok
10:42:31.0296 1796 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\windows\system32\smlogsvc.exe
10:42:31.0296 1796 SysmonLog - ok
10:42:31.0343 1796 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\windows\System32\tapisrv.dll
10:42:31.0343 1796 TapiSrv - ok
10:42:31.0359 1796 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
10:42:31.0375 1796 Tcpip - ok
10:42:31.0375 1796 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
10:42:31.0390 1796 TDPIPE - ok
10:42:31.0390 1796 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
10:42:31.0406 1796 TDTCP - ok
10:42:31.0406 1796 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
10:42:31.0453 1796 TermDD - ok
10:42:31.0484 1796 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\windows\System32\termsrv.dll
10:42:31.0484 1796 TermService - ok
10:42:31.0500 1796 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\windows\System32\shsvcs.dll
10:42:31.0500 1796 Themes - ok
10:42:31.0500 1796 TosIde - ok
10:42:31.0531 1796 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\windows\system32\trkwks.dll
10:42:31.0531 1796 TrkWks - ok
10:42:31.0531 1796 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
10:42:31.0546 1796 Udfs - ok
10:42:31.0546 1796 ultra - ok
10:42:31.0562 1796 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
10:42:31.0593 1796 Update - ok
10:42:31.0609 1796 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\windows\System32\upnphost.dll
10:42:31.0609 1796 upnphost - ok
10:42:31.0609 1796 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\windows\System32\ups.exe
10:42:31.0625 1796 UPS - ok
10:42:31.0640 1796 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
10:42:31.0656 1796 usbccgp - ok
10:42:31.0671 1796 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
10:42:31.0687 1796 usbehci - ok
10:42:31.0687 1796 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
10:42:31.0703 1796 usbhub - ok
10:42:31.0718 1796 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
10:42:31.0734 1796 usbohci - ok
10:42:31.0734 1796 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
10:42:31.0750 1796 usbprint - ok
10:42:31.0781 1796 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
10:42:31.0796 1796 usbscan - ok
10:42:31.0812 1796 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
10:42:31.0828 1796 USBSTOR - ok
10:42:31.0843 1796 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
10:42:31.0843 1796 VgaSave - ok
10:42:31.0859 1796 ViaIde - ok
10:42:31.0859 1796 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
10:42:31.0890 1796 VolSnap - ok
10:42:31.0906 1796 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\windows\System32\vssvc.exe
10:42:31.0921 1796 VSS - ok
10:42:31.0937 1796 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\windows\system32\w32time.dll
10:42:31.0937 1796 W32Time - ok
10:42:31.0937 1796 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
10:42:31.0953 1796 Wanarp - ok
10:42:31.0984 1796 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\windows\system32\DRIVERS\Wdf01000.sys
10:42:32.0015 1796 Wdf01000 - ok
10:42:32.0015 1796 WDICA - ok
10:42:32.0031 1796 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
10:42:32.0046 1796 wdmaud - ok
10:42:32.0046 1796 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\windows\System32\webclnt.dll
10:42:32.0062 1796 WebClient - ok
10:42:32.0093 1796 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:42:32.0093 1796 winmgmt - ok
10:42:32.0093 1796 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:42:32.0109 1796 WmdmPmSN - ok
10:42:32.0109 1796 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
10:42:32.0109 1796 WmiAcpi - ok
10:42:32.0125 1796 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:42:32.0125 1796 WmiApSrv - ok
10:42:32.0171 1796 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:42:32.0187 1796 WMPNetworkSvc - ok
10:42:32.0234 1796 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:42:32.0250 1796 WPFFontCache_v0400 - ok
10:42:32.0265 1796 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
10:42:32.0281 1796 WS2IFSL - ok
10:42:32.0296 1796 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\windows\system32\wscsvc.dll
10:42:32.0312 1796 wscsvc - ok
10:42:32.0328 1796 [ C1364564800EE9784192145324A23308 ] wuauserv C:\windows\system32\wuauserv.dll
10:42:32.0359 1796 wuauserv - ok
10:42:32.0390 1796 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\windows\System32\wzcsvc.dll
10:42:32.0390 1796 WZCSVC - ok
10:42:32.0421 1796 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\windows\System32\xmlprov.dll
10:42:32.0468 1796 xmlprov - ok
10:42:32.0468 1796 ================ Scan global ===============================
10:42:32.0500 1796 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\windows\system32\basesrv.dll
10:42:32.0531 1796 [ F3FA14A297BC687D0B51289D034033C9 ] C:\windows\system32\winsrv.dll
10:42:32.0546 1796 [ F3FA14A297BC687D0B51289D034033C9 ] C:\windows\system32\winsrv.dll
10:42:32.0562 1796 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\windows\system32\services.exe
10:42:32.0562 1796 [Global] - ok
10:42:32.0562 1796 ================ Scan MBR ==================================
10:42:32.0578 1796 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:42:32.0718 1796 \Device\Harddisk0\DR0 - ok
10:42:32.0718 1796 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR2
10:42:38.0671 1796 \Device\Harddisk1\DR2 - ok
10:42:38.0671 1796 ================ Scan VBR ==================================
10:42:39.0031 1796 [ 807DFCB168268F613FA66DAC04DD5CEA ] \Device\Harddisk0\DR0\Partition1
10:42:39.0046 1796 \Device\Harddisk0\DR0\Partition1 - ok
10:42:39.0062 1796 [ 3E1EAFDB8E743E645E2AC3BC68B8CB7E ] \Device\Harddisk1\DR2\Partition1
10:42:39.0062 1796 \Device\Harddisk1\DR2\Partition1 - ok
10:42:39.0062 1796 ============================================================
10:42:39.0062 1796 Scan finished
10:42:39.0062 1796 ============================================================
10:42:39.0062 1976 Detected object count: 1
10:42:39.0062 1976 Actual detected object count: 1

[spake]

a zde log combofix:


ComboFix 13-03-20.02 - michal 21.03.2013 10:53:52.3.3 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2486 [GMT 1:00]
Spuštěný z: c:\documents and settings\michal\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\michal\LOCALS~1\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\documents and settings\michal\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-21 do 2013-03-21 )))))))))))))))))))))))))))))))
.
.
2013-03-20 10:33 . 2013-03-20 10:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-20 10:33 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 17:29 . 2013-03-19 17:29 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-15 18:19 . 2013-03-15 18:19 -------- d-----w- c:\program files\SQUARE ENIX
2013-03-15 17:21 . 2013-03-15 17:21 0 ----a-w- c:\windows\DXT2502.tmp
2013-03-15 17:21 . 2013-03-15 17:21 0 ----a-w- c:\windows\DXT2501.tmp
2013-03-15 17:08 . 2013-03-15 17:32 21840 ----atw- c:\windows\system32\SIntfNT.dll
2013-03-15 17:08 . 2013-03-15 17:32 17212 ----atw- c:\windows\system32\SIntf32.dll
2013-03-15 17:08 . 2013-03-15 17:32 12067 ----atw- c:\windows\system32\SIntf16.dll
2013-03-15 16:57 . 2013-03-15 17:34 -------- d-----w- c:\program files\Diablo II
2013-03-14 17:05 . 2013-03-14 17:05 -------- d-----w- c:\documents and settings\michal\Data aplikací\tabagames
2013-03-14 17:04 . 2013-03-14 17:04 -------- d-----w- c:\program files\Seznam.cz
2013-03-14 17:03 . 2013-03-21 09:50 -------- d-----w- c:\documents and settings\michal\Data aplikací\Seznam.cz
2013-03-13 20:21 . 2013-03-13 20:21 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 10:02 . 2009-06-13 16:46 16608 ----a-w- c:\windows\gdrv.sys
2013-03-13 20:22 . 2012-04-03 10:43 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 20:22 . 2011-09-27 06:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-05 20:15 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-18 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2004-08-18 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2004-08-18 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-18 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-18 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-30 17:18 . 2012-12-30 17:17 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-12-30 17:18 . 2012-12-30 17:17 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-12-30 17:18 . 2012-12-30 17:17 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-12-30 17:18 . 2012-12-30 17:17 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\EXPERTool ATI\TBPanel.exe" [2008-09-05 2300456]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"cz.seznam.software.autoupdate"="c:\documents and settings\michal\Data aplikací\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"Seznam.chromeUpdatePref"="c:\documents and settings\michal\Data aplikací\Seznam.cz\bin\chromeUpdatePref.exe" [2013-02-13 942080]
"cz.seznam.software.szndesktop"="c:\documents and settings\michal\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2012-12-19 92296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.6.2009 19:28 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.6.2011 21:33 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [13.6.2009 17:47 68136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [16.9.2011 14:10 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.3.2013 11:33 682344]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [23.9.2012 6:39 625816]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [12.12.2009 10:44 16128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.3.2013 11:33 21104]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.6.2009 18:23 47360]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7.12.2011 18:21 374704]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2.6.2011 6:29 30312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2.6.2011 6:30 66112]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [20.9.2009 12:18 36608]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [28.7.2010 23:25 25112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [18.8.2004 13:00 14336]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [6.8.2009 10:24 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [6.8.2009 10:24 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [6.8.2009 10:24 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [6.8.2009 10:24 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [6.8.2009 10:24 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [6.8.2009 10:24 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [6.8.2009 10:24 109864]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2.6.2011 6:29 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2.6.2011 6:29 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2.6.2011 6:29 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2.6.2011 6:29 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2.6.2011 6:29 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2.6.2011 6:29 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2.6.2011 6:29 114152]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2.6.2011 6:30 180672]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2.6.2011 6:30 180672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-HEXelon MAX - c:\program files\HEXelon MAX 6\hexelon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-21 11:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3640)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Celkový čas: 2013-03-21 11:08:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-21 10:08
.
Před spuštěním: Volných bajtů: 109 944 623 104
Po spuštění: Volných bajtů: 111 198 035 968
.
- - End Of File - - 298E23722A523DDD474E16A09269FA9Ac:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\DXT2502.tmp
c:\windows\DXT2501.tmp

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[spake]

bohužel tato poslední operace se nezdařila.
po vytvoření scriptu a přetažení nad combofix se sice program spustí ale začne vyhledávat havěť ale i po hodině stále píše že probíhá vyhledávání.

Co tedy dělat??

[Žbeky]

Zkus to v nouzovém režimu

[spake]

jako spustit windows v nouzovém režimu???

[Žbeky]

Ano

[spake]

tak mám další špatné zjištění nejde me spustit nouzový režim.
po restartování a mačkání F8 se nic nestane a windows naběhnou běžným způsobem.
už si připadám jako úplný ..... jako bych nikdy s počítačem nedělal.