Problém s internetem - svchost.exe

Golfy · Příspěvekod **Golfy** » 28 kvě 2013 20:40

Dobrý den,

mám problém s pomalým internetem, který způsobuje proces svchost.exe který je spuštěn asi 15x (problém zmizí když ukončím všechny procesy svchost.exe které byly spuštěny uživatelem Itabo - a ne NETWORK service, SYSTEM či LOCAL SERVICE)

Zde log z HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:36, on 28.5.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
C:\Program Files\epson\portcommunicationservice\PCSVC.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\wamp\wampmanager.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE
C:\Documents and Settings\Itabo\biqcypofovuh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Itabo\Dokumenty\Stažené soubory\HiJackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Itabo\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [EpsonAPD4SV] C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\\Golfy-\EPSON BX305 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE /FU "C:\DOCUME~1\Itabo\LOCALS~1\Temp\E_S230.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [{0184B8F6-4A5E-CA0C-9B7C-521F1B9316DA}] "C:\Documents and Settings\Itabo\Data aplikací\Ugarhey\micere.exe"
O4 - HKCU\..\Run: [biqcypofovuh] C:\Documents and Settings\Itabo\biqcypofovuh.exe
O4 - HKCU\..\Run: [sidficymdozk] C:\Documents and Settings\Itabo\sidficymdozk.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\wamp\wampmanager.exe
O4 - HKCU\..\Policies\Explorer\Run: [Macromedia] C:\Documents and Settings\Itabo\Data aplikací\gevacvwa\sewcsvsd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7550360687
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/ ... emLite.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: EPSON Device Control Log Service (EPSON_Device_Control_Log_Service) - SEIKO EPSON CORPORATION - C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
O23 - Service: EPSON Port Communication Service (EPSON_Port_Communication_Service) - SEIKO EPSON CORPORATION - C:\Program Files\epson\portcommunicationservice\PCSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 7852 bytes

Reklama

Golfy · Příspěvekod **Golfy** » 28 kvě 2013 20:47

a od té doby co to zlobí, tak nelze psát velké písmena s diakritikou (pouze přes caps-lock)

dělá to toto: ˇˇD, ´´A - klávesnice to není, jelikož při připojení k jinému PC je OK

Příspěvekod **Žbeky** » 28 kvě 2013 21:25

No a co byste řekl, pane doktore – měl ho tam! Až dokončíme čištění, doporučuju změnit hesla. Minimálně na mail a internetové bankovnictví

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Itabo\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [{0184B8F6-4A5E-CA0C-9B7C-521F1B9316DA}] "C:\Documents and Settings\Itabo\Data aplikací\Ugarhey\micere.exe"
O4 - HKCU\..\Run: [biqcypofovuh] C:\Documents and Settings\Itabo\biqcypofovuh.exe
O4 - HKCU\..\Run: [sidficymdozk] C:\Documents and Settings\Itabo\sidficymdozk.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\wamp\wampmanager.exe
O4 - HKCU\..\Policies\Explorer\Run: [Macromedia] C:\Documents and Settings\Itabo\Data aplikací\gevacvwa\sewcsvsd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7550360687
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/ ... emLite.CAB

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Golfy · Příspěvekod **Golfy** » 28 kvě 2013 22:33

Takže MbAM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.28.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Itabo :: PRODEJNA [administrátor]

28.5.2013 22:22:40
MBAM-log-2013-05-28 (22-30-34).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 199634
Uplynulý čas: 7 minut, 37 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Documents and Settings\Itabo\Data aplikací\gevacvwa\sewcsvsd.exe (Trojan.FakeMS) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Itabo\Data aplikací\Ugarhey\micere.exe (Trojan.Zbot.FVGen) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Itabo\biqcypofovuh.exe (Backdoor.Pushdo) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Itabo\sidficymdozk.exe (Trojan.FakeINTEL) -> Nebyla provedena žádná instrukce.

(konec)

a tady AdwCleaner

# AdwCleaner v2.301 - Log vytvooen 28/05/2013 v 22:31:39
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Itabo - PRODEJNA
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Itabo\Plocha\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

***** [Registry] *****

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Documents and Settings\Itabo\Data aplikací\Mozilla\Firefox\Profiles\u1irtmso.default\prefs.js

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [712 octets] - [28/05/2013 22:31:39]

########## EOF - C:\AdwCleaner[R1].txt - [771 octets] ##########

Příspěvekod **memphisto** » 29 kvě 2013 08:15

V mbam nech vše smazat a dodej log po mazání

¨Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Golfy · Příspěvekod **Golfy** » 29 kvě 2013 08:58

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.28.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Itabo :: PRODEJNA [administrátor]

29.5.2013 8:48:40
mbam-log-2013-05-29 (08-48-40).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 199609
Uplynulý čas: 6 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Documents and Settings\Itabo\Data aplikací\gevacvwa\sewcsvsd.exe (Trojan.FakeMS) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Itabo\Data aplikací\Ugarhey\micere.exe (Trojan.Zbot.FVGen) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Itabo\biqcypofovuh.exe (Backdoor.Pushdo) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Itabo\sidficymdozk.exe (Trojan.FakeINTEL) -> Přesun do karantény a smazání se zdařilo.

(konec)

Golfy · Příspěvekod **Golfy** » 29 kvě 2013 08:59

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Itabo [Práva správce]
Mód : Kontrola -- Datum : 05/29/2013 08:58:51
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST340014AS +++++
--- User ---
[MBR] bd7dd87c9774237cd5a620fb40426937
[BSP] b6b3ee49ea4db55e0cb7ea39b9c02301 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 28003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 57352050 | Size: 10134 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_05292013_02d0858.txt >>
RKreport[1]_S_05292013_02d0858.txt

Příspěvekod **jaro3** » 29 kvě 2013 09:49

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

Golfy · Příspěvekod **Golfy** » 29 kvě 2013 11:31

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Itabo [Práva správce]
Mód : Odebrat -- Datum : 05/29/2013 11:30:28
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST340014AS +++++
--- User ---
[MBR] bd7dd87c9774237cd5a620fb40426937
[BSP] b6b3ee49ea4db55e0cb7ea39b9c02301 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 28003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 57352050 | Size: 10134 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_05292013_02d1130.txt >>
RKreport[1]_S_05292013_02d0858.txt ; RKreport[2]_S_05292013_02d1130.txt ; RKreport[3]_D_05292013_02d1130.txt

Golfy · Příspěvekod **Golfy** » 29 kvě 2013 11:39

11:31:03.0875 2228 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:31:03.0968 2228 ============================================================
11:31:03.0968 2228 Current date / time: 2013/05/29 11:31:03.0968
11:31:03.0968 2228 SystemInfo:
11:31:03.0968 2228
11:31:03.0968 2228 OS Version: 5.1.2600 ServicePack: 3.0
11:31:03.0968 2228 Product type: Workstation
11:31:03.0968 2228 ComputerName: PRODEJNA
11:31:03.0968 2228 UserName: Itabo
11:31:03.0968 2228 Windows directory: C:\WINDOWS
11:31:03.0968 2228 System windows directory: C:\WINDOWS
11:31:03.0968 2228 Processor architecture: Intel x86
11:31:03.0968 2228 Number of processors: 1
11:31:03.0968 2228 Page size: 0x1000
11:31:03.0968 2228 Boot type: Normal boot
11:31:03.0968 2228 ============================================================
11:31:05.0625 2228 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:31:05.0640 2228 ============================================================
11:31:05.0640 2228 \Device\Harddisk0\DR0:
11:31:05.0640 2228 MBR partitions:
11:31:05.0640 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36B1F33
11:31:05.0656 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36B1FB1, BlocksNum 0x13CB5CD
11:31:05.0656 2228 ============================================================
11:31:05.0859 2228 C: <-> \Device\Harddisk0\DR0\Partition1
11:31:06.0000 2228 D: <-> \Device\Harddisk0\DR0\Partition2
11:31:06.0000 2228 ============================================================
11:31:06.0000 2228 Initialize success
11:31:06.0000 2228 ============================================================
11:31:13.0921 2520 ============================================================
11:31:13.0921 2520 Scan started
11:31:13.0921 2520 Mode: Manual;
11:31:13.0921 2520 ============================================================
11:31:14.0546 2520 ================ Scan system memory ========================
11:31:14.0562 2520 System memory - ok
11:31:14.0562 2520 ================ Scan services =============================
11:31:14.0687 2520 Abiosdsk - ok
11:31:14.0687 2520 abp480n5 - ok
11:31:14.0734 2520 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:31:14.0750 2520 ACPI - ok
11:31:14.0781 2520 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:31:14.0781 2520 ACPIEC - ok
11:31:14.0859 2520 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:31:14.0859 2520 AdobeFlashPlayerUpdateSvc - ok
11:31:14.0859 2520 adpu160m - ok
11:31:14.0890 2520 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:31:14.0890 2520 aec - ok
11:31:14.0937 2520 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:31:14.0937 2520 AFD - ok
11:31:14.0937 2520 Aha154x - ok
11:31:14.0953 2520 aic78u2 - ok
11:31:14.0968 2520 aic78xx - ok
11:31:15.0000 2520 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:31:15.0000 2520 Alerter - ok
11:31:15.0031 2520 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
11:31:15.0031 2520 ALG - ok
11:31:15.0031 2520 AliIde - ok
11:31:15.0046 2520 amsint - ok
11:31:15.0093 2520 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:31:15.0093 2520 AppMgmt - ok
11:31:15.0109 2520 asc - ok
11:31:15.0109 2520 asc3350p - ok
11:31:15.0125 2520 asc3550 - ok
11:31:15.0218 2520 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:31:15.0218 2520 aspnet_state - ok
11:31:15.0250 2520 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:31:15.0250 2520 AsyncMac - ok
11:31:15.0281 2520 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:31:15.0281 2520 atapi - ok
11:31:15.0296 2520 Atdisk - ok
11:31:15.0328 2520 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:31:15.0328 2520 Atmarpc - ok
11:31:15.0359 2520 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:31:15.0359 2520 AudioSrv - ok
11:31:15.0421 2520 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:31:15.0421 2520 audstub - ok
11:31:15.0453 2520 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:31:15.0453 2520 b57w2k - ok
11:31:15.0500 2520 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:31:15.0500 2520 Beep - ok
11:31:15.0562 2520 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
11:31:15.0578 2520 BITS - ok
11:31:15.0609 2520 [ 249276D3EF1E74B992299CB96099E4D7 ] Browser C:\WINDOWS\System32\browser.dll
11:31:15.0609 2520 Browser - ok
11:31:15.0656 2520 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:31:15.0656 2520 cbidf2k - ok
11:31:15.0656 2520 cd20xrnt - ok
11:31:15.0703 2520 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:31:15.0703 2520 Cdaudio - ok
11:31:15.0718 2520 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:31:15.0718 2520 Cdfs - ok
11:31:15.0765 2520 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:31:15.0765 2520 Cdrom - ok
11:31:15.0765 2520 Changer - ok
11:31:15.0828 2520 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:31:15.0828 2520 CiSvc - ok
11:31:15.0828 2520 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:31:15.0828 2520 ClipSrv - ok
11:31:15.0859 2520 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:31:15.0859 2520 clr_optimization_v2.0.50727_32 - ok
11:31:15.0875 2520 CmdIde - ok
11:31:15.0875 2520 COMSysApp - ok
11:31:15.0890 2520 Cpqarray - ok
11:31:15.0921 2520 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:31:15.0937 2520 CryptSvc - ok
11:31:15.0937 2520 dac2w2k - ok
11:31:15.0953 2520 dac960nt - ok
11:31:16.0000 2520 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:31:16.0015 2520 DcomLaunch - ok
11:31:16.0046 2520 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
11:31:16.0046 2520 DgiVecp - ok
11:31:16.0093 2520 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:31:16.0093 2520 Dhcp - ok
11:31:16.0109 2520 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:31:16.0109 2520 Disk - ok
11:31:16.0125 2520 dmadmin - ok
11:31:16.0187 2520 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:31:16.0187 2520 dmboot - ok
11:31:16.0203 2520 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:31:16.0203 2520 dmio - ok
11:31:16.0218 2520 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:31:16.0218 2520 dmload - ok
11:31:16.0250 2520 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:31:16.0250 2520 dmserver - ok
11:31:16.0265 2520 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:31:16.0265 2520 DMusic - ok
11:31:16.0296 2520 [ 0634B791684B84F4A331F3D3536FEEF8 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:31:16.0296 2520 Dnscache - ok
11:31:16.0343 2520 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:31:16.0359 2520 Dot3svc - ok
11:31:16.0359 2520 dpti2o - ok
11:31:16.0421 2520 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:31:16.0421 2520 drmkaud - ok
11:31:16.0453 2520 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:31:16.0453 2520 EapHost - ok
11:31:16.0656 2520 [ BE3B7FAAC9F8E585C11607AC7092649E ] EPSON_Device_Control_Log_Service C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
11:31:16.0750 2520 EPSON_Device_Control_Log_Service - ok
11:31:16.0796 2520 [ 0C65DE6B67DBAD81C4D1571910870C68 ] EPSON_PCS_Parallel_Port_Driver C:\WINDOWS\system32\DRIVERS\pcslpt.sys
11:31:16.0796 2520 EPSON_PCS_Parallel_Port_Driver - ok
11:31:16.0843 2520 [ A655D61210614118388B3E5491732307 ] EPSON_Port_Communication_Service C:\Program Files\epson\portcommunicationservice\PCSVC.exe
11:31:16.0953 2520 EPSON_Port_Communication_Service - ok
11:31:16.0984 2520 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:31:16.0984 2520 ERSvc - ok
11:31:17.0046 2520 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
11:31:17.0046 2520 Eventlog - ok
11:31:17.0093 2520 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
11:31:17.0093 2520 EventSystem - ok
11:31:17.0109 2520 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:31:17.0109 2520 Fastfat - ok
11:31:17.0156 2520 [ B927443008910B412BEC72FC41C1BAD0 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:31:17.0156 2520 FastUserSwitchingCompatibility - ok
11:31:17.0218 2520 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:31:17.0218 2520 Fdc - ok
11:31:17.0218 2520 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:31:17.0218 2520 Fips - ok
11:31:17.0234 2520 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:31:17.0234 2520 Flpydisk - ok
11:31:17.0296 2520 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:31:17.0296 2520 FltMgr - ok
11:31:17.0406 2520 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:31:17.0406 2520 FontCache3.0.0.0 - ok
11:31:17.0437 2520 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:31:17.0437 2520 Fs_Rec - ok
11:31:17.0468 2520 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:31:17.0468 2520 Ftdisk - ok
11:31:17.0484 2520 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
11:31:17.0484 2520 giveio - ok
11:31:17.0515 2520 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:31:17.0515 2520 Gpc - ok
11:31:17.0578 2520 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:31:17.0578 2520 helpsvc - ok
11:31:17.0640 2520 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:31:17.0640 2520 HidServ - ok
11:31:17.0687 2520 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:31:17.0687 2520 hidusb - ok
11:31:17.0734 2520 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:31:17.0734 2520 hkmsvc - ok
11:31:17.0734 2520 hpn - ok
11:31:17.0765 2520 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:31:17.0765 2520 HPZid412 - ok
11:31:17.0796 2520 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:31:17.0796 2520 HPZipr12 - ok
11:31:17.0812 2520 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:31:17.0812 2520 HPZius12 - ok
11:31:17.0859 2520 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:31:17.0859 2520 HTTP - ok
11:31:17.0906 2520 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:31:17.0906 2520 HTTPFilter - ok
11:31:17.0906 2520 i2omgmt - ok
11:31:17.0921 2520 i2omp - ok
11:31:17.0953 2520 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
11:31:17.0953 2520 i8042prt - ok
11:31:18.0031 2520 [ 737DA0BE27652C4482AC5CDE099BFCE9 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:31:18.0031 2520 ialm - ok
11:31:18.0109 2520 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:31:18.0125 2520 idsvc - ok
11:31:18.0156 2520 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:31:18.0156 2520 Imapi - ok
11:31:18.0203 2520 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:31:18.0203 2520 ImapiService - ok
11:31:18.0218 2520 ini910u - ok
11:31:18.0265 2520 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:31:18.0265 2520 IntelIde - ok
11:31:18.0312 2520 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:31:18.0312 2520 intelppm - ok
11:31:18.0343 2520 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:31:18.0343 2520 Ip6Fw - ok
11:31:18.0375 2520 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:31:18.0375 2520 IpFilterDriver - ok
11:31:18.0406 2520 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:31:18.0406 2520 IpInIp - ok
11:31:18.0421 2520 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:31:18.0421 2520 IpNat - ok
11:31:18.0437 2520 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:31:18.0437 2520 IPSec - ok
11:31:18.0468 2520 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:31:18.0468 2520 IRENUM - ok
11:31:18.0515 2520 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:31:18.0515 2520 isapnp - ok
11:31:18.0640 2520 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:31:18.0640 2520 JavaQuickStarterService - ok
11:31:18.0656 2520 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:31:18.0656 2520 Kbdclass - ok
11:31:18.0656 2520 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:31:18.0656 2520 kbdhid - ok
11:31:18.0718 2520 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:31:18.0718 2520 kmixer - ok
11:31:18.0765 2520 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:31:18.0765 2520 KSecDD - ok
11:31:18.0796 2520 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:31:18.0812 2520 lanmanserver - ok
11:31:18.0859 2520 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:31:18.0859 2520 lanmanworkstation - ok
11:31:18.0875 2520 lbrtfdc - ok
11:31:18.0921 2520 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:31:18.0921 2520 LmHosts - ok
11:31:18.0953 2520 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:31:18.0953 2520 Messenger - ok
11:31:18.0984 2520 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:31:18.0984 2520 mnmdd - ok
11:31:19.0046 2520 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:31:19.0046 2520 mnmsrvc - ok
11:31:19.0078 2520 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:31:19.0078 2520 Modem - ok
11:31:19.0109 2520 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:31:19.0109 2520 Mouclass - ok
11:31:19.0125 2520 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:31:19.0125 2520 mouhid - ok
11:31:19.0140 2520 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:31:19.0140 2520 MountMgr - ok
11:31:19.0187 2520 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:31:19.0187 2520 MozillaMaintenance - ok
11:31:19.0203 2520 mraid35x - ok
11:31:19.0203 2520 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:31:19.0203 2520 MRxDAV - ok
11:31:19.0265 2520 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:31:19.0265 2520 MRxSmb - ok
11:31:19.0296 2520 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:31:19.0296 2520 MSDTC - ok
11:31:19.0328 2520 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:31:19.0328 2520 Msfs - ok
11:31:19.0328 2520 MSIServer - ok
11:31:19.0359 2520 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:31:19.0359 2520 MSKSSRV - ok
11:31:19.0375 2520 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:31:19.0390 2520 MSPCLOCK - ok
11:31:19.0390 2520 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:31:19.0390 2520 MSPQM - ok
11:31:19.0421 2520 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:31:19.0421 2520 mssmbios - ok
11:31:19.0437 2520 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:31:19.0437 2520 Mup - ok
11:31:19.0500 2520 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:31:19.0515 2520 napagent - ok
11:31:19.0546 2520 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:31:19.0546 2520 NDIS - ok
11:31:19.0593 2520 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:31:19.0593 2520 NdisTapi - ok
11:31:19.0609 2520 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:31:19.0609 2520 Ndisuio - ok
11:31:19.0640 2520 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:31:19.0640 2520 NdisWan - ok
11:31:19.0687 2520 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:31:19.0687 2520 NDProxy - ok
11:31:19.0734 2520 [ 284432E671F1AF6B09B81DA24D3ABCAE ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:31:19.0734 2520 Net Driver HPZ12 - ok
11:31:19.0781 2520 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:31:19.0781 2520 NetBIOS - ok
11:31:19.0796 2520 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:31:19.0796 2520 NetBT - ok
11:31:19.0843 2520 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
11:31:19.0843 2520 NetDDE - ok
11:31:19.0859 2520 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:31:19.0859 2520 NetDDEdsdm - ok
11:31:19.0890 2520 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:31:19.0890 2520 Netlogon - ok
11:31:19.0906 2520 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
11:31:19.0921 2520 Netman - ok
11:31:19.0968 2520 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:31:19.0968 2520 NetTcpPortSharing - ok
11:31:20.0015 2520 [ 1289B7611CCD6CB27596AE92CBF03E35 ] Nla C:\WINDOWS\System32\mswsock.dll
11:31:20.0031 2520 Nla - ok
11:31:20.0062 2520 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:31:20.0078 2520 Npfs - ok
11:31:20.0093 2520 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:31:20.0093 2520 Ntfs - ok
11:31:20.0109 2520 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:31:20.0109 2520 NtLmSsp - ok
11:31:20.0171 2520 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:31:20.0187 2520 NtmsSvc - ok
11:31:20.0203 2520 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:31:20.0218 2520 Null - ok
11:31:20.0250 2520 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:31:20.0250 2520 NwlnkFlt - ok
11:31:20.0250 2520 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:31:20.0265 2520 NwlnkFwd - ok
11:31:20.0281 2520 [ E6D35F3AA51A65EB35C1F2340154A25E ] orio C:\WINDOWS\system32\drivers\bvnbi.sys
11:31:20.0281 2520 orio - ok
11:31:20.0312 2520 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:31:20.0312 2520 Parport - ok
11:31:20.0328 2520 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:31:20.0328 2520 PartMgr - ok
11:31:20.0359 2520 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:31:20.0375 2520 ParVdm - ok
11:31:20.0390 2520 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:31:20.0390 2520 PCI - ok
11:31:20.0406 2520 PCIDump - ok
11:31:20.0406 2520 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:31:20.0406 2520 PCIIde - ok
11:31:20.0437 2520 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:31:20.0453 2520 Pcmcia - ok
11:31:20.0453 2520 PDCOMP - ok
11:31:20.0468 2520 PDFRAME - ok
11:31:20.0468 2520 PDRELI - ok
11:31:20.0484 2520 PDRFRAME - ok
11:31:20.0484 2520 perc2 - ok
11:31:20.0500 2520 perc2hib - ok
11:31:20.0531 2520 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
11:31:20.0546 2520 PlugPlay - ok
11:31:20.0578 2520 [ 4153912765F7F2DE2A5C9A241ABB03FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:31:20.0578 2520 Pml Driver HPZ12 - ok
11:31:20.0593 2520 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:31:20.0593 2520 PolicyAgent - ok
11:31:20.0640 2520 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:31:20.0640 2520 PptpMiniport - ok
11:31:20.0656 2520 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:31:20.0656 2520 ProtectedStorage - ok
11:31:20.0671 2520 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:31:20.0671 2520 PSched - ok
11:31:20.0703 2520 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:31:20.0703 2520 Ptilink - ok
11:31:20.0718 2520 ql1080 - ok
11:31:20.0718 2520 Ql10wnt - ok
11:31:20.0734 2520 ql12160 - ok
11:31:20.0734 2520 ql1240 - ok
11:31:20.0750 2520 ql1280 - ok
11:31:20.0750 2520 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:31:20.0750 2520 RasAcd - ok
11:31:20.0796 2520 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:31:20.0796 2520 RasAuto - ok
11:31:20.0812 2520 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:31:20.0812 2520 Rasl2tp - ok
11:31:20.0843 2520 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:31:20.0859 2520 RasMan - ok
11:31:20.0875 2520 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:31:20.0875 2520 RasPppoe - ok
11:31:20.0890 2520 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:31:20.0890 2520 Raspti - ok
11:31:20.0906 2520 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:31:20.0906 2520 Rdbss - ok
11:31:20.0921 2520 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:31:20.0921 2520 RDPCDD - ok
11:31:20.0968 2520 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:31:20.0968 2520 rdpdr - ok
11:31:21.0000 2520 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:31:21.0000 2520 RDPWD - ok
11:31:21.0046 2520 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:31:21.0046 2520 RDSessMgr - ok
11:31:21.0078 2520 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:31:21.0078 2520 redbook - ok
11:31:21.0125 2520 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:31:21.0125 2520 RemoteAccess - ok
11:31:21.0171 2520 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:31:21.0171 2520 RemoteRegistry - ok
11:31:21.0187 2520 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:31:21.0187 2520 RpcLocator - ok
11:31:21.0234 2520 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:31:21.0234 2520 RpcSs - ok
11:31:21.0250 2520 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:31:21.0265 2520 RSVP - ok
11:31:21.0312 2520 [ C7BCF9808E2A1B4CABE16FF7FBCE5FAB ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
11:31:21.0312 2520 RT73 - ok
11:31:21.0328 2520 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
11:31:21.0328 2520 SamSs - ok
11:31:21.0375 2520 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:31:21.0390 2520 SCardSvr - ok
11:31:21.0437 2520 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:31:21.0437 2520 Schedule - ok
11:31:21.0484 2520 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:31:21.0484 2520 Secdrv - ok
11:31:21.0515 2520 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:31:21.0515 2520 seclogon - ok
11:31:21.0593 2520 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
11:31:21.0593 2520 senfilt - ok
11:31:21.0609 2520 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
11:31:21.0609 2520 SENS - ok
11:31:21.0625 2520 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:31:21.0625 2520 serenum - ok
11:31:21.0671 2520 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:31:21.0671 2520 Serial - ok
11:31:21.0734 2520 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:31:21.0734 2520 Sfloppy - ok
11:31:21.0781 2520 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:31:21.0796 2520 SharedAccess - ok
11:31:21.0812 2520 [ B927443008910B412BEC72FC41C1BAD0 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:31:21.0812 2520 ShellHWDetection - ok
11:31:21.0828 2520 Simbad - ok
11:31:21.0875 2520 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
11:31:21.0890 2520 smwdm - ok
11:31:21.0890 2520 Sparrow - ok
11:31:21.0937 2520 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
11:31:21.0937 2520 speedfan - ok
11:31:21.0953 2520 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:31:21.0953 2520 splitter - ok
11:31:22.0000 2520 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:31:22.0000 2520 Spooler - ok
11:31:22.0203 2520 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:31:22.0203 2520 sr - ok
11:31:22.0250 2520 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
11:31:22.0250 2520 srservice - ok
11:31:22.0312 2520 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:31:22.0312 2520 Srv - ok
11:31:22.0328 2520 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:31:22.0328 2520 SSDPSRV - ok
11:31:22.0328 2520 SSPORT - ok
11:31:22.0359 2520 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:31:22.0375 2520 stisvc - ok
11:31:22.0390 2520 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:31:22.0390 2520 swenum - ok
11:31:22.0437 2520 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:31:22.0437 2520 swmidi - ok
11:31:22.0453 2520 SwPrv - ok
11:31:22.0453 2520 symc810 - ok
11:31:22.0468 2520 symc8xx - ok
11:31:22.0484 2520 sym_hi - ok
11:31:22.0484 2520 sym_u3 - ok
11:31:22.0500 2520 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:31:22.0500 2520 sysaudio - ok
11:31:22.0546 2520 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:31:22.0546 2520 SysmonLog - ok
11:31:22.0578 2520 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:31:22.0578 2520 TapiSrv - ok
11:31:22.0609 2520 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:31:22.0609 2520 Tcpip - ok
11:31:22.0640 2520 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:31:22.0640 2520 TDPIPE - ok
11:31:22.0656 2520 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:31:22.0656 2520 TDTCP - ok
11:31:22.0843 2520 [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
11:31:22.0937 2520 TeamViewer8 - ok
11:31:22.0984 2520 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:31:23.0000 2520 TermDD - ok
11:31:23.0046 2520 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
11:31:23.0046 2520 TermService - ok
11:31:23.0062 2520 [ B927443008910B412BEC72FC41C1BAD0 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:31:23.0078 2520 Themes - ok
11:31:23.0125 2520 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:31:23.0125 2520 TlntSvr - ok
11:31:23.0140 2520 TosIde - ok
11:31:23.0187 2520 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:31:23.0187 2520 TrkWks - ok
11:31:23.0218 2520 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:31:23.0218 2520 Udfs - ok
11:31:23.0234 2520 ultra - ok
11:31:23.0281 2520 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:31:23.0281 2520 Update - ok
11:31:23.0328 2520 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
11:31:23.0343 2520 upnphost - ok
11:31:23.0359 2520 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
11:31:23.0359 2520 UPS - ok
11:31:23.0406 2520 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:31:23.0406 2520 usbccgp - ok
11:31:23.0453 2520 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:31:23.0453 2520 usbehci - ok
11:31:23.0468 2520 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:31:23.0468 2520 usbhub - ok
11:31:23.0515 2520 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:31:23.0515 2520 usbprint - ok
11:31:23.0562 2520 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:31:23.0562 2520 usbscan - ok
11:31:23.0593 2520 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:31:23.0593 2520 USBSTOR - ok
11:31:23.0640 2520 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:31:23.0640 2520 usbuhci - ok
11:31:23.0656 2520 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:31:23.0656 2520 VgaSave - ok
11:31:23.0656 2520 ViaIde - ok
11:31:23.0703 2520 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:31:23.0703 2520 VolSnap - ok
11:31:23.0750 2520 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
11:31:23.0750 2520 VSS - ok
11:31:23.0781 2520 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
11:31:23.0781 2520 W32Time - ok
11:31:23.0890 2520 [ 375640F39F2D613B6FDCF8C2F956205A ] wampapache c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
11:31:23.0890 2520 wampapache - ok
11:31:23.0921 2520 wampmysqld - ok
11:31:23.0937 2520 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:31:23.0937 2520 Wanarp - ok
11:31:23.0953 2520 WDICA - ok
11:31:24.0000 2520 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:31:24.0000 2520 wdmaud - ok
11:31:24.0046 2520 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:31:24.0046 2520 WebClient - ok
11:31:24.0156 2520 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:31:24.0156 2520 winmgmt - ok
11:31:24.0234 2520 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:31:24.0234 2520 WmdmPmSN - ok
11:31:24.0265 2520 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:31:24.0265 2520 Wmi - ok
11:31:24.0328 2520 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:31:24.0328 2520 WmiApSrv - ok
11:31:24.0437 2520 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:31:24.0437 2520 WMPNetworkSvc - ok
11:31:24.0468 2520 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:31:24.0468 2520 WpdUsb - ok
11:31:24.0515 2520 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:31:24.0515 2520 wscsvc - ok
11:31:24.0531 2520 WSearch - ok
11:31:24.0578 2520 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:31:24.0578 2520 wuauserv - ok
11:31:24.0625 2520 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:31:24.0625 2520 WudfPf - ok
11:31:24.0656 2520 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:31:24.0656 2520 WudfRd - ok
11:31:24.0687 2520 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:31:24.0687 2520 WudfSvc - ok
11:31:24.0750 2520 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:31:24.0765 2520 WZCSVC - ok
11:31:24.0812 2520 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:31:24.0812 2520 xmlprov - ok
11:31:24.0828 2520 ================ Scan global ===============================
11:31:24.0859 2520 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
11:31:24.0906 2520 [ D7F6130150643691D61E957A2CD48D1B ] C:\WINDOWS\system32\winsrv.dll
11:31:24.0937 2520 [ D7F6130150643691D61E957A2CD48D1B ] C:\WINDOWS\system32\winsrv.dll
11:31:24.0968 2520 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
11:31:24.0968 2520 [Global] - ok
11:31:24.0968 2520 ================ Scan MBR ==================================
11:31:24.0984 2520 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
11:31:25.0187 2520 \Device\Harddisk0\DR0 - ok
11:31:25.0187 2520 ================ Scan VBR ==================================
11:31:25.0187 2520 [ FBE265F92C766403FF2E0CE4644ADE3B ] \Device\Harddisk0\DR0\Partition1
11:31:25.0187 2520 \Device\Harddisk0\DR0\Partition1 - ok
11:31:25.0218 2520 [ 4887662C95E9E14E02AC8D5199985BA5 ] \Device\Harddisk0\DR0\Partition2
11:31:25.0218 2520 \Device\Harddisk0\DR0\Partition2 - ok
11:31:25.0218 2520 ============================================================
11:31:25.0218 2520 Scan finished
11:31:25.0218 2520 ============================================================
11:31:25.0234 3676 Detected object count: 0
11:31:25.0234 3676 Actual detected object count: 0
11:31:50.0937 2092 Deinitialize success

Příspěvekod **memphisto** » 29 kvě 2013 12:54

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Golfy · Příspěvekod **Golfy** » 29 kvě 2013 13:25

ComboFix 13-05-29.01 - Itabo 29.05.2013 13:15:00.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.660 [GMT 2:00]
Spuštěný z: c:\documents and settings\Itabo\Plocha\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-21 13:31 . 2013-05-21 13:31 -------- d-----w- c:\documents and settings\Itabo\Data aplikací\Malwarebytes
2013-05-21 13:31 . 2013-05-21 13:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-05-21 13:31 . 2013-05-21 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-21 13:31 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-21 10:22 . 2013-05-28 19:09 -------- d-----w- c:\documents and settings\Itabo\Data aplikací\Qeunp
2013-05-21 10:22 . 2013-05-29 06:57 -------- d-----w- c:\documents and settings\Itabo\Data aplikací\Ugarhey
2013-05-17 11:47 . 2013-05-20 05:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 11:36 . 2012-09-05 18:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 11:36 . 2011-10-26 16:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\Golfy-\EPSON BX305 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE" [2009-09-14 200704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"EpsonAPD4SV"="c:\program files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE" [2011-06-07 210368]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-15 614400]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EPSON\\EPSON Advanced Printer Driver 4\\Tools\\PrinterNetworkSetting\\APDNetSetting.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R2 EPSON_Device_Control_Log_Service;EPSON Device Control Log Service;c:\program files\EPSON\portcommunicationservice\DeviceControlLog.exe [10.8.2011 13:46 332288]
R2 EPSON_PCS_Parallel_Port_Driver;EPSON PCS Parallel Port Driver;c:\windows\system32\drivers\pcslpt.sys [10.8.2011 13:43 19592]
R2 EPSON_Port_Communication_Service;EPSON Port Communication Service;c:\program files\EPSON\portcommunicationservice\PCSVC.exe [10.8.2011 13:49 431616]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [21.5.2013 15:27 3574624]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 11:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 93.99.128.1 77.48.100.254
FF - ProfilePath - c:\documents and settings\Itabo\Data aplikací\Mozilla\Firefox\Profiles\u1irtmso.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Roland CAMM-1 CM-24 - c:\docume~1\Itabo\LOCALS~1\Temp\RolandRDCM24.INF\SETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-29 13:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-05-29 13:21:42
ComboFix-quarantined-files.txt 2013-05-29 11:21
.
Před spuštěním: Volných bajtů: 12 308 844 544
Po spuštění: Volných bajtů: 12 268 199 936
.
- - End Of File - - 7FF1B48BEB1567F6C881B115F11A5D2D

Problém s internetem - svchost.exe Vyřešeno

Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Re: Problém s internetem - svchost.exe

Kdo je online