Prosím o kontrolu - vir policie čr

[podfu.k]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:56:33, on 28.9.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 1: Frekvence 1 - http://www.frekvence1.cz/cs/webova_radi ... 2_ad.shtml

--
End of file - 8599 bytes

[Reklama]

[Orcus]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

===================================================

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

====================================================

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

[podfu.k]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.30.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Svatik :: MALYS-MRXM8V815 [administrátor]

Ochrana: Povolena

30.9.2013 17:01:55
MBAM-log-2013-09-30 (18-19-36).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 384584
Uplynulý čas: 41 minut, 58 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {8F6E76B8-4D19-40a0-95D5-145F37673914} -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {8F6E76B8-4D19-40a0-95D5-145F37673914} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\jjrdrwj.plz (Trojan.Inject.RRE) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Local Settings\temp\qwxhrhcenkqjwyboyju.bfg (Trojan.Inject.RRE) -> Nebyla provedena žádná instrukce.

(konec)


# AdwCleaner v3.005 - Report created 30/09/2013 at 18:25:50
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Svatik - MALYS-MRXM8V815
# Running from : C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Dokumenty\Stažené soubory\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ICQ\ICQToolbar
Folder Found C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Trymedia
Folder Found C:\Program Files\ICQ6Toolbar
Folder Found C:\Program Files\icqtoolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\SWEETIE
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE.1
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Found : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE
Key Found : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE.1
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page] - hxxp://google.icq.com
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar] - hxxp://google.icq.com/search/search_frame.php
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [provider] - qip

-\\ Mozilla Firefox v3.6.10 (cs)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4374 octets] - [30/09/2013 18:25:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4434 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Svatik on po 30.09.2013 at 18:50:02,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.sweetie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.sweetie.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.sweetie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.sweetie.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Data aplikací\microsoft\internet explorer\qipsearchbar.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\icqtoolbar"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Data aplikací\mozilla\firefox\profiles\hv8ctfmb.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Data aplikací\mozilla\firefox\profiles\hv8ctfmb.default\searchplugins\sweetim.xml
Successfully deleted the following from C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Data aplikací\mozilla\firefox\profiles\hv8ctfmb.default\prefs.js

user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.qip.ru/search?from=FF&query=");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.simapp_id", "{8F6E76B8-4D19-40a0-95D5-145F37673914}");
user_pref("sweetim.toolbar.version", "1.0.0.9");
Emptied folder: C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Data aplikací\mozilla\firefox\profiles\hv8ctfmb.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 30.09.2013 at 18:55:55,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[podfu.k]

# AdwCleaner v3.005 - Report created 30/09/2013 at 19:37:16
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Svatik - MALYS-MRXM8V815
# Running from : C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Dokumenty\Stažené soubory\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Trymedia
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}]
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\SWEETIE
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [provider]

-\\ Mozilla Firefox v3.6.10 (cs)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4514 octets] - [30/09/2013 18:25:50]
AdwCleaner[R1].txt - [3137 octets] - [30/09/2013 19:36:24]
AdwCleaner[S0].txt - [2969 octets] - [30/09/2013 19:37:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3029 octets] ##########


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.30.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Svatik :: MALYS-MRXM8V815 [administrátor]

Ochrana: Povolena

30.9.2013 19:47:42
mbam-log-2013-09-30 (19-47-42).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 384720
Uplynulý čas: 30 minut, 22 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\jjrdrwj.plz (Trojan.Inject.RRE) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Svatik.MALYS-MRXM8V815\Local Settings\temp\qwxhrhcenkqjwyboyju.bfg (Trojan.Inject.RRE) -> Přesun do karantény a smazání se zdařilo.

(konec)


RogueKiller V8.7.0 [Sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Svatik [Práva správce]
Mód : Kontrola -- Datum : 10/02/2013 18:27:15
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[DNS][PUM] HKLM\[...]\CS002\[...]\{2E9B5D45-A881-4D36-AABD-85A2EC33EFBF} : NameServer (195.250.128.34,195.250.128.138) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS003\[...]\{2E9B5D45-A881-4D36-AABD-85A2EC33EFBF} : NameServer (195.250.128.34,195.250.128.138) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x805675D9 -> HOOKED (Unknown @ 0xF8DF526C)
[Address] SSDT[41] : NtCreateKey @ 0x8056F063 -> HOOKED (Unknown @ 0xF8DF5226)
[Address] SSDT[50] : NtCreateSection @ 0x80564B1B -> HOOKED (Unknown @ 0xF8DF5276)
[Address] SSDT[53] : NtCreateThread @ 0x8057F262 -> HOOKED (Unknown @ 0xF8DF521C)
[Address] SSDT[63] : NtDeleteKey @ 0x8059D6BD -> HOOKED (Unknown @ 0xF8DF522B)
[Address] SSDT[65] : NtDeleteValueKey @ 0x80597430 -> HOOKED (Unknown @ 0xF8DF5235)
[Address] SSDT[68] : NtDuplicateObject @ 0x805743BE -> HOOKED (Unknown @ 0xF8DF5267)
[Address] SSDT[98] : NtLoadKey @ 0x805B0F28 -> HOOKED (Unknown @ 0xF8DF523A)
[Address] SSDT[122] : NtOpenProcess @ 0x8057459E -> HOOKED (Unknown @ 0xF8DF5208)
[Address] SSDT[128] : NtOpenThread @ 0x80597C0A -> HOOKED (Unknown @ 0xF8DF520D)
[Address] SSDT[193] : NtReplaceKey @ 0x8064D892 -> HOOKED (Unknown @ 0xF8DF5244)
[Address] SSDT[204] : NtRestoreKey @ 0x8064C3B0 -> HOOKED (Unknown @ 0xF8DF523F)
[Address] SSDT[213] : NtSetContextThread @ 0x8062C85B -> HOOKED (Unknown @ 0xF8DF527B)
[Address] SSDT[247] : NtSetValueKey @ 0x80575527 -> HOOKED (Unknown @ 0xF8DF5230)
[Address] SSDT[257] : NtTerminateProcess @ 0x8058AE1E -> HOOKED (Unknown @ 0xF8DF5217)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF8DF5280)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF8DF5285)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
[Inline] EAT @explorer.exe (_environ) : MSVCR80.dll -> HOOKED (Unknown @ 0x781D2910)
[Inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x6294341D)
[Inline] EAT @explorer.exe (??_7?$collate@G@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0xBC7ED14E)
[Inline] EAT @explorer.exe (??_7?$ctype@G@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x1B7ECB27)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - ST3120026A +++++
--- User ---
[MBR] 9e281be116c5e7a061e9dfad37776ff3
[BSP] 8bd78e694a18c37b315e141c9e4f2295 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 74473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_10022013_182715.txt >>
RKreport[0]_D_09282013_224101.txt;RKreport[0]_S_09282013_224001.txt;RKreport[0]_S_09282013_224652.txt

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

Doinstaluj SP3!

[podfu.k]

RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Svatik [Práva správce]
Mód : Odebrat -- Datum : 10/03/2013 16:06:08
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x805675D9 -> HOOKED (Unknown @ 0xF8CF3974)
[Address] SSDT[41] : NtCreateKey @ 0x8056F063 -> HOOKED (Unknown @ 0xF8CF392E)
[Address] SSDT[50] : NtCreateSection @ 0x80564B1B -> HOOKED (Unknown @ 0xF8CF397E)
[Address] SSDT[53] : NtCreateThread @ 0x8057F262 -> HOOKED (Unknown @ 0xF8CF3924)
[Address] SSDT[63] : NtDeleteKey @ 0x8059D6BD -> HOOKED (Unknown @ 0xF8CF3933)
[Address] SSDT[65] : NtDeleteValueKey @ 0x80597430 -> HOOKED (Unknown @ 0xF8CF393D)
[Address] SSDT[68] : NtDuplicateObject @ 0x805743BE -> HOOKED (Unknown @ 0xF8CF396F)
[Address] SSDT[98] : NtLoadKey @ 0x805B0F28 -> HOOKED (Unknown @ 0xF8CF3942)
[Address] SSDT[122] : NtOpenProcess @ 0x8057459E -> HOOKED (Unknown @ 0xF8CF3910)
[Address] SSDT[128] : NtOpenThread @ 0x80597C0A -> HOOKED (Unknown @ 0xF8CF3915)
[Address] SSDT[193] : NtReplaceKey @ 0x8064D892 -> HOOKED (Unknown @ 0xF8CF394C)
[Address] SSDT[204] : NtRestoreKey @ 0x8064C3B0 -> HOOKED (Unknown @ 0xF8CF3947)
[Address] SSDT[213] : NtSetContextThread @ 0x8062C85B -> HOOKED (Unknown @ 0xF8CF3983)
[Address] SSDT[247] : NtSetValueKey @ 0x80575527 -> HOOKED (Unknown @ 0xF8CF3938)
[Address] SSDT[257] : NtTerminateProcess @ 0x8058AE1E -> HOOKED (Unknown @ 0xF8CF391F)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF8CF3988)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF8CF398D)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


16:10:55.0125 2228 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:10:56.0140 2228 ============================================================
16:10:56.0140 2228 Current date / time: 2013/10/03 16:10:56.0140
16:10:56.0140 2228 SystemInfo:
16:10:56.0140 2228
16:10:56.0140 2228 OS Version: 5.1.2600 ServicePack: 2.0
16:10:56.0140 2228 Product type: Workstation
16:10:56.0140 2228 ComputerName: MALYS-MRXM8V815
16:10:56.0140 2228 UserName: Svatik
16:10:56.0140 2228 Windows directory: C:\WINDOWS
16:10:56.0140 2228 System windows directory: C:\WINDOWS
16:10:56.0140 2228 Processor architecture: Intel x86
16:10:56.0140 2228 Number of processors: 1
16:10:56.0140 2228 Page size: 0x1000
16:10:56.0140 2228 Boot type: Normal boot
16:10:56.0140 2228 ============================================================
16:11:03.0609 2228 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:11:03.0640 2228 ============================================================
16:11:03.0640 2228 \Device\Harddisk0\DR0:
16:11:03.0640 2228 MBR partitions:
16:11:03.0640 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
16:11:03.0656 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x9174957
16:11:03.0656 2228 ============================================================
16:11:03.0671 2228 D: <-> \Device\Harddisk0\DR0\Partition2
16:11:03.0703 2228 C: <-> \Device\Harddisk0\DR0\Partition1
16:11:03.0718 2228 ============================================================
16:11:03.0718 2228 Initialize success
16:11:03.0718 2228 ============================================================
16:11:06.0437 1592 ============================================================
16:11:06.0437 1592 Scan started
16:11:06.0437 1592 Mode: Manual;
16:11:06.0437 1592 ============================================================
16:11:10.0703 1592 ================ Scan system memory ========================
16:11:10.0718 1592 System memory - ok
16:11:10.0734 1592 ================ Scan services =============================
16:11:10.0875 1592 Abiosdsk - ok
16:11:10.0890 1592 abp480n5 - ok
16:11:10.0953 1592 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:11:10.0953 1592 ACPI - ok
16:11:11.0000 1592 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:11:11.0000 1592 ACPIEC - ok
16:11:11.0078 1592 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:11:11.0093 1592 AdobeFlashPlayerUpdateSvc - ok
16:11:11.0109 1592 adpu160m - ok
16:11:11.0187 1592 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:11:11.0203 1592 aec - ok
16:11:11.0234 1592 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:11:11.0234 1592 AFD - ok
16:11:11.0265 1592 Aha154x - ok
16:11:11.0281 1592 aic78u2 - ok
16:11:11.0312 1592 aic78xx - ok
16:11:11.0375 1592 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
16:11:11.0390 1592 ALCXSENS - ok
16:11:11.0453 1592 [ B191753B1AA2E7B11A18D5FDE8248AA2 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:11:11.0468 1592 ALCXWDM - ok
16:11:11.0531 1592 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:11:11.0562 1592 Alerter - ok
16:11:11.0593 1592 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
16:11:11.0593 1592 ALG - ok
16:11:11.0625 1592 AliIde - ok
16:11:11.0687 1592 [ 2CC3BF45AC3180FE29C199BD95F09601 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
16:11:11.0687 1592 AmdK7 - ok
16:11:11.0718 1592 amsint - ok
16:11:11.0812 1592 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:11:11.0812 1592 AntiVirSchedulerService - ok
16:11:11.0875 1592 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:11:11.0875 1592 AntiVirService - ok
16:11:11.0937 1592 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:11:11.0984 1592 AppMgmt - ok
16:11:12.0000 1592 asc - ok
16:11:12.0031 1592 asc3350p - ok
16:11:12.0062 1592 asc3550 - ok
16:11:12.0187 1592 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:11:12.0250 1592 aspnet_state - ok
16:11:12.0312 1592 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:11:12.0312 1592 AsyncMac - ok
16:11:12.0359 1592 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:11:12.0359 1592 atapi - ok
16:11:12.0375 1592 Atdisk - ok
16:11:12.0406 1592 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:11:12.0421 1592 Atmarpc - ok
16:11:12.0484 1592 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:11:12.0515 1592 AudioSrv - ok
16:11:12.0578 1592 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:11:12.0578 1592 audstub - ok
16:11:12.0625 1592 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
16:11:12.0625 1592 avgio - ok
16:11:12.0687 1592 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:11:12.0687 1592 avgntflt - ok
16:11:12.0734 1592 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:11:12.0750 1592 avipbb - ok
16:11:12.0796 1592 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:11:12.0796 1592 Beep - ok
16:11:12.0875 1592 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
16:11:13.0078 1592 BITS - ok
16:11:13.0140 1592 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
16:11:13.0156 1592 Browser - ok
16:11:13.0234 1592 [ 0E43D5D6B57A100B61A4DBA3197D9D24 ] BT848 C:\WINDOWS\system32\drivers\BT848.sys
16:11:13.0234 1592 BT848 - ok
16:11:13.0296 1592 [ 760B30A34DC9A981A74255E080D4C95E ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
16:11:13.0296 1592 btaudio - ok
16:11:13.0343 1592 [ 0AB3C8276DF52E50AEC183C2E70FD868 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
16:11:13.0359 1592 BTDriver - ok
16:11:13.0437 1592 [ 63CAD765A65D573F0C86964634C9B55E ] BTKRNL C:\WINDOWS\system32\drivers\btkrnl.sys
16:11:13.0500 1592 BTKRNL - ok
16:11:13.0546 1592 [ 5EDA13E9634A8D4A0B8838A55F3DB3C9 ] BTTUNER C:\WINDOWS\system32\drivers\BTTUNER.sys
16:11:13.0546 1592 BTTUNER - ok
16:11:13.0640 1592 [ E80FEAEA3F3E75B166ECE8E47CF0A7E9 ] btwdins C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
16:11:13.0640 1592 btwdins - ok
16:11:13.0687 1592 [ 93AD77D88D94B9CD00EB74AB965372B5 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:11:13.0687 1592 BTWDNDIS - ok
16:11:13.0734 1592 [ FED57FEC0FC5A6DB34F80E9D2EE2A671 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
16:11:13.0734 1592 BTWUSB - ok
16:11:13.0765 1592 [ 396660BB5805CF0166269DB7D2215FE7 ] BTXBAR C:\WINDOWS\system32\drivers\BTXBAR.sys
16:11:13.0765 1592 BTXBAR - ok
16:11:13.0828 1592 [ B48362954D9E0B3069EBFDC283325FE5 ] C-Dilla C:\WINDOWS\System32\drivers\CDANT.SYS
16:11:13.0828 1592 C-Dilla - ok
16:11:13.0859 1592 [ 8EEF3110372D329549C8FB53209FE92C ] C-DillaSrv C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
16:11:13.0875 1592 C-DillaSrv - ok
16:11:13.0921 1592 [ 09878A41AB3FB1AAEFF9182D28FEBE42 ] CamthWDM C:\WINDOWS\system32\DRIVERS\CamthWDM.sys
16:11:13.0953 1592 CamthWDM - ok
16:11:13.0984 1592 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:11:13.0984 1592 cbidf2k - ok
16:11:14.0171 1592 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:11:14.0171 1592 CCDECODE - ok
16:11:14.0203 1592 cd20xrnt - ok
16:11:14.0250 1592 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:11:14.0250 1592 Cdaudio - ok
16:11:14.0281 1592 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:11:14.0281 1592 Cdfs - ok
16:11:14.0312 1592 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:11:14.0312 1592 Cdrom - ok
16:11:14.0359 1592 Changer - ok
16:11:14.0406 1592 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:11:14.0421 1592 CiSvc - ok
16:11:14.0484 1592 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:11:14.0515 1592 ClipSrv - ok
16:11:14.0562 1592 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:14.0671 1592 clr_optimization_v2.0.50727_32 - ok
16:11:14.0703 1592 CmdIde - ok
16:11:14.0718 1592 COMSysApp - ok
16:11:14.0765 1592 Cpqarray - ok
16:11:14.0812 1592 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:11:14.0843 1592 CryptSvc - ok
16:11:14.0875 1592 dac2w2k - ok
16:11:14.0890 1592 dac960nt - ok
16:11:14.0968 1592 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:11:14.0984 1592 DcomLaunch - ok
16:11:15.0046 1592 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:11:15.0046 1592 Dhcp - ok
16:11:15.0078 1592 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:11:15.0078 1592 Disk - ok
16:11:15.0109 1592 dmadmin - ok
16:11:15.0171 1592 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:11:15.0234 1592 dmboot - ok
16:11:15.0250 1592 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:11:15.0265 1592 dmio - ok
16:11:15.0296 1592 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:11:15.0312 1592 dmload - ok
16:11:15.0328 1592 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:11:15.0359 1592 dmserver - ok
16:11:15.0406 1592 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:11:15.0406 1592 DMusic - ok
16:11:15.0453 1592 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:11:15.0484 1592 Dnscache - ok
16:11:15.0515 1592 dpti2o - ok
16:11:15.0546 1592 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:11:15.0546 1592 drmkaud - ok
16:11:15.0625 1592 [ 333ACBAC6E4465727E1FE86DE3241F26 ] DTSRVC C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
16:11:15.0625 1592 DTSRVC - ok
16:11:15.0687 1592 [ 5B40D257176B7C1ED4367532C737E8A7 ] DumaNT C:\WINDOWS\system32\DRIVERS\dumant.sys
16:11:15.0718 1592 DumaNT - ok
16:11:15.0750 1592 dwshd - ok
16:11:15.0812 1592 [ 53028592D63ABA6E80F30884B2425520 ] Edspport C:\WINDOWS\system32\DRIVERS\es56tpi.sys
16:11:15.0828 1592 Edspport - ok
16:11:15.0875 1592 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:11:15.0906 1592 ERSvc - ok
16:11:15.0953 1592 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
16:11:15.0968 1592 Eventlog - ok
16:11:16.0015 1592 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\System32\es.dll
16:11:16.0062 1592 EventSystem - ok
16:11:16.0093 1592 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:11:16.0109 1592 Fastfat - ok
16:11:16.0156 1592 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:11:16.0218 1592 FastUserSwitchingCompatibility - ok
16:11:16.0265 1592 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:11:16.0265 1592 Fdc - ok
16:11:16.0281 1592 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
16:11:16.0281 1592 FETNDIS - ok
16:11:16.0328 1592 [ 32D68AF58C84D76EE637FE60AE6B2784 ] FETNDISB C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
16:11:16.0343 1592 FETNDISB - ok
16:11:16.0390 1592 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:11:16.0390 1592 Fips - ok
16:11:16.0421 1592 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:11:16.0421 1592 Flpydisk - ok
16:11:16.0484 1592 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:11:16.0484 1592 FltMgr - ok
16:11:16.0515 1592 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:11:16.0515 1592 Fs_Rec - ok
16:11:16.0562 1592 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:11:16.0562 1592 Ftdisk - ok
16:11:16.0578 1592 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:11:16.0578 1592 gameenum - ok
16:11:16.0625 1592 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:11:16.0625 1592 GEARAspiWDM - ok
16:11:16.0640 1592 GMSIPCI - ok
16:11:16.0687 1592 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:11:16.0703 1592 Gpc - ok
16:11:16.0765 1592 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:11:16.0796 1592 helpsvc - ok
16:11:16.0843 1592 HidServ - ok
16:11:16.0875 1592 hpn - ok
16:11:16.0906 1592 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:11:16.0921 1592 HTTP - ok
16:11:16.0968 1592 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:11:17.0000 1592 HTTPFilter - ok
16:11:17.0031 1592 i2omgmt - ok
16:11:17.0062 1592 i2omp - ok
16:11:17.0109 1592 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:11:17.0109 1592 i8042prt - ok
16:11:17.0140 1592 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:11:17.0140 1592 Imapi - ok
16:11:17.0203 1592 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:11:17.0250 1592 ImapiService - ok
16:11:17.0296 1592 ini910u - ok
16:11:17.0328 1592 IntelIde - ok
16:11:17.0375 1592 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:11:17.0375 1592 ip6fw - ok
16:11:17.0421 1592 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:11:17.0421 1592 IpFilterDriver - ok
16:11:17.0453 1592 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:11:17.0453 1592 IpInIp - ok
16:11:17.0500 1592 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:11:17.0500 1592 IpNat - ok
16:11:17.0562 1592 [ 688B773BA6074D5E9695EF1886FDCD3E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:11:17.0593 1592 iPod Service - ok
16:11:17.0625 1592 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:11:17.0625 1592 IPSec - ok
16:11:17.0656 1592 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:11:17.0656 1592 IRENUM - ok
16:11:17.0734 1592 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:11:17.0734 1592 isapnp - ok
16:11:17.0843 1592 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:11:17.0859 1592 JavaQuickStarterService - ok
16:11:17.0875 1592 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:11:17.0875 1592 Kbdclass - ok
16:11:17.0906 1592 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:11:17.0906 1592 kmixer - ok
16:11:17.0953 1592 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:11:17.0953 1592 KSecDD - ok
16:11:18.0000 1592 [ 58759156A6918913EDD368F995BE3E53 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
16:11:18.0000 1592 L8042Kbd - ok
16:11:18.0031 1592 [ 973F78482AA2F2760323900B3A501C40 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
16:11:18.0031 1592 L8042mou - ok
16:11:18.0093 1592 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:11:18.0125 1592 lanmanserver - ok
16:11:18.0171 1592 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:11:18.0250 1592 lanmanworkstation - ok
16:11:18.0265 1592 lbrtfdc - ok
16:11:18.0343 1592 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:11:18.0359 1592 LmHosts - ok
16:11:18.0406 1592 [ 2A3E4DB78B20B2CD2C548A48A8E6B1B7 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
16:11:18.0406 1592 LMouKE - ok
16:11:18.0453 1592 [ 6AD3F5275F117F08C12EAB2233A9E3FB ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
16:11:18.0468 1592 LVUSBSta - ok
16:11:18.0515 1592 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:11:18.0515 1592 MBAMProtector - ok
16:11:18.0609 1592 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:11:18.0656 1592 MBAMScheduler - ok
16:11:18.0718 1592 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:11:18.0750 1592 MBAMService - ok
16:11:18.0812 1592 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:11:18.0828 1592 MDM - ok
16:11:18.0890 1592 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:11:18.0921 1592 Messenger - ok
16:11:19.0031 1592 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:11:19.0062 1592 Microsoft Office Groove Audit Service - ok
16:11:19.0109 1592 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:11:19.0109 1592 mnmdd - ok
16:11:19.0171 1592 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:11:19.0218 1592 mnmsrvc - ok
16:11:19.0265 1592 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:11:19.0265 1592 Modem - ok
16:11:19.0296 1592 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:11:19.0296 1592 Mouclass - ok
16:11:19.0343 1592 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:11:19.0343 1592 MountMgr - ok
16:11:19.0359 1592 mraid35x - ok
16:11:19.0390 1592 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:11:19.0390 1592 MRxDAV - ok
16:11:19.0437 1592 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:11:19.0453 1592 MRxSmb - ok
16:11:19.0500 1592 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:11:19.0531 1592 MSDTC - ok
16:11:19.0562 1592 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:11:19.0562 1592 Msfs - ok
16:11:19.0593 1592 MSIServer - ok
16:11:19.0640 1592 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:11:19.0640 1592 MSKSSRV - ok
16:11:19.0671 1592 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:11:19.0671 1592 MSPCLOCK - ok
16:11:19.0703 1592 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:11:19.0703 1592 MSPQM - ok
16:11:19.0734 1592 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:11:19.0750 1592 mssmbios - ok
16:11:19.0796 1592 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:11:19.0796 1592 MSTEE - ok
16:11:19.0828 1592 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:11:19.0828 1592 Mup - ok
16:11:19.0859 1592 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:11:19.0859 1592 NABTSFEC - ok
16:11:19.0906 1592 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:11:19.0906 1592 NDIS - ok
16:11:19.0937 1592 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:11:19.0937 1592 NdisIP - ok
16:11:20.0000 1592 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:11:20.0000 1592 NdisTapi - ok
16:11:20.0031 1592 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:11:20.0031 1592 Ndisuio - ok
16:11:20.0062 1592 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:11:20.0062 1592 NdisWan - ok
16:11:20.0093 1592 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:11:20.0093 1592 NDProxy - ok
16:11:20.0125 1592 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:11:20.0125 1592 NetBIOS - ok
16:11:20.0171 1592 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:11:20.0171 1592 NetBT - ok
16:11:20.0234 1592 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:11:20.0265 1592 NetDDE - ok
16:11:20.0296 1592 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:11:20.0296 1592 NetDDEdsdm - ok
16:11:20.0343 1592 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:11:20.0343 1592 Netlogon - ok
16:11:20.0390 1592 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
16:11:20.0390 1592 Netman - ok
16:11:20.0437 1592 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
16:11:20.0437 1592 Nla - ok
16:11:20.0468 1592 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:11:20.0468 1592 Npfs - ok
16:11:20.0515 1592 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:11:20.0546 1592 Ntfs - ok
16:11:20.0578 1592 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:11:20.0578 1592 NtLmSsp - ok
16:11:20.0625 1592 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:11:20.0687 1592 NtmsSvc - ok
16:11:20.0750 1592 [ A568B9A9FFE2D9387222A5C90F86D731 ] NTSIM C:\WINDOWS\System32\ntsim.sys
16:11:20.0796 1592 NTSIM - ok
16:11:20.0828 1592 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:11:20.0828 1592 Null - ok
16:11:21.0093 1592 [ 8E72E452B9CC1E455D19E3C9FA964D37 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:11:21.0328 1592 nv - ok
16:11:21.0390 1592 [ 934833B3CD462A6F8A96F64D024C8B20 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:11:21.0406 1592 NVSvc - ok
16:11:21.0437 1592 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:11:21.0453 1592 NwlnkFlt - ok
16:11:21.0500 1592 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:11:21.0500 1592 NwlnkFwd - ok
16:11:21.0578 1592 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:11:21.0671 1592 odserv - ok
16:11:21.0718 1592 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:21.0765 1592 ose - ok
16:11:21.0812 1592 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:11:21.0828 1592 Parport - ok
16:11:21.0875 1592 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:11:21.0875 1592 PartMgr - ok
16:11:21.0921 1592 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:11:21.0937 1592 ParVdm - ok
16:11:21.0953 1592 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:11:21.0968 1592 PCI - ok
16:11:21.0984 1592 PCIDump - ok
16:11:22.0015 1592 PCIIde - ok
16:11:22.0062 1592 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:11:22.0062 1592 Pcmcia - ok
16:11:22.0078 1592 PDCOMP - ok
16:11:22.0109 1592 PDFRAME - ok
16:11:22.0171 1592 [ 8B604FD3AF820D20D480BC2137E8566E ] pdiddcci C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
16:11:22.0171 1592 pdiddcci - ok
16:11:22.0218 1592 [ 7E63820F5721C963DD2AAA8D3C5D12AC ] PdiPorts C:\WINDOWS\system32\Drivers\PdiPorts.sys
16:11:22.0218 1592 PdiPorts - ok
16:11:22.0250 1592 PDRELI - ok
16:11:22.0281 1592 PDRFRAME - ok
16:11:22.0296 1592 perc2 - ok
16:11:22.0328 1592 perc2hib - ok
16:11:22.0437 1592 [ 95F6C2E89B5B0EDF33BE7E0BEDF21991 ] PID_0928 C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
16:11:22.0437 1592 PID_0928 - ok
16:11:22.0484 1592 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
16:11:22.0484 1592 PlugPlay - ok
16:11:22.0515 1592 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:11:22.0515 1592 PolicyAgent - ok
16:11:22.0562 1592 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:11:22.0562 1592 PptpMiniport - ok
16:11:22.0593 1592 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:11:22.0593 1592 Processor - ok
16:11:22.0625 1592 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:11:22.0625 1592 ProtectedStorage - ok
16:11:22.0656 1592 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:11:22.0656 1592 PSched - ok
16:11:22.0703 1592 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:11:22.0703 1592 Ptilink - ok
16:11:22.0734 1592 ql1080 - ok
16:11:22.0765 1592 Ql10wnt - ok
16:11:22.0781 1592 ql12160 - ok
16:11:22.0812 1592 ql1240 - ok
16:11:22.0843 1592 ql1280 - ok
16:11:22.0859 1592 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:11:22.0859 1592 RasAcd - ok
16:11:22.0921 1592 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:11:22.0953 1592 RasAuto - ok
16:11:23.0015 1592 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:11:23.0015 1592 Rasl2tp - ok
16:11:23.0062 1592 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:11:23.0109 1592 RasMan - ok
16:11:23.0140 1592 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:11:23.0140 1592 RasPppoe - ok
16:11:23.0171 1592 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:11:23.0171 1592 Raspti - ok
16:11:23.0218 1592 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:11:23.0234 1592 Rdbss - ok
16:11:23.0265 1592 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:11:23.0265 1592 RDPCDD - ok
16:11:23.0312 1592 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:11:23.0328 1592 rdpdr - ok
16:11:23.0390 1592 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:11:23.0390 1592 RDPWD - ok
16:11:23.0437 1592 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:11:23.0468 1592 RDSessMgr - ok
16:11:23.0515 1592 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:11:23.0515 1592 redbook - ok
16:11:23.0562 1592 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:11:23.0625 1592 RemoteAccess - ok
16:11:23.0687 1592 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:11:23.0718 1592 RemoteRegistry - ok
16:11:23.0765 1592 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\System32\locator.exe
16:11:23.0828 1592 RpcLocator - ok
16:11:23.0875 1592 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:11:23.0875 1592 RpcSs - ok
16:11:23.0921 1592 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:11:23.0968 1592 RSVP - ok
16:11:24.0031 1592 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
16:11:24.0031 1592 SamSs - ok
16:11:24.0093 1592 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:11:24.0125 1592 SCardSvr - ok
16:11:24.0515 1592 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:11:24.0562 1592 Schedule - ok
16:11:24.0640 1592 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:11:24.0640 1592 Secdrv - ok
16:11:24.0671 1592 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:11:24.0718 1592 seclogon - ok
16:11:24.0750 1592 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
16:11:24.0796 1592 SENS - ok
16:11:24.0828 1592 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:11:24.0843 1592 serenum - ok
16:11:24.0890 1592 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:11:24.0890 1592 Serial - ok
16:11:24.0937 1592 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
16:11:24.0953 1592 sfdrv01 - ok
16:11:24.0968 1592 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
16:11:24.0984 1592 sfhlp02 - ok
16:11:25.0000 1592 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:11:25.0000 1592 Sfloppy - ok
16:11:25.0046 1592 [ B27F70092A84B2A381D1FCDBBB82F876 ] sfsync03 C:\WINDOWS\system32\drivers\sfsync03.sys
16:11:25.0046 1592 sfsync03 - ok
16:11:25.0093 1592 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:11:25.0171 1592 SharedAccess - ok
16:11:25.0218 1592 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:11:25.0218 1592 ShellHWDetection - ok
16:11:25.0250 1592 Simbad - ok
16:11:25.0281 1592 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:11:25.0281 1592 SLIP - ok
16:11:25.0296 1592 Sparrow - ok
16:11:25.0312 1592 SPLITCAM - ok
16:11:25.0328 1592 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:11:25.0343 1592 splitter - ok
16:11:25.0390 1592 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:11:25.0390 1592 Spooler - ok
16:11:25.0468 1592 [ 4F576E516CC76EC50A244586BCFA1C78 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
16:11:25.0468 1592 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4F576E516CC76EC50A244586BCFA1C78
16:11:25.0468 1592 sptd ( LockedFile.Multi.Generic ) - warning
16:11:25.0468 1592 sptd - detected LockedFile.Multi.Generic (1)
16:11:25.0515 1592 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:11:25.0515 1592 sr - ok
16:11:25.0546 1592 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
16:11:25.0609 1592 srservice - ok
16:11:25.0656 1592 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:11:25.0671 1592 Srv - ok
16:11:25.0703 1592 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:11:25.0734 1592 SSDPSRV - ok
16:11:25.0796 1592 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:11:25.0796 1592 ssmdrv - ok
16:11:25.0859 1592 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:11:25.0937 1592 stisvc - ok
16:11:25.0968 1592 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:11:25.0968 1592 streamip - ok
16:11:26.0015 1592 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:11:26.0015 1592 swenum - ok
16:11:26.0078 1592 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:11:26.0078 1592 swmidi - ok
16:11:26.0093 1592 SwPrv - ok
16:11:26.0140 1592 symc810 - ok
16:11:26.0156 1592 symc8xx - ok
16:11:26.0187 1592 sym_hi - ok
16:11:26.0218 1592 sym_u3 - ok
16:11:26.0250 1592 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:11:26.0250 1592 sysaudio - ok
16:11:26.0296 1592 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:11:26.0328 1592 SysmonLog - ok
16:11:26.0390 1592 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:11:26.0453 1592 TapiSrv - ok
16:11:26.0500 1592 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:11:26.0546 1592 Tcpip - ok
16:11:26.0593 1592 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:11:26.0609 1592 TDPIPE - ok
16:11:26.0640 1592 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:11:26.0656 1592 TDTCP - ok
16:11:26.0703 1592 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:11:26.0703 1592 TermDD - ok
16:11:26.0750 1592 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
16:11:26.0812 1592 TermService - ok
16:11:26.0859 1592 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:11:26.0859 1592 Themes - ok
16:11:26.0921 1592 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
16:11:26.0968 1592 TlntSvr - ok
16:11:26.0984 1592 TosIde - ok
16:11:27.0031 1592 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:11:27.0062 1592 TrkWks - ok
16:11:27.0125 1592 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:11:27.0140 1592 Udfs - ok
16:11:27.0156 1592 ultra - ok
16:11:27.0234 1592 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
16:11:27.0234 1592 UMWdf - ok
16:11:27.0265 1592 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:11:27.0281 1592 Update - ok
16:11:27.0312 1592 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:11:27.0375 1592 upnphost - ok
16:11:27.0421 1592 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
16:11:27.0453 1592 UPS - ok
16:11:27.0515 1592 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:11:27.0515 1592 usbehci - ok
16:11:27.0562 1592 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:11:27.0593 1592 usbhub - ok
16:11:27.0640 1592 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:11:27.0640 1592 usbprint - ok
16:11:27.0687 1592 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:11:27.0687 1592 usbscan - ok
16:11:27.0734 1592 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:11:27.0734 1592 USBSTOR - ok
16:11:27.0765 1592 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:11:27.0765 1592 usbuhci - ok
16:11:27.0828 1592 [ AF090265EC388BAB320F1FF7E7A7D5EA ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
16:11:27.0843 1592 USB_RNDIS - ok
16:11:27.0875 1592 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:11:27.0875 1592 VgaSave - ok
16:11:27.0921 1592 [ 0E3E3FAE3A0A58B8D936A8E841A17D16 ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
16:11:27.0921 1592 viaagp1 - ok
16:11:27.0968 1592 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:11:27.0968 1592 ViaIde - ok
16:11:28.0015 1592 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:11:28.0015 1592 VolSnap - ok
16:11:28.0078 1592 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
16:11:28.0125 1592 VSS - ok
16:11:28.0171 1592 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
16:11:28.0203 1592 W32Time - ok
16:11:28.0250 1592 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:11:28.0250 1592 Wanarp - ok
16:11:28.0265 1592 WDICA - ok
16:11:28.0328 1592 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:11:28.0328 1592 wdmaud - ok
16:11:28.0375 1592 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
16:11:28.0421 1592 WebClient - ok
16:11:28.0500 1592 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:11:28.0515 1592 winmgmt - ok
16:11:28.0609 1592 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
16:11:28.0656 1592 WmdmPmSN - ok
16:11:28.0703 1592 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:11:28.0718 1592 Wmi - ok
16:11:28.0765 1592 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:11:28.0812 1592 WmiApSrv - ok
16:11:28.0859 1592 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:11:28.0890 1592 wscsvc - ok
16:11:28.0937 1592 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:11:28.0937 1592 WSTCODEC - ok
16:11:28.0968 1592 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:11:29.0031 1592 wuauserv - ok
16:11:29.0109 1592 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:11:29.0140 1592 WZCSVC - ok
16:11:29.0187 1592 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:11:29.0281 1592 xmlprov - ok
16:11:29.0359 1592 ================ Scan global ===============================
16:11:29.0390 1592 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
16:11:29.0453 1592 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
16:11:29.0671 1592 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
16:11:29.0703 1592 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
16:11:29.0703 1592 [Global] - ok
16:11:29.0718 1592 ================ Scan MBR ==================================
16:11:29.0734 1592 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
16:11:29.0890 1592 \Device\Harddisk0\DR0 - ok
16:11:29.0906 1592 ================ Scan VBR ==================================
16:11:29.0906 1592 [ F9E9513F0A848801D084AE2266EA0258 ] \Device\Harddisk0\DR0\Partition1
16:11:29.0906 1592 \Device\Harddisk0\DR0\Partition1 - ok
16:11:29.0953 1592 [ 4B869BF7364C2AEBC68D840D1DD49923 ] \Device\Harddisk0\DR0\Partition2
16:11:29.0953 1592 \Device\Harddisk0\DR0\Partition2 - ok
16:11:29.0968 1592 ============================================================
16:11:29.0968 1592 Scan finished
16:11:29.0968 1592 ============================================================
16:11:30.0000 2220 Detected object count: 1
16:11:30.0000 2220 Actual detected object count: 1
16:11:39.0171 2220 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:11:39.0171 2220 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:11:51.0375 2372 Deinitialize success

[jaro3]

Doinstaluj SP3!

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.