Kontrola logu HJT

miruska27 · Příspěvekod **miruska27** » 30 říj 2013 12:33

Hezký den.... Prosím o kontrolu logu HJT. PC je celkem v pohodě,jen občas chytne vysoké otáčky větráku a na chvilku se při tom zpomají... Děkuji předem.... M*
P.S. Log z MBAM je čistý......

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:31:35, on 30.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Programy\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://93.91.146.154:8080/RtspVaPgDec.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9808349156
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5262 bytes

Reklama

Příspěvekod **memphisto** » 30 říj 2013 17:46

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

miruska27 · Příspěvekod **miruska27** » 30 říj 2013 19:55

Vyčištěno ATF,logy přikládám......... Děkuji :-)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.10.30.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
PC :: PC-7C45B7D3D4B1 [administrátor]

30.10.2013 19:05:40
mbam-log-2013-10-30 (19-05-40).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 238792
Uplynulý čas: 9 minut, 27 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

# AdwCleaner v3.010 - Report created 30/10/2013 at 19:54:02
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PC - PC-7C45B7D3D4B1
# Running from : C:\Documents and Settings\PC\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\xpkdeqc5.default-1349209841078\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword
Found : search_url

*************************

AdwCleaner[R22].txt - [1026 octets] - [24/10/2013 18:32:44]
AdwCleaner[R23].txt - [1149 octets] - [26/10/2013 09:29:15]
AdwCleaner[R24].txt - [1008 octets] - [30/10/2013 19:54:02]
AdwCleaner[S21].txt - [1074 octets] - [24/10/2013 18:33:43]
AdwCleaner[S22].txt - [1198 octets] - [26/10/2013 09:30:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R24].txt - [1191 octets] ##########

Příspěvekod **jaro3** » 31 říj 2013 10:09

Při těch zvýšených otáčkách je vyšší zatížení CPU?

Stáhni si Junkware Removal Tool

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

miruska27 · Příspěvekod **miruska27** » 31 říj 2013 11:50

Tady jsou........

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by PC on čt 31.10.2013 at 11:40:02,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on čt 31.10.2013 at 11:44:57,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : PC [Práva správce]
Mód : Kontrola -- Datum : 10/31/2013 11:50:05
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160812AS +++++
--- User ---
[MBR] a7e27a47c1925e748fd8b414b05ae22c
[BSP] 33a74d24879a55a23a6b317f405ef8ef : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST500DM002-1BC142 +++++
--- User ---
[MBR] 55d701f18ae3d975d4025168140fef2e
[BSP] 479d92e7b9bedbe478d42be45c0d6ee7 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 99990 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_10312013_115005.txt >>

Příspěvekod **jaro3** » 31 říj 2013 19:41

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

miruska27 · Příspěvekod **miruska27** » 31 říj 2013 20:39

Děkuji,přilkládám logy........

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : PC [Práva správce]
Mód : Odebrat -- Datum : 10/31/2013 20:22:05
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160812AS +++++
--- User ---
[MBR] a7e27a47c1925e748fd8b414b05ae22c
[BSP] 33a74d24879a55a23a6b317f405ef8ef : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST500DM002-1BC142 +++++
--- User ---
[MBR] 55d701f18ae3d975d4025168140fef2e
[BSP] 479d92e7b9bedbe478d42be45c0d6ee7 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 99990 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_10312013_202205.txt >>
RKreport[0]_S_10312013_202158.txt

20:23:52.0281 3196 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:23:54.0531 3196 ============================================================
20:23:54.0531 3196 Current date / time: 2013/10/31 20:23:54.0531
20:23:54.0531 3196 SystemInfo:
20:23:54.0531 3196
20:23:54.0531 3196 OS Version: 5.1.2600 ServicePack: 3.0
20:23:54.0531 3196 Product type: Workstation
20:23:54.0531 3196 ComputerName: PC-7C45B7D3D4B1
20:23:54.0531 3196 UserName: PC
20:23:54.0531 3196 Windows directory: C:\WINDOWS
20:23:54.0531 3196 System windows directory: C:\WINDOWS
20:23:54.0531 3196 Processor architecture: Intel x86
20:23:54.0531 3196 Number of processors: 2
20:23:54.0531 3196 Page size: 0x1000
20:23:54.0531 3196 Boot type: Normal boot
20:23:54.0531 3196 ============================================================
20:23:55.0250 3196 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:23:55.0250 3196 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:23:55.0281 3196 ============================================================
20:23:55.0281 3196 \Device\Harddisk0\DR0:
20:23:55.0281 3196 MBR partitions:
20:23:55.0281 3196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
20:23:55.0281 3196 \Device\Harddisk1\DR1:
20:23:55.0281 3196 MBR partitions:
20:23:55.0281 3196 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xC34B3CC
20:23:55.0281 3196 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
20:23:55.0281 3196 ============================================================
20:23:55.0328 3196 C: <-> \Device\Harddisk0\DR0\Partition1
20:23:55.0359 3196 E: <-> \Device\Harddisk1\DR1\Partition2
20:23:55.0390 3196 F: <-> \Device\Harddisk1\DR1\Partition1
20:23:55.0390 3196 ============================================================
20:23:55.0390 3196 Initialize success
20:23:55.0390 3196 ============================================================
20:23:57.0578 2972 ============================================================
20:23:57.0578 2972 Scan started
20:23:57.0578 2972 Mode: Manual;
20:23:57.0578 2972 ============================================================
20:23:58.0390 2972 ================ Scan system memory ========================
20:23:58.0390 2972 System memory - ok
20:23:58.0390 2972 ================ Scan services =============================
20:23:58.0515 2972 Abiosdsk - ok
20:23:58.0531 2972 abp480n5 - ok
20:23:58.0593 2972 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:23:58.0593 2972 ACPI - ok
20:23:58.0625 2972 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:23:58.0625 2972 ACPIEC - ok
20:23:58.0718 2972 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:58.0718 2972 AdobeFlashPlayerUpdateSvc - ok
20:23:58.0734 2972 adpu160m - ok
20:23:58.0781 2972 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:23:58.0781 2972 aec - ok
20:23:58.0843 2972 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:23:58.0843 2972 AFD - ok
20:23:58.0843 2972 Aha154x - ok
20:23:58.0859 2972 aic78u2 - ok
20:23:58.0859 2972 aic78xx - ok
20:23:58.0906 2972 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:23:58.0906 2972 Alerter - ok
20:23:58.0937 2972 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
20:23:58.0937 2972 ALG - ok
20:23:58.0937 2972 AliIde - ok
20:23:58.0937 2972 amsint - ok
20:23:59.0000 2972 [ 1E57CC3B6082A5D0919CA3C4D465934B ] AmUStor C:\WINDOWS\system32\drivers\AmUStor.SYS
20:23:59.0000 2972 AmUStor - ok
20:23:59.0031 2972 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:23:59.0031 2972 AppMgmt - ok
20:23:59.0046 2972 asc - ok
20:23:59.0046 2972 asc3350p - ok
20:23:59.0046 2972 asc3550 - ok
20:23:59.0218 2972 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:23:59.0234 2972 aspnet_state - ok
20:23:59.0250 2972 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:23:59.0250 2972 AsyncMac - ok
20:23:59.0296 2972 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:23:59.0296 2972 atapi - ok
20:23:59.0296 2972 Atdisk - ok
20:23:59.0343 2972 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:23:59.0343 2972 Atmarpc - ok
20:23:59.0359 2972 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:23:59.0375 2972 AudioSrv - ok
20:23:59.0421 2972 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:23:59.0421 2972 audstub - ok
20:23:59.0500 2972 [ F015919EB77F994B06E862C4D7BA0B75 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:23:59.0500 2972 b57w2k - ok
20:23:59.0546 2972 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:23:59.0562 2972 Beep - ok
20:23:59.0625 2972 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
20:23:59.0625 2972 BITS - ok
20:23:59.0687 2972 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
20:23:59.0687 2972 Browser - ok
20:23:59.0750 2972 [ 74EF010B27A2BF44DD5649DD331899A0 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
20:23:59.0750 2972 btaudio - ok
20:23:59.0812 2972 [ 3C7C61C3D0B0F87136AD925CA624DC1C ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
20:23:59.0812 2972 BTDriver - ok
20:23:59.0890 2972 [ 515617CC36E7C5BEE744B3C62AFFB4F5 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:23:59.0890 2972 BTKRNL - ok
20:24:00.0125 2972 [ CBA04EA1D394951549D26EA2EC3D85E6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
20:24:00.0125 2972 btwdins - ok
20:24:00.0156 2972 [ 2CCD954AAC705AAA98AD7E545BD44EFE ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:24:00.0156 2972 BTWDNDIS - ok
20:24:00.0234 2972 [ AF60E6FFEF11CC9653D5EDC0B238893B ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
20:24:00.0234 2972 btwhid - ok
20:24:00.0281 2972 [ A1DA2B09932F7BA210174695644F1490 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
20:24:00.0281 2972 btwmodem - ok
20:24:00.0359 2972 [ DCEFFEEAE5672E57DD1343236FBB5763 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
20:24:00.0359 2972 BTWUSB - ok
20:24:00.0578 2972 catchme - ok
20:24:00.0625 2972 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:24:00.0625 2972 cbidf2k - ok
20:24:00.0640 2972 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:24:00.0640 2972 CCDECODE - ok
20:24:00.0656 2972 cd20xrnt - ok
20:24:00.0687 2972 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:24:00.0687 2972 Cdaudio - ok
20:24:00.0734 2972 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:24:00.0734 2972 Cdfs - ok
20:24:00.0796 2972 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:24:00.0796 2972 Cdrom - ok
20:24:00.0796 2972 Changer - ok
20:24:00.0828 2972 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:24:00.0828 2972 CiSvc - ok
20:24:00.0843 2972 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:24:00.0843 2972 ClipSrv - ok
20:24:00.0921 2972 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:00.0984 2972 clr_optimization_v2.0.50727_32 - ok
20:24:01.0031 2972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:01.0078 2972 clr_optimization_v4.0.30319_32 - ok
20:24:01.0078 2972 CmdIde - ok
20:24:01.0078 2972 COMSysApp - ok
20:24:01.0093 2972 Cpqarray - ok
20:24:01.0140 2972 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:24:01.0140 2972 CryptSvc - ok
20:24:01.0140 2972 dac2w2k - ok
20:24:01.0156 2972 dac960nt - ok
20:24:01.0218 2972 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:24:01.0234 2972 DcomLaunch - ok
20:24:01.0250 2972 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:24:01.0250 2972 Dhcp - ok
20:24:01.0250 2972 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:24:01.0250 2972 Disk - ok
20:24:01.0265 2972 dmadmin - ok
20:24:01.0312 2972 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:24:01.0328 2972 dmboot - ok
20:24:01.0328 2972 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:24:01.0328 2972 dmio - ok
20:24:01.0343 2972 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:24:01.0359 2972 dmload - ok
20:24:01.0359 2972 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:24:01.0359 2972 dmserver - ok
20:24:01.0437 2972 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:24:01.0437 2972 DMusic - ok
20:24:01.0500 2972 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:24:01.0500 2972 Dnscache - ok
20:24:01.0531 2972 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:24:01.0531 2972 Dot3svc - ok
20:24:01.0562 2972 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:24:01.0578 2972 Dot4 - ok
20:24:01.0640 2972 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:24:01.0640 2972 Dot4Print - ok
20:24:01.0640 2972 [ CCC4092DFC85336F2E1C142483ADEB42 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:24:01.0640 2972 dot4usb - ok
20:24:01.0640 2972 dpti2o - ok
20:24:01.0734 2972 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:24:01.0734 2972 drmkaud - ok
20:24:01.0765 2972 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:24:01.0765 2972 EapHost - ok
20:24:01.0796 2972 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:24:01.0796 2972 ERSvc - ok
20:24:01.0859 2972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
20:24:01.0859 2972 Eventlog - ok
20:24:01.0921 2972 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
20:24:01.0921 2972 EventSystem - ok
20:24:01.0984 2972 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:24:01.0984 2972 Fastfat - ok
20:24:02.0046 2972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:24:02.0046 2972 FastUserSwitchingCompatibility - ok
20:24:02.0046 2972 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:24:02.0062 2972 Fdc - ok
20:24:02.0062 2972 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:24:02.0062 2972 Fips - ok
20:24:02.0078 2972 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:24:02.0078 2972 Flpydisk - ok
20:24:02.0125 2972 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:24:02.0140 2972 FltMgr - ok
20:24:02.0187 2972 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:24:02.0187 2972 FontCache3.0.0.0 - ok
20:24:02.0203 2972 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:24:02.0203 2972 Fs_Rec - ok
20:24:02.0203 2972 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:24:02.0203 2972 Ftdisk - ok
20:24:02.0234 2972 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:24:02.0234 2972 Gpc - ok
20:24:02.0296 2972 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:24:02.0296 2972 HDAudBus - ok
20:24:02.0359 2972 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:24:02.0359 2972 helpsvc - ok
20:24:02.0406 2972 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:24:02.0406 2972 HidServ - ok
20:24:02.0453 2972 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:24:02.0453 2972 hidusb - ok
20:24:02.0468 2972 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:24:02.0468 2972 hkmsvc - ok
20:24:02.0484 2972 hpn - ok
20:24:02.0531 2972 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:24:02.0531 2972 HTTP - ok
20:24:02.0578 2972 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:24:02.0578 2972 HTTPFilter - ok
20:24:02.0593 2972 i2omgmt - ok
20:24:02.0593 2972 i2omp - ok
20:24:02.0625 2972 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:24:02.0625 2972 i8042prt - ok
20:24:02.0687 2972 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:24:02.0703 2972 ialm - ok
20:24:02.0765 2972 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:24:02.0796 2972 idsvc - ok
20:24:02.0828 2972 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:24:02.0828 2972 Imapi - ok
20:24:02.0890 2972 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:24:02.0890 2972 ImapiService - ok
20:24:02.0890 2972 ini910u - ok
20:24:03.0125 2972 [ BC18E3C3CCFF1704678C057B1D032A4B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:24:03.0171 2972 IntcAzAudAddService - ok
20:24:03.0171 2972 IntelIde - ok
20:24:03.0234 2972 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:24:03.0234 2972 intelppm - ok
20:24:03.0265 2972 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:24:03.0265 2972 Ip6Fw - ok
20:24:03.0296 2972 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:24:03.0296 2972 IpFilterDriver - ok
20:24:03.0312 2972 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:24:03.0312 2972 IpInIp - ok
20:24:03.0312 2972 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:24:03.0312 2972 IpNat - ok
20:24:03.0390 2972 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:24:03.0390 2972 IPSec - ok
20:24:03.0421 2972 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:24:03.0421 2972 IRENUM - ok
20:24:03.0468 2972 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:24:03.0468 2972 isapnp - ok
20:24:03.0625 2972 [ 80A79264302910C7C24BA7E44267EFEF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:24:03.0625 2972 JavaQuickStarterService - ok
20:24:03.0640 2972 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:24:03.0640 2972 Kbdclass - ok
20:24:03.0656 2972 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:24:03.0656 2972 kbdhid - ok
20:24:03.0671 2972 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:24:03.0671 2972 kmixer - ok
20:24:03.0703 2972 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:24:03.0703 2972 KSecDD - ok
20:24:03.0781 2972 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:24:03.0781 2972 LanmanServer - ok
20:24:03.0843 2972 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:24:03.0843 2972 lanmanworkstation - ok
20:24:03.0843 2972 lbrtfdc - ok
20:24:03.0906 2972 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:24:03.0906 2972 LmHosts - ok
20:24:03.0921 2972 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:24:03.0921 2972 Messenger - ok
20:24:03.0968 2972 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:24:03.0968 2972 mnmdd - ok
20:24:04.0000 2972 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:24:04.0015 2972 mnmsrvc - ok
20:24:04.0031 2972 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:24:04.0031 2972 Modem - ok
20:24:04.0046 2972 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:24:04.0046 2972 Mouclass - ok
20:24:04.0078 2972 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:24:04.0078 2972 mouhid - ok
20:24:04.0109 2972 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:24:04.0109 2972 MountMgr - ok
20:24:04.0156 2972 [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:24:04.0171 2972 MozillaMaintenance - ok
20:24:04.0203 2972 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:24:04.0203 2972 MpFilter - ok
20:24:04.0218 2972 mraid35x - ok
20:24:04.0218 2972 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:24:04.0218 2972 MRxDAV - ok
20:24:04.0296 2972 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:24:04.0296 2972 MRxSmb - ok
20:24:04.0328 2972 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:24:04.0328 2972 MSDTC - ok
20:24:04.0343 2972 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:24:04.0343 2972 Msfs - ok
20:24:04.0343 2972 MSIServer - ok
20:24:04.0359 2972 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:24:04.0359 2972 MSKSSRV - ok
20:24:04.0453 2972 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:24:04.0453 2972 MsMpSvc - ok
20:24:04.0484 2972 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:24:04.0484 2972 MSPCLOCK - ok
20:24:04.0500 2972 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:24:04.0500 2972 MSPQM - ok
20:24:04.0546 2972 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:24:04.0546 2972 mssmbios - ok
20:24:04.0593 2972 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:24:04.0593 2972 MSTEE - ok
20:24:04.0625 2972 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:24:04.0625 2972 Mup - ok
20:24:04.0656 2972 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:24:04.0671 2972 NABTSFEC - ok
20:24:04.0687 2972 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:24:04.0703 2972 napagent - ok
20:24:04.0750 2972 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:24:04.0750 2972 NDIS - ok
20:24:04.0781 2972 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:24:04.0781 2972 NdisIP - ok
20:24:04.0812 2972 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:24:04.0812 2972 NdisTapi - ok
20:24:04.0875 2972 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:24:04.0875 2972 Ndisuio - ok
20:24:04.0890 2972 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:24:04.0890 2972 NdisWan - ok
20:24:04.0953 2972 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:24:04.0953 2972 NDProxy - ok
20:24:05.0015 2972 [ 284432E671F1AF6B09B81DA24D3ABCAE ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:24:05.0015 2972 Net Driver HPZ12 - ok
20:24:05.0046 2972 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:24:05.0046 2972 NetBIOS - ok
20:24:05.0078 2972 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:24:05.0078 2972 NetBT - ok
20:24:05.0125 2972 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:24:05.0125 2972 NetDDE - ok
20:24:05.0125 2972 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:24:05.0125 2972 NetDDEdsdm - ok
20:24:05.0171 2972 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:24:05.0171 2972 Netlogon - ok
20:24:05.0171 2972 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
20:24:05.0187 2972 Netman - ok
20:24:05.0218 2972 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:05.0281 2972 NetTcpPortSharing - ok
20:24:05.0328 2972 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
20:24:05.0328 2972 Nla - ok
20:24:05.0343 2972 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:24:05.0343 2972 Npfs - ok
20:24:05.0421 2972 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:24:05.0421 2972 Ntfs - ok
20:24:05.0421 2972 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:24:05.0437 2972 NtLmSsp - ok
20:24:05.0468 2972 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:24:05.0468 2972 NtmsSvc - ok
20:24:05.0500 2972 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:24:05.0500 2972 Null - ok
20:24:05.0953 2972 [ 785500CE8693C06EAAF29FAA64DB17C5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:24:06.0031 2972 nv - ok
20:24:06.0218 2972 [ F6D0A922BD18260609D7219B4519F845 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:24:06.0218 2972 NVSvc - ok
20:24:06.0375 2972 [ 3C4D7533121337F5691F56E0E3AF4D35 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:24:06.0375 2972 nvUpdatusService - ok
20:24:06.0406 2972 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:24:06.0406 2972 NwlnkFlt - ok
20:24:06.0421 2972 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:24:06.0421 2972 NwlnkFwd - ok
20:24:06.0484 2972 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:06.0500 2972 ose - ok
20:24:06.0546 2972 [ 5FAE249A5635A52970652CA8EB216515 ] PAC7302 C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
20:24:06.0546 2972 PAC7302 - ok
20:24:06.0562 2972 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:24:06.0562 2972 Parport - ok
20:24:06.0578 2972 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:24:06.0578 2972 PartMgr - ok
20:24:06.0625 2972 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:24:06.0625 2972 ParVdm - ok
20:24:06.0640 2972 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:24:06.0640 2972 pccsmcfd - ok
20:24:06.0656 2972 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:24:06.0656 2972 PCI - ok
20:24:06.0656 2972 PCIDump - ok
20:24:06.0703 2972 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:24:06.0703 2972 PCIIde - ok
20:24:06.0718 2972 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:24:06.0718 2972 Pcmcia - ok
20:24:06.0750 2972 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
20:24:06.0750 2972 pcouffin - ok
20:24:06.0750 2972 PDCOMP - ok
20:24:06.0765 2972 PDFRAME - ok
20:24:06.0765 2972 PDRELI - ok
20:24:06.0765 2972 PDRFRAME - ok
20:24:06.0781 2972 perc2 - ok
20:24:06.0781 2972 perc2hib - ok
20:24:06.0828 2972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
20:24:06.0828 2972 PlugPlay - ok
20:24:06.0843 2972 [ 4153912765F7F2DE2A5C9A241ABB03FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:24:06.0843 2972 Pml Driver HPZ12 - ok
20:24:06.0843 2972 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:24:06.0843 2972 PolicyAgent - ok
20:24:06.0859 2972 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:24:06.0859 2972 PptpMiniport - ok
20:24:06.0875 2972 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:24:06.0875 2972 ProtectedStorage - ok
20:24:06.0875 2972 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:24:06.0875 2972 PSched - ok
20:24:06.0890 2972 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:24:06.0890 2972 Ptilink - ok
20:24:06.0890 2972 ql1080 - ok
20:24:06.0890 2972 Ql10wnt - ok
20:24:06.0906 2972 ql12160 - ok
20:24:06.0906 2972 ql1240 - ok
20:24:06.0906 2972 ql1280 - ok
20:24:06.0921 2972 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:24:06.0921 2972 RasAcd - ok
20:24:06.0968 2972 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:24:06.0968 2972 RasAuto - ok
20:24:07.0000 2972 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:24:07.0000 2972 Rasl2tp - ok
20:24:07.0031 2972 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:24:07.0031 2972 RasMan - ok
20:24:07.0031 2972 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:24:07.0031 2972 RasPppoe - ok
20:24:07.0046 2972 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:24:07.0046 2972 Raspti - ok
20:24:07.0062 2972 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:24:07.0062 2972 Rdbss - ok
20:24:07.0062 2972 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:24:07.0062 2972 RDPCDD - ok
20:24:07.0093 2972 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:24:07.0093 2972 rdpdr - ok
20:24:07.0125 2972 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:24:07.0125 2972 RDPWD - ok
20:24:07.0156 2972 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:24:07.0156 2972 RDSessMgr - ok
20:24:07.0187 2972 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:24:07.0187 2972 redbook - ok
20:24:07.0218 2972 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:24:07.0234 2972 RemoteAccess - ok
20:24:07.0250 2972 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:24:07.0250 2972 RemoteRegistry - ok
20:24:07.0281 2972 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
20:24:07.0281 2972 Revoflt - ok
20:24:07.0312 2972 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:24:07.0312 2972 ROOTMODEM - ok
20:24:07.0343 2972 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:24:07.0343 2972 RpcLocator - ok
20:24:07.0390 2972 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:24:07.0390 2972 RpcSs - ok
20:24:07.0421 2972 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:24:07.0437 2972 RSVP - ok
20:24:07.0484 2972 [ 0A7293EDC2537652A4914018A7589F14 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:24:07.0484 2972 rt2870 - ok
20:24:07.0515 2972 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
20:24:07.0515 2972 SamSs - ok
20:24:07.0546 2972 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:24:07.0562 2972 SCardSvr - ok
20:24:07.0609 2972 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:24:07.0609 2972 Schedule - ok
20:24:07.0640 2972 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:24:07.0640 2972 Secdrv - ok
20:24:07.0687 2972 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:24:07.0687 2972 seclogon - ok
20:24:07.0687 2972 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
20:24:07.0687 2972 SENS - ok
20:24:07.0703 2972 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:24:07.0703 2972 serenum - ok
20:24:07.0718 2972 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:24:07.0718 2972 Serial - ok
20:24:07.0796 2972 [ 78F7BB9F4924BE164294C59B8C3FC096 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:24:07.0812 2972 ServiceLayer - ok
20:24:07.0859 2972 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:24:07.0859 2972 Sfloppy - ok
20:24:07.0890 2972 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:24:07.0890 2972 SharedAccess - ok
20:24:07.0906 2972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:24:07.0906 2972 ShellHWDetection - ok
20:24:07.0921 2972 Simbad - ok
20:24:07.0984 2972 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:24:07.0984 2972 SkypeUpdate - ok
20:24:08.0031 2972 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:24:08.0031 2972 SLIP - ok
20:24:08.0031 2972 Sparrow - ok
20:24:08.0078 2972 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:24:08.0078 2972 splitter - ok
20:24:08.0125 2972 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:24:08.0140 2972 Spooler - ok
20:24:08.0203 2972 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:24:08.0203 2972 sr - ok
20:24:08.0218 2972 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
20:24:08.0218 2972 srservice - ok
20:24:08.0296 2972 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:24:08.0296 2972 Srv - ok
20:24:08.0343 2972 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:24:08.0343 2972 SSDPSRV - ok
20:24:08.0421 2972 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:24:08.0421 2972 stisvc - ok
20:24:08.0468 2972 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:24:08.0468 2972 streamip - ok
20:24:08.0500 2972 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:24:08.0500 2972 swenum - ok
20:24:08.0515 2972 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:24:08.0515 2972 swmidi - ok
20:24:08.0515 2972 SwPrv - ok
20:24:08.0515 2972 symc810 - ok
20:24:08.0531 2972 symc8xx - ok
20:24:08.0531 2972 sym_hi - ok
20:24:08.0531 2972 sym_u3 - ok
20:24:08.0546 2972 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:24:08.0546 2972 sysaudio - ok
20:24:08.0578 2972 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:24:08.0578 2972 SysmonLog - ok
20:24:08.0593 2972 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:24:08.0593 2972 TapiSrv - ok
20:24:08.0625 2972 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:24:08.0640 2972 Tcpip - ok
20:24:08.0671 2972 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:24:08.0671 2972 TDPIPE - ok
20:24:08.0687 2972 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:24:08.0687 2972 TDTCP - ok
20:24:08.0718 2972 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:24:08.0718 2972 TermDD - ok
20:24:08.0750 2972 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
20:24:08.0750 2972 TermService - ok
20:24:08.0765 2972 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:24:08.0765 2972 Themes - ok
20:24:08.0812 2972 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:24:08.0812 2972 TlntSvr - ok
20:24:08.0812 2972 TosIde - ok
20:24:08.0843 2972 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:24:08.0843 2972 TrkWks - ok
20:24:08.0875 2972 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:24:08.0875 2972 Udfs - ok
20:24:08.0875 2972 ultra - ok
20:24:08.0921 2972 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:24:08.0921 2972 Update - ok
20:24:08.0953 2972 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
20:24:08.0968 2972 upnphost - ok
20:24:08.0984 2972 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
20:24:08.0984 2972 UPS - ok
20:24:09.0015 2972 [ 65898A183FBF1D1F7759D5CCB364DCD4 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:24:09.0015 2972 usbaudio - ok
20:24:09.0078 2972 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:24:09.0078 2972 usbccgp - ok
20:24:09.0078 2972 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:24:09.0093 2972 usbehci - ok
20:24:09.0109 2972 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:24:09.0109 2972 usbhub - ok
20:24:09.0140 2972 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:24:09.0140 2972 usbprint - ok
20:24:09.0156 2972 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:24:09.0156 2972 usbscan - ok
20:24:09.0187 2972 [ 84C44D720655A8AA475E57A9E764D675 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
20:24:09.0187 2972 usbser - ok
20:24:09.0218 2972 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:24:09.0218 2972 USBSTOR - ok
20:24:09.0250 2972 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:24:09.0250 2972 usbuhci - ok
20:24:09.0250 2972 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:24:09.0250 2972 VgaSave - ok
20:24:09.0265 2972 ViaIde - ok
20:24:09.0312 2972 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:24:09.0312 2972 VolSnap - ok
20:24:09.0343 2972 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
20:24:09.0359 2972 VSS - ok
20:24:09.0406 2972 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
20:24:09.0406 2972 W32Time - ok
20:24:09.0421 2972 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:09.0421 2972 Wanarp - ok
20:24:09.0468 2972 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:24:09.0468 2972 Wdf01000 - ok
20:24:09.0484 2972 WDICA - ok
20:24:09.0515 2972 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:24:09.0515 2972 wdmaud - ok
20:24:09.0531 2972 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:24:09.0546 2972 WebClient - ok
20:24:09.0656 2972 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:24:09.0656 2972 winmgmt - ok
20:24:09.0703 2972 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:24:09.0718 2972 WmdmPmSN - ok
20:24:09.0765 2972 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:24:09.0765 2972 Wmi - ok
20:24:09.0781 2972 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:24:09.0781 2972 WmiAcpi - ok
20:24:09.0812 2972 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:24:09.0812 2972 WmiApSrv - ok
20:24:09.0921 2972 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:24:09.0953 2972 WMPNetworkSvc - ok
20:24:09.0968 2972 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:24:09.0968 2972 WpdUsb - ok
20:24:10.0031 2972 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:24:10.0046 2972 WPFFontCache_v0400 - ok
20:24:10.0093 2972 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:24:10.0093 2972 WS2IFSL - ok
20:24:10.0156 2972 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:24:10.0156 2972 wscsvc - ok
20:24:10.0187 2972 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:24:10.0187 2972 WSTCODEC - ok
20:24:10.0218 2972 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:24:10.0234 2972 wuauserv - ok
20:24:10.0281 2972 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:24:10.0281 2972 WudfPf - ok
20:24:10.0312 2972 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:24:10.0312 2972 WudfRd - ok
20:24:10.0343 2972 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:24:10.0359 2972 WudfSvc - ok
20:24:10.0375 2972 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:24:10.0406 2972 WZCSVC - ok
20:24:10.0453 2972 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:24:10.0453 2972 xmlprov - ok
20:24:10.0468 2972 ================ Scan global ===============================
20:24:10.0500 2972 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
20:24:10.0578 2972 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
20:24:10.0578 2972 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
20:24:10.0593 2972 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
20:24:10.0593 2972 [Global] - ok
20:24:10.0593 2972 ================ Scan MBR ==================================
20:24:10.0625 2972 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
20:24:10.0796 2972 \Device\Harddisk0\DR0 - ok
20:24:10.0812 2972 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
20:24:11.0187 2972 \Device\Harddisk1\DR1 - ok
20:24:11.0187 2972 ================ Scan VBR ==================================
20:24:11.0203 2972 [ EDEC965F398CF4DE1AE6E102BEFCA175 ] \Device\Harddisk0\DR0\Partition1
20:24:11.0203 2972 \Device\Harddisk0\DR0\Partition1 - ok
20:24:11.0203 2972 [ F11F41EA942AA7213079D504D3D2E361 ] \Device\Harddisk1\DR1\Partition1
20:24:11.0203 2972 \Device\Harddisk1\DR1\Partition1 - ok
20:24:11.0203 2972 [ D7B2562BA29B9B8799C25A1D6A41AFA7 ] \Device\Harddisk1\DR1\Partition2
20:24:11.0218 2972 \Device\Harddisk1\DR1\Partition2 - ok
20:24:11.0218 2972 ============================================================
20:24:11.0218 2972 Scan finished
20:24:11.0218 2972 ============================================================
20:24:11.0218 2484 Detected object count: 0
20:24:11.0218 2484 Actual detected object count: 0
20:25:49.0500 3120 Deinitialize success

miruska27 · Příspěvekod **miruska27** » 31 říj 2013 20:40

A ještě CF

ComboFix 13-10-31.01 - PC 31.10.2013 20:30:51.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2559.2135 [GMT 1:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-28 do 2013-10-31 )))))))))))))))))))))))))))))))
.
.
2013-10-31 10:45 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98560328-EE3E-492F-8CA6-A2410E123504}\mpengine.dll
2013-10-30 21:43 . 2013-10-30 21:43 -------- d-----w- c:\program files\SlimDrivers
2013-10-24 17:32 . 2013-10-30 18:54 -------- d-----w- C:\AdwCleaner
2013-10-24 17:08 . 2013-10-24 17:08 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Abelssoft
2013-10-18 14:16 . 2013-10-18 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-10-18 13:41 . 2013-10-08 05:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-18 13:40 . 2013-10-08 05:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-10 18:17 . 2013-10-10 18:17 -------- d-----w- c:\documents and settings\PC\Data aplikací\28198
2013-10-09 03:22 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 03:21 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-09 03:21 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-09 03:21 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 06:39 . 2013-07-29 17:10 7796464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-08 12:19 . 2012-09-20 21:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 12:19 . 2012-09-20 21:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2013-07-27 11:40 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2012-05-14 13:26 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-14 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20145368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2000-01-01 00:00 258048 ----a-w- c:\program files\AmIcoSingLun\AmIcoSinglun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-05-14 14:16 116648 ----atw- c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-01-03 08:44 108984 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2000-01-01 00:00 1982312 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 09:08 20472992 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-08-24 18:03 1052496 ----a-w- c:\documents and settings\PC\Data aplikací\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\PC\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [1.1.2000 1:00 52312]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [31.1.2013 18:46 47360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [28.7.2013 15:38 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 12:19]
.
2013-10-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://93.91.146.154:8080/RtspVaPgDec.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\xpkdeqc5.default-1349209841078\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-31 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-10-31 20:37:23
ComboFix-quarantined-files.txt 2013-10-31 19:37
.
Před spuštěním: Volných bajtů: 112 187 363 328
Po spuštění: Volných bajtů: 112 167 108 608
.
- - End Of File - - 6C26EC7E2A3134A46BD5E7F4CA2BFF55
413FC2A0C716421B3158746D63736515

Příspěvekod **jaro3** » 01 lis 2013 09:31

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Folder::
c:\program files\Skype\Updater

Driver::
SkypeUpdate

DDS::
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://93.91.146.154:8080/RtspVaPgDec.cab

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

miruska27 · Příspěvekod **miruska27** » 01 lis 2013 12:11

Děkuji,přikládám logy....

ComboFix 13-10-31.01 - PC 01.11.2013 11:57:40.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2559.2142 [GMT 1:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-01 do 2013-11-01 )))))))))))))))))))))))))))))))
.
.
2013-10-31 10:45 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{98560328-EE3E-492F-8CA6-A2410E123504}\mpengine.dll
2013-10-30 21:43 . 2013-10-30 21:43 -------- d-----w- c:\program files\SlimDrivers
2013-10-24 17:32 . 2013-10-30 18:54 -------- d-----w- C:\AdwCleaner
2013-10-24 17:08 . 2013-10-24 17:08 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Abelssoft
2013-10-18 14:16 . 2013-10-18 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-10-18 13:41 . 2013-10-08 05:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-18 13:40 . 2013-10-08 05:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-10 18:17 . 2013-10-10 18:17 -------- d-----w- c:\documents and settings\PC\Data aplikací\28198
2013-10-09 03:22 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 03:21 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-09 03:21 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-09 03:21 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 06:39 . 2013-07-29 17:10 7796464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-08 12:19 . 2012-09-20 21:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 12:19 . 2012-09-20 21:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2013-07-27 11:40 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2012-05-14 13:26 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-14 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20145368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2000-01-01 00:00 258048 ----a-w- c:\program files\AmIcoSingLun\AmIcoSinglun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-05-14 14:16 116648 ----atw- c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-01-03 08:44 108984 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2000-01-01 00:00 1982312 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 09:08 20472992 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-08-24 18:03 1052496 ----a-w- c:\documents and settings\PC\Data aplikací\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\PC\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [1.1.2000 1:00 52312]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [31.1.2013 18:46 47360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [28.7.2013 15:38 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 12:19]
.
2013-11-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\xpkdeqc5.default-1349209841078\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-01 12:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1256)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-11-01 12:06:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-01 11:06
ComboFix2.txt 2013-10-31 19:37
.
Před spuštěním: Volných bajtů: 112 169 459 712
Po spuštění: Volných bajtů: 112 110 907 392
.
- - End Of File - - AA05AD6265A20077A869575A2CE84945
413FC2A0C716421B3158746D63736515

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 12:07:42
-----------------------------
12:07:42.984 OS Version: Windows 5.1.2600 Service Pack 3
12:07:42.984 Number of processors: 2 586 0x40A
12:07:42.984 ComputerName: PC-7C45B7D3D4B1 UserName: PC
12:07:43.343 Initialize success
12:07:59.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
12:07:59.250 Disk 0 Vendor: ST3160812AS 3.AHH Size: 152627MB BusType: 3
12:07:59.250 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-11
12:07:59.250 Disk 1 Vendor: ST500DM002-1BC142 JC4B Size: 476940MB BusType: 3
12:07:59.500 Disk 0 MBR read successfully
12:07:59.500 Disk 0 MBR scan
12:07:59.500 Disk 0 Windows XP default MBR code
12:07:59.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
12:07:59.500 Disk 0 scanning sectors +312560640
12:07:59.562 Disk 0 scanning C:\WINDOWS\system32\drivers
12:08:06.140 Service scanning
12:08:18.234 Modules scanning
12:08:25.515 Disk 0 trace - called modules:
12:08:25.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:08:25.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a16dab8]
12:08:25.531 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a197f18]
12:08:25.531 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a193d98]
12:08:25.531 Scan finished successfully
12:09:21.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PC\Plocha\MBR.dat"
12:09:21.937 The log file has been saved successfully to "C:\Documents and Settings\PC\Plocha\aswMBR.txt"

Příspěvekod **memphisto** » 01 lis 2013 19:27

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

+ Nový log z HJT

Jak se chová PC?

miruska27 · Příspěvekod **miruska27** » 01 lis 2013 20:02

Vyčištěno a přikládám log.......... Chování je úplně stejní jako přes tím...... :oops:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:01:18, on 1.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Programy\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9808349156
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5065 bytes

Kontrola logu HJT Vyřešeno

Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Re: Kontrola logu HJT

Kdo je online