kontrola stařenky v práci... Vyřešeno

[John.Ross]

Poprosil bych o kontrolu logu stařenky PCčka mé drahé polovice v práci

Předem moc děkuji odvážlivci, který se do toho dá...

LOG:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:43, on 27.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Táta\Dokumenty\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.10.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.30.1394.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.30.1394.0 (User 'Default user')
O4 - Global Startup: hpzsetup.LNK = D:\HPZstub.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9739140359
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Terminal Server Connection Manager (tscmgmt) - Unknown owner - C:\WINDOWS\system32\tscmgmt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 7736 bytes

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.30.1394.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.30.1394.0 (User 'Default user')
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9739140359

Pokud neznáš proxy, tak i:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.10.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[John.Ross]

fííha 40'kousků

log


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.26.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Táta :: ADDDESIGN-PC2 [administrátor]

27.2.2012 15:48:01
mbam-log-2012-02-27 (16-12-25).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 177623
Uplynulý čas: 15 minut, 50 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 23
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network|UID (Malware.Trace) -> Data: HOME-8F0142AC30_01057F5C -> Žádná instrukce nebyla provedena.

Nalezené datové položky v registru: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Špatný: (0) Dobrý: (1) -> Žádná instrukce nebyla provedena.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Špatný: ("regedit.exe" "%1") Dobrý: (regedit.exe "%1") -> Žádná instrukce nebyla provedena.

Nalezené složky: 4
C:\Documents and Settings\LocalService\Data aplikací\sysproc64 (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\NetworkService\Data aplikací\sysproc64 (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Program Files\SoftwareRevenue.org (Adware.ActiveSearch) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 10
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\usrhdsa.exe (Backdoor.NetCat) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\LocalService\Data aplikací\sysproc64\sysproc32.sys (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\NetworkService\Data aplikací\sysproc64\sysproc32.sys (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Program Files\SoftwareRevenue.org\Activeshopper_trim.bmp (Adware.ActiveSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\SoftwareRevenue.org\EnglishHarbourIcon.ico (Adware.ActiveSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\SoftwareRevenue.org\googlepage.bmp (Adware.ActiveSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\SoftwareRevenue.org\partypoker.ico (Adware.ActiveSearch) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Žádná instrukce nebyla provedena.

(konec)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[John.Ross]

První log z |MBAM nevyběhl, místo toho chtěl restart počítače (asi proto, že nebyla nainstalována konzola pro zotavení...:( , takže log z MBAM je až ten druhý po výmazu....


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.26.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Táta :: ADDDESIGN-PC2 [administrátor]

27.2.2012 20:53:48
mbam-log-2012-02-27 (20-53-48).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 177224
Uplynulý čas: 11 minut, 49 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)


A po projetí combem LOG:

ComboFix 12-02-27.02 - Táta 27.02.2012 21:48:00.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.378 [GMT 1:00]
Spuštěný z: c:\documents and settings\Táta\Plocha\ComboFix.exe
AV: Antivirový systém AVG 7.0.289 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\mi2.exe
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET22E.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\TZLog.log
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-27 do 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 09:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 22:11 . 2012-02-26 22:11 -------- d-----w- c:\program files\Reference Assemblies
2012-02-26 20:29 . 2012-02-26 20:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2012-02-26 18:29 . 2012-02-23 16:11 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\drivers\msmpu401.sys
2012-02-22 09:23 . 2012-02-22 09:23 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\PCHealth
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\program files\MSBuild
2012-02-22 09:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-22 09:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-22 09:03 . 2012-02-22 09:04 -------- d-----w- C:\f50b39369c4fcb2f0514f47cc9f0
2012-02-21 15:02 . 2012-02-21 15:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft Help
2012-02-21 14:28 . 2012-02-21 14:28 -------- d-sh--w- c:\documents and settings\Táta\IECompatCache
2012-02-21 14:23 . 2012-02-21 14:23 -------- d-sh--w- c:\documents and settings\Táta\PrivacIE
2012-02-21 14:20 . 2012-02-21 14:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-21 14:19 . 2012-02-21 14:19 -------- d-sh--w- c:\documents and settings\Táta\IETldCache
2012-02-21 14:09 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-21 14:07 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-21 14:07 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-21 14:07 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-21 14:02 . 2012-02-21 14:07 -------- dc-h--w- c:\windows\ie8
2012-02-21 10:49 . 2012-02-21 10:49 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\Microsoft Help
2012-02-21 10:09 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-21 10:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-21 10:06 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-21 10:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-21 10:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-21 10:04 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-21 10:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-21 10:03 . 2012-02-21 10:03 -------- d-----w- c:\program files\HP
2012-02-21 10:00 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-21 10:00 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-21 09:56 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-21 09:55 . 2012-02-21 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-02-21 09:55 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-21 09:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-21 09:55 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-21 09:55 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-21 09:54 . 2012-02-21 09:54 -------- d-sh--w- c:\windows\ftpcache
2012-02-21 09:54 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-21 09:52 . 2012-02-21 09:52 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-21 09:52 . 2007-04-10 11:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-02-21 09:52 . 2010-08-10 13:02 81408 ----a-w- c:\windows\system32\E_TD4BHEE.DLL
2012-02-21 09:40 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-21 09:40 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-21 09:40 . 2008-04-21 21:15 216576 ----a-w- c:\program files\Windows NT\Accessories\SET1F3.tmp
2012-02-21 09:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-21 09:31 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-20 11:54 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-02-20 11:26 . 2012-02-20 11:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2012-02-20 11:16 . 2012-02-20 11:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-20 09:06 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2012-02-20 08:49 . 2012-02-20 08:49 -------- d-----w- C:\output
2012-02-20 08:31 . 2012-02-20 10:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\PhotoScape
2012-02-20 08:29 . 2012-02-20 08:30 -------- d-----w- c:\program files\PhotoScape
2012-02-20 08:21 . 2012-02-20 08:24 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Filter Forge 3
2012-02-20 07:48 . 2012-02-09 13:13 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-17 11:00 . 2012-02-17 11:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Mikrotik
2012-02-15 12:18 . 2012-02-20 08:17 -------- d-----w- c:\documents and settings\Táta\.gimp-2.6
2012-02-15 11:42 . 2012-02-15 11:42 -------- d-----w- c:\program files\XnView
2012-02-15 10:44 . 2012-02-15 10:44 -------- d-----w- c:\documents and settings\Táta\Data aplikací\inkscape
2012-02-15 10:40 . 2012-02-15 10:43 -------- d-----w- c:\program files\Inkscape
2012-02-09 13:45 . 2012-02-15 12:37 -------- d-----w- c:\documents and settings\Táta\Data aplikací\XnView
2012-02-09 12:26 . 2012-02-09 12:26 -------- d-----w- c:\documents and settings\Táta\Data aplikací\OpenOffice.org
2012-02-09 09:29 . 2008-04-14 07:52 33792 ------w- c:\windows\system32\mmcperf.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-02-09 09:23 . 2008-04-13 21:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-02-09 09:23 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-02-09 09:21 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003272_.tmp
2012-02-09 08:31 . 2012-02-26 21:11 -------- d-----w- C:\ADDDESIGN
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\SBD files
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- c:\program files\Cutting Technologies
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\Hsprint
2012-02-08 12:05 . 2010-07-12 13:49 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-02-08 12:05 . 2010-07-12 13:49 67400 ----a-w- c:\windows\system32\ftcserco.dll
2012-02-08 12:05 . 2010-07-12 13:48 73032 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-02-08 12:05 . 2010-07-12 13:50 198464 ----a-w- c:\windows\system32\ftd2xx.dll
2012-02-08 12:05 . 2010-07-12 13:50 105288 ----a-w- c:\windows\system32\ftbusui.dll
2012-02-08 12:05 . 2010-07-12 13:49 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-02-08 12:05 . 2010-07-12 13:49 60104 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-02-06 14:05 . 2012-02-06 14:05 -------- d-----w- c:\program files\OpenOffice.org 3
2012-02-06 08:56 . 2012-02-06 08:56 -------- d-----w- c:\documents and settings\Táta\Data aplikací\DWGeditor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 13:13 . 2011-11-05 22:22 31552 -c--a-w- c:\windows\system32\TURegOpt.exe
2012-01-12 17:20 . 2004-08-17 13:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hpzsetup.LNK - D:\HPZstub.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2024:TCP"= 2024:TCP:guyohzch
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2007 15:05 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [26.2.2012 19:29 24408]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [23.4.2005 9:21 14912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [9.2.2012 14:13 1529152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [13.10.2011 17:33 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S2 jrjsmvutg;Server Helper;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S2 TeamViewer7;TeamViewer 7;c:\docume~1\TTA~1\LOCALS~1\Temp\TeamViewer\Version7\TeamViewer_Service.exe --> c:\docume~1\TTA~1\LOCALS~1\Temp\TeamViewer\Version7\TeamViewer_Service.exe [?]
S2 tscmgmt;Terminal Server Connection Manager;c:\windows\system32\tscmgmt.exe [17.8.2004 14:49 8192]
S3 abvqjki;abvqjki;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 adsgsq;adsgsq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afbdk;afbdk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afnwhsr;afnwhsr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 bzrzxjbh;bzrzxjbh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cbzhyf;cbzhyf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ckacgrmz;ckacgrmz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 corivuw;corivuw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cwxhmm;cwxhmm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cyphqy;cyphqy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 daxbhk;daxbhk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dbtxmk;dbtxmk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dvhzf;dvhzf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 egkusi;egkusi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 eizcej;eizcej;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evlwjmsh;evlwjmsh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evqzsnunx;evqzsnunx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjlfi;fjlfi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjqefsb;fjqefsb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gaxxmgbq;gaxxmgbq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gfpoqbde;gfpoqbde;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gghjl;gghjl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gipaixwn;gipaixwn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S3 hiylzjrij;hiylzjrij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hjqbqwcm;hjqbqwcm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hkzrnouy;hkzrnouy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys [?]
S3 igsiij;igsiij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ihkad;ihkad;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ijhnsamdx;ijhnsamdx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ipstvh;ipstvh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jlqqui;jlqqui;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jpdezojbe;jpdezojbe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jqcrrfw;jqcrrfw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jscptory;jscptory;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jygrwuyz;jygrwuyz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 legvkhdh;legvkhdh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ljepgj;ljepgj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lvtcdcz;lvtcdcz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lzqhtqb;lzqhtqb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 mlnbpedm;mlnbpedm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ncnks;ncnks;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ngtdzciy;ngtdzciy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nrmxzyvl;nrmxzyvl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 obmszr;obmszr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ohrjjjs;ohrjjjs;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 okesmnu;okesmnu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ompsejc;ompsejc;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pepxxn;pepxxn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pllgjgn;pllgjgn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pnfxbja;pnfxbja;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ptzls;ptzls;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvknfa;pvknfa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvwbcrisk;pvwbcrisk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pymcfu;pymcfu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qigwd;qigwd;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qkfidfax;qkfidfax;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qqvapatz;qqvapatz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qtgmhikf;qtgmhikf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 quivrcl;quivrcl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rbownqwm;rbownqwm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rplwjiamu;rplwjiamu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys --> c:\windows\system32\DRIVERS\sbusb.sys [?]
S3 smmufitk;smmufitk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sonhzw;sonhzw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 spvmqe;spvmqe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sqylkl;sqylkl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 stomqt;stomqt;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sucuwcj;sucuwcj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 suwwbzoeb;suwwbzoeb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tdoke;tdoke;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tgdfz;tgdfz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tnbefu;tnbefu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tuxhrel;tuxhrel;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tvvdndsqg;tvvdndsqg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tzsduqj;tzsduqj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 uavdcvo;uavdcvo;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ucuexm;ucuexm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 vtnxuxin;vtnxuxin;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wegoiriil;wegoiriil;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wwyflsegb;wwyflsegb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xgwua;xgwua;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xhsyvhxbw;xhsyvhxbw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xifcqf;xifcqf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xplvdwbsy;xplvdwbsy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xyfnzrdb;xyfnzrdb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yabmg;yabmg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yekth;yekth;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ygbmst;ygbmst;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yogggdcub;yogggdcub;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yulpqlqk;yulpqlqk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yzziw;yzziw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zjwvgxh;zjwvgxh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zrlwa;zrlwa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jrjsmvutg
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 20:29]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 20:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 10.0.10.1:3128
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.10.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 21:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\abvqjki]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adsgsq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afbdk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afnwhsr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\bzrzxjbh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbzhyf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ckacgrmz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\corivuw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cwxhmm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cyphqy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\daxbhk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dbtxmk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dvhzf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\egkusi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\eizcej]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evlwjmsh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evqzsnunx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjlfi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjqefsb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gaxxmgbq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gfpoqbde]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gghjl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gipaixwn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hiylzjrij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hjqbqwcm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hkzrnouy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\igsiij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ihkad]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ijhnsamdx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ipstvh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jlqqui]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jpdezojbe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jqcrrfw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jscptory]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jygrwuyz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\legvkhdh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ljepgj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lvtcdcz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lzqhtqb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mlnbpedm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ncnks]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ngtdzciy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nrmxzyvl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\obmszr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohrjjjs]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\okesmnu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ompsejc]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pepxxn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pllgjgn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pnfxbja]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ptzls]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvknfa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvwbcrisk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pymcfu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qigwd]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qkfidfax]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qqvapatz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qtgmhikf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\quivrcl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rbownqwm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rplwjiamu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\smmufitk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sonhzw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\spvmqe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sqylkl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stomqt]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sucuwcj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\suwwbzoeb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tdoke]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tgdfz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tnbefu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tuxhrel]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tvvdndsqg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tzsduqj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\uavdcvo]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ucuexm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vtnxuxin]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wegoiriil]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wwyflsegb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xgwua]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xhsyvhxbw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xifcqf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xplvdwbsy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xyfnzrdb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yabmg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yekth]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ygbmst]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yogggdcub]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yulpqlqk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yzziw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zjwvgxh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zrlwa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jrjsmvutg]
"ServiceDll"="c:\windows\system32\phqreek.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1292428093-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{473CC802-2DB2-B9EC-A114-6D587B64B552}*]
"hakldljdbhiffoka"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
"iaembbacnagcgmlgko"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{473CC802-2DB2-B9EC-A114-6D587B64B552}\InProcServer32*]
"jagmmnjpcbhbpkdimncd"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,
70,6f,67,00,00
"iagmonlbhblleoomno"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
Celkový čas: 2012-02-27 21:58:54
ComboFix-quarantined-files.txt 2012-02-27 20:58
.
Před spuštěním: Volných bajtů: 20 400 484 352
Po spuštění: Volných bajtů: 20 502 355 968
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D804C914F8227A71CB3EEFB97E5D1695

[jaro3]

Uff! Těch nákaz..musíme script udělat 2x.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE--zkopírovat celé , je tam posuvník!

Kód: Vybrat vše

KillAll::
File::
c:\program files\Windows NT\Accessories\SET1F3.tmp
c:\windows\003272_.tmp
c:\windows\system32\01.tmp

Folder::
c:\progra~1\MYWEBS~1

Driver::
guyohzch
jrjsmvutg
TeamViewer7
abvqjki
adsgsq
afbdk
afnwhsr
bzrzxjbh
cbzhyf
ckacgrmz
corivuw
cwxhmm
cyphqy
daxbhk
dbtxmk
dvhzf
egkusi
eizcej
evlwjmsh
evqzsnunx
fjlfi
fjqefsb
gaxxmgbq
gfpoqbde
gghjl
gipaixwn
hiylzjrij
hkzrnouy
idrmkl
igsiij
ihkad
ijhnsamdx
ipstvh
jlqqui
jpdezojbe
jqcrrfw
jscptory
jygrwuyz
legvkhdh
ljepgj
lvtcdcz
lzqhtqb
mlnbpedm
ncnks
ngtdzciy
nrmxzyvl
obmszr
ohrjjjs
okesmnu
ompsejc
pepxxn
pllgjgn
pnfxbja
ptzls
pvknfa
pvwbcrisk
pymcfu
qigwd
qkfidfax
qqvapatz
qtgmhikf
quivrcl
rbownqwm
rplwjiamu
sbusb
smmufitk
sonhzw
spvmqe
sqylkl
stomqt
sucuwcj
suwwbzoeb
tdoke
tgdfz
tnbefu
tuxhrel
tvvdndsqg
tzsduqj
uavdcvo
ucuexm
vtnxuxin
wegoiriil
wwyflsegb
xgwua
xhsyvhxbw
xifcqf
xplvdwbsy
xyfnzrdb
yabmg
yekth
ygbmst
yogggdcub
yulpqlqk
yzziw
zjwvgxh
zrlwa
jrjsmvutg

NetSvcs::
jrjsmvutg

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MyWebSearch Plugin"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2024:TCP"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[John.Ross]

TDSS LOG

14:45:33.0453 2632 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
14:45:33.0531 2632 ============================================================
14:45:33.0531 2632 Current date / time: 2012/02/28 14:45:33.0531
14:45:33.0531 2632 SystemInfo:
14:45:33.0531 2632
14:45:33.0531 2632 OS Version: 5.1.2600 ServicePack: 3.0
14:45:33.0531 2632 Product type: Workstation
14:45:33.0531 2632 ComputerName: ADDDESIGN-PC2
14:45:33.0531 2632 UserName: Táta
14:45:33.0531 2632 Windows directory: C:\WINDOWS
14:45:33.0531 2632 System windows directory: C:\WINDOWS
14:45:33.0531 2632 Processor architecture: Intel x86
14:45:33.0531 2632 Number of processors: 1
14:45:33.0531 2632 Page size: 0x1000
14:45:33.0531 2632 Boot type: Normal boot
14:45:33.0531 2632 ============================================================
14:45:34.0953 2632 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:45:34.0953 2632 \Device\Harddisk0\DR0:
14:45:34.0953 2632 MBR used
14:45:34.0953 2632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
14:45:34.0984 2632 Initialize success
14:45:34.0984 2632 ============================================================
14:45:38.0328 2748 ============================================================
14:45:38.0328 2748 Scan started
14:45:38.0328 2748 Mode: Manual;
14:45:38.0328 2748 ============================================================
14:45:39.0125 2748 Abiosdsk - ok
14:45:39.0171 2748 abp480n5 - ok
14:45:39.0234 2748 abvqjki - ok
14:45:39.0312 2748 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:45:39.0312 2748 ACPI - ok
14:45:39.0421 2748 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:45:39.0421 2748 ACPIEC - ok
14:45:39.0484 2748 adpu160m - ok
14:45:39.0531 2748 adsgsq - ok
14:45:39.0843 2748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:45:39.0843 2748 aec - ok
14:45:39.0890 2748 afbdk - ok
14:45:39.0968 2748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:45:39.0968 2748 AFD - ok
14:45:40.0000 2748 afnwhsr - ok
14:45:40.0062 2748 Aha154x - ok
14:45:40.0125 2748 aic78u2 - ok
14:45:40.0187 2748 aic78xx - ok
14:45:40.0281 2748 AliIde - ok
14:45:40.0375 2748 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:45:40.0375 2748 AmdK7 - ok
14:45:40.0406 2748 amsint - ok
14:45:40.0484 2748 asc - ok
14:45:40.0531 2748 asc3350p - ok
14:45:40.0593 2748 asc3550 - ok
14:45:40.0718 2748 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
14:45:40.0718 2748 Aspi32 - ok
14:45:40.0796 2748 aswKbd (d58ac76eb4d2b478b654ebd6550965bb) C:\WINDOWS\system32\drivers\aswKbd.sys
14:45:40.0796 2748 aswKbd - ok
14:45:40.0875 2748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:45:40.0875 2748 AsyncMac - ok
14:45:40.0953 2748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:45:40.0968 2748 atapi - ok
14:45:41.0031 2748 Atdisk - ok
14:45:41.0093 2748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:45:41.0109 2748 Atmarpc - ok
14:45:41.0187 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:45:41.0187 2748 audstub - ok
14:45:41.0281 2748 AvgTdi (bc3366a7635ccf91dbcc8bcda312f078) C:\WINDOWS\System32\Drivers\avgtdi.sys
14:45:41.0281 2748 AvgTdi - ok
14:45:41.0359 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:45:41.0359 2748 Beep - ok
14:45:41.0453 2748 bzrzxjbh - ok
14:45:41.0562 2748 catchme - ok
14:45:41.0656 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:45:41.0656 2748 cbidf2k - ok
14:45:41.0703 2748 cbzhyf - ok
14:45:41.0781 2748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:45:41.0781 2748 CCDECODE - ok
14:45:41.0828 2748 cd20xrnt - ok
14:45:41.0890 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:45:41.0890 2748 Cdaudio - ok
14:45:41.0968 2748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:45:41.0968 2748 Cdfs - ok
14:45:42.0015 2748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:45:42.0031 2748 Cdrom - ok
14:45:42.0078 2748 Changer - ok
14:45:42.0156 2748 ckacgrmz - ok
14:45:42.0250 2748 CmdIde - ok
14:45:42.0375 2748 cmuda (b1caa5fc57878292e93ee783cb067d69) C:\WINDOWS\system32\drivers\cmuda.sys
14:45:42.0390 2748 cmuda - ok
14:45:42.0437 2748 corivuw - ok
14:45:42.0484 2748 Cpqarray - ok
14:45:42.0562 2748 CrystalSysInfo - ok
14:45:42.0656 2748 ctsfm2k (499e69bd99543569bf212b93142220e9) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
14:45:42.0671 2748 ctsfm2k - ok
14:45:42.0718 2748 cwxhmm - ok
14:45:42.0765 2748 cyphqy - ok
14:45:42.0828 2748 dac2w2k - ok
14:45:42.0890 2748 dac960nt - ok
14:45:42.0921 2748 daxbhk - ok
14:45:42.0968 2748 dbtxmk - ok
14:45:43.0078 2748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:45:43.0078 2748 Disk - ok
14:45:43.0187 2748 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
14:45:43.0187 2748 dmboot - ok
14:45:43.0281 2748 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
14:45:43.0281 2748 dmio - ok
14:45:43.0359 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:45:43.0359 2748 dmload - ok
14:45:43.0437 2748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:45:43.0437 2748 DMusic - ok
14:45:43.0515 2748 dpti2o - ok
14:45:43.0609 2748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:45:43.0609 2748 drmkaud - ok
14:45:43.0671 2748 dvhzf - ok
14:45:43.0734 2748 egkusi - ok
14:45:43.0781 2748 eizcej - ok
14:45:43.0890 2748 evlwjmsh - ok
14:45:43.0937 2748 evqzsnunx - ok
14:45:44.0000 2748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:45:44.0000 2748 Fastfat - ok
14:45:44.0093 2748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:45:44.0093 2748 Fdc - ok
14:45:44.0156 2748 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
14:45:44.0156 2748 Fips - ok
14:45:44.0203 2748 fjlfi - ok
14:45:44.0250 2748 fjqefsb - ok
14:45:44.0343 2748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:45:44.0359 2748 Flpydisk - ok
14:45:44.0437 2748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:45:44.0453 2748 FltMgr - ok
14:45:44.0515 2748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:45:44.0531 2748 Fs_Rec - ok
14:45:44.0609 2748 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys
14:45:44.0609 2748 FTDIBUS - ok
14:45:44.0671 2748 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:45:44.0671 2748 Ftdisk - ok
14:45:44.0750 2748 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys
14:45:44.0750 2748 FTSER2K - ok
14:45:44.0812 2748 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:45:44.0812 2748 gameenum - ok
14:45:44.0875 2748 gaxxmgbq - ok
14:45:44.0921 2748 gfpoqbde - ok
14:45:44.0968 2748 gghjl - ok
14:45:45.0015 2748 gipaixwn - ok
14:45:45.0109 2748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:45:45.0109 2748 Gpc - ok
14:45:45.0234 2748 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
14:45:45.0234 2748 hamachi - ok
14:45:45.0328 2748 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys
14:45:45.0343 2748 Hardlock - ok
14:45:45.0437 2748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:45:45.0437 2748 HidUsb - ok
14:45:45.0468 2748 hiylzjrij - ok
14:45:45.0515 2748 hjqbqwcm - ok
14:45:45.0562 2748 hkzrnouy - ok
14:45:45.0609 2748 hpn - ok
14:45:45.0703 2748 HPZid412 (2a8a2aa68185b47632188f1a8be44170) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:45:45.0703 2748 HPZid412 - ok
14:45:45.0781 2748 HPZipr12 (0a520679b0ad3f438e88b746d0c5ba6c) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:45:45.0781 2748 HPZipr12 - ok
14:45:45.0828 2748 HPZius12 (1d53f2b2051a3fce2c8ef0e01b042e25) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:45:45.0828 2748 HPZius12 - ok
14:45:45.0953 2748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:45:45.0968 2748 HTTP - ok
14:45:46.0031 2748 i2omgmt - ok
14:45:46.0093 2748 i2omp - ok
14:45:46.0140 2748 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:45:46.0140 2748 i8042prt - ok
14:45:46.0203 2748 idrmkl - ok
14:45:46.0265 2748 igsiij - ok
14:45:46.0312 2748 ihkad - ok
14:45:46.0375 2748 ijhnsamdx - ok
14:45:46.0437 2748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:45:46.0437 2748 Imapi - ok
14:45:46.0531 2748 ini910u - ok
14:45:46.0609 2748 IntelIde - ok
14:45:46.0687 2748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:45:46.0687 2748 Ip6Fw - ok
14:45:46.0781 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:45:46.0781 2748 IpFilterDriver - ok
14:45:46.0859 2748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:45:46.0859 2748 IpInIp - ok
14:45:46.0953 2748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:45:46.0953 2748 IpNat - ok
14:45:47.0000 2748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:45:47.0000 2748 IPSec - ok
14:45:47.0062 2748 ipstvh - ok
14:45:47.0140 2748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:45:47.0140 2748 IRENUM - ok
14:45:47.0218 2748 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:45:47.0218 2748 isapnp - ok
14:45:47.0265 2748 jlqqui - ok
14:45:47.0328 2748 jpdezojbe - ok
14:45:47.0375 2748 jqcrrfw - ok
14:45:47.0390 2748 Suspicious service (NoAccess): jrjsmvutg
14:45:47.0437 2748 jscptory - ok
14:45:47.0500 2748 jygrwuyz - ok
14:45:47.0562 2748 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:45:47.0562 2748 Kbdclass - ok
14:45:47.0625 2748 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:45:47.0625 2748 kbdhid - ok
14:45:47.0718 2748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:45:47.0718 2748 kmixer - ok
14:45:47.0812 2748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:45:47.0812 2748 KSecDD - ok
14:45:47.0890 2748 lbrtfdc - ok
14:45:47.0953 2748 legvkhdh - ok
14:45:48.0062 2748 ljepgj - ok
14:45:48.0156 2748 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\WINDOWS\system32\drivers\LUMDriver.sys
14:45:48.0156 2748 LUMDriver - ok
14:45:48.0250 2748 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys
14:45:48.0250 2748 LVRS - ok
14:45:48.0312 2748 lvtcdcz - ok
14:45:48.0359 2748 lzqhtqb - ok
14:45:48.0453 2748 mlnbpedm - ok
14:45:48.0531 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:45:48.0531 2748 mnmdd - ok
14:45:48.0640 2748 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
14:45:48.0640 2748 Modem - ok
14:45:48.0718 2748 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:45:48.0718 2748 Mouclass - ok
14:45:48.0765 2748 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:45:48.0765 2748 mouhid - ok
14:45:48.0875 2748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:45:48.0875 2748 MountMgr - ok
14:45:48.0937 2748 mraid35x - ok
14:45:49.0031 2748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:45:49.0031 2748 MRxDAV - ok
14:45:49.0109 2748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:45:49.0125 2748 MRxSmb - ok
14:45:49.0218 2748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:45:49.0218 2748 Msfs - ok
14:45:49.0312 2748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:45:49.0312 2748 MSKSSRV - ok
14:45:49.0390 2748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:45:49.0390 2748 MSPCLOCK - ok
14:45:49.0453 2748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:45:49.0453 2748 MSPQM - ok
14:45:49.0515 2748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:45:49.0515 2748 mssmbios - ok
14:45:49.0593 2748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:45:49.0593 2748 MSTEE - ok
14:45:49.0703 2748 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
14:45:49.0703 2748 ms_mpu401 - ok
14:45:49.0781 2748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:45:49.0781 2748 Mup - ok
14:45:49.0859 2748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:45:49.0859 2748 NABTSFEC - ok
14:45:49.0968 2748 ncnks - ok
14:45:50.0031 2748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:45:50.0046 2748 NDIS - ok
14:45:50.0125 2748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:45:50.0125 2748 NdisIP - ok
14:45:50.0187 2748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:45:50.0187 2748 NdisTapi - ok
14:45:50.0265 2748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:45:50.0265 2748 Ndisuio - ok
14:45:50.0328 2748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:45:50.0328 2748 NdisWan - ok
14:45:50.0406 2748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:45:50.0406 2748 NDProxy - ok
14:45:50.0484 2748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:45:50.0484 2748 NetBIOS - ok
14:45:50.0546 2748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:45:50.0546 2748 NetBT - ok
14:45:50.0656 2748 ngtdzciy - ok
14:45:50.0750 2748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:45:50.0750 2748 Npfs - ok
14:45:50.0781 2748 nrmxzyvl - ok
14:45:50.0843 2748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:45:50.0859 2748 Ntfs - ok
14:45:50.0937 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:45:50.0937 2748 Null - ok
14:45:51.0109 2748 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:45:51.0125 2748 nv - ok
14:45:51.0234 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:45:51.0234 2748 NwlnkFlt - ok
14:45:51.0296 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:45:51.0296 2748 NwlnkFwd - ok
14:45:51.0343 2748 obmszr - ok
14:45:51.0421 2748 ohrjjjs - ok
14:45:51.0468 2748 okesmnu - ok
14:45:51.0531 2748 ompsejc - ok
14:45:51.0656 2748 ossrv (d3353dd62853631aa67cb6c73406ec78) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
14:45:51.0656 2748 ossrv - ok
14:45:51.0734 2748 ovt519 - ok
14:45:51.0828 2748 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
14:45:51.0828 2748 Parport - ok
14:45:51.0875 2748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:45:51.0875 2748 PartMgr - ok
14:45:51.0937 2748 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
14:45:51.0937 2748 ParVdm - ok
14:45:51.0984 2748 pccsmcfd - ok
14:45:52.0062 2748 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
14:45:52.0062 2748 PCI - ok
14:45:52.0125 2748 PCIDump - ok
14:45:52.0187 2748 PCIIde - ok
14:45:52.0265 2748 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:45:52.0265 2748 Pcmcia - ok
14:45:52.0312 2748 PDCOMP - ok
14:45:52.0390 2748 PDFRAME - ok
14:45:52.0453 2748 PDRELI - ok
14:45:52.0500 2748 PDRFRAME - ok
14:45:52.0562 2748 pepifilter - ok
14:45:52.0625 2748 pepxxn - ok
14:45:52.0671 2748 perc2 - ok
14:45:52.0734 2748 perc2hib - ok
14:45:52.0875 2748 PfModNT (0abc514f6606324ce15484d079027798) C:\WINDOWS\system32\drivers\PfModNT.sys
14:45:52.0875 2748 PfModNT - ok
14:45:52.0906 2748 PID_08A0 - ok
14:45:52.0968 2748 pllgjgn - ok
14:45:53.0046 2748 pnfxbja - ok
14:45:53.0140 2748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:45:53.0156 2748 PptpMiniport - ok
14:45:53.0218 2748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:45:53.0218 2748 PSched - ok
14:45:53.0281 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:45:53.0281 2748 Ptilink - ok
14:45:53.0328 2748 ptzls - ok
14:45:53.0375 2748 pvknfa - ok
14:45:53.0437 2748 pvwbcrisk - ok
14:45:53.0515 2748 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:45:53.0515 2748 PxHelp20 - ok
14:45:53.0578 2748 pymcfu - ok
14:45:53.0625 2748 qigwd - ok
14:45:53.0703 2748 qkfidfax - ok
14:45:53.0750 2748 ql1080 - ok
14:45:53.0812 2748 Ql10wnt - ok
14:45:53.0875 2748 ql12160 - ok
14:45:53.0937 2748 ql1240 - ok
14:45:53.0984 2748 ql1280 - ok
14:45:54.0046 2748 qqvapatz - ok
14:45:54.0093 2748 qtgmhikf - ok
14:45:54.0140 2748 quivrcl - ok
14:45:54.0218 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:45:54.0218 2748 RasAcd - ok
14:45:54.0281 2748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:45:54.0281 2748 Rasl2tp - ok
14:45:54.0359 2748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:45:54.0359 2748 RasPppoe - ok
14:45:54.0421 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:45:54.0421 2748 Raspti - ok
14:45:54.0484 2748 rbownqwm - ok
14:45:54.0562 2748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:45:54.0562 2748 Rdbss - ok
14:45:54.0609 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:45:54.0625 2748 RDPCDD - ok
14:45:54.0718 2748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:45:54.0718 2748 rdpdr - ok
14:45:54.0812 2748 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:45:54.0828 2748 RDPWD - ok
14:45:54.0890 2748 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:45:54.0890 2748 redbook - ok
14:45:55.0031 2748 rplwjiamu - ok
14:45:55.0125 2748 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:45:55.0125 2748 rtl8139 - ok
14:45:55.0218 2748 sbusb - ok
14:45:55.0328 2748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:45:55.0328 2748 Secdrv - ok
14:45:55.0421 2748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:45:55.0421 2748 serenum - ok
14:45:55.0484 2748 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
14:45:55.0484 2748 Serial - ok
14:45:55.0593 2748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:45:55.0593 2748 Sfloppy - ok
14:45:55.0687 2748 Simbad - ok
14:45:55.0765 2748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:45:55.0765 2748 SLIP - ok
14:45:55.0812 2748 smmufitk - ok
14:45:55.0875 2748 sonhzw - ok
14:45:55.0953 2748 Sparrow - ok
14:45:56.0015 2748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:45:56.0015 2748 splitter - ok
14:45:56.0109 2748 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
14:45:56.0109 2748 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
14:45:56.0125 2748 sptd ( LockedFile.Multi.Generic ) - warning
14:45:56.0125 2748 sptd - detected LockedFile.Multi.Generic (1)
14:45:56.0171 2748 spvmqe - ok
14:45:56.0218 2748 sqylkl - ok
14:45:56.0281 2748 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
14:45:56.0281 2748 sr - ok
14:45:56.0390 2748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:45:56.0406 2748 Srv - ok
14:45:56.0468 2748 stomqt - ok
14:45:56.0562 2748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:45:56.0562 2748 streamip - ok
14:45:56.0625 2748 sucuwcj - ok
14:45:56.0671 2748 suwwbzoeb - ok
14:45:56.0718 2748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:45:56.0734 2748 swenum - ok
14:45:56.0796 2748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:45:56.0796 2748 swmidi - ok
14:45:56.0890 2748 symc810 - ok
14:45:56.0953 2748 symc8xx - ok
14:45:57.0015 2748 sym_hi - ok
14:45:57.0062 2748 sym_u3 - ok
14:45:57.0140 2748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:45:57.0140 2748 sysaudio - ok
14:45:57.0265 2748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:45:57.0281 2748 Tcpip - ok
14:45:57.0328 2748 tdoke - ok
14:45:57.0390 2748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:45:57.0390 2748 TDPIPE - ok
14:45:57.0453 2748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:45:57.0453 2748 TDTCP - ok
14:45:57.0546 2748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:45:57.0546 2748 TermDD - ok
14:45:57.0609 2748 tgdfz - ok
14:45:57.0703 2748 tnbefu - ok
14:45:57.0765 2748 TosIde - ok
14:45:57.0921 2748 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
14:45:57.0921 2748 TuneUpUtilitiesDrv - ok
14:45:57.0984 2748 tuxhrel - ok
14:45:58.0031 2748 tvvdndsqg - ok
14:45:58.0078 2748 tzsduqj - ok
14:45:58.0125 2748 uavdcvo - ok
14:45:58.0171 2748 ucuexm - ok
14:45:58.0265 2748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:45:58.0265 2748 Udfs - ok
14:45:58.0328 2748 ultra - ok
14:45:58.0453 2748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:45:58.0468 2748 Update - ok
14:45:58.0515 2748 upperdev - ok
14:45:58.0625 2748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:45:58.0625 2748 usbaudio - ok
14:45:58.0703 2748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:45:58.0703 2748 usbccgp - ok
14:45:58.0796 2748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:45:58.0796 2748 usbehci - ok
14:45:58.0859 2748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:45:58.0859 2748 usbhub - ok
14:45:58.0937 2748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:45:58.0937 2748 usbprint - ok
14:45:59.0000 2748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:45:59.0000 2748 usbscan - ok
14:45:59.0078 2748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:45:59.0078 2748 USBSTOR - ok
14:45:59.0125 2748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:45:59.0125 2748 usbuhci - ok
14:45:59.0218 2748 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:45:59.0218 2748 usbvideo - ok
14:45:59.0312 2748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:45:59.0312 2748 VgaSave - ok
14:45:59.0390 2748 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
14:45:59.0390 2748 viaagp1 - ok
14:45:59.0468 2748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:45:59.0468 2748 ViaIde - ok
14:45:59.0500 2748 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\WINDOWS\system32\DRIVERS\videX32.sys
14:45:59.0515 2748 videX32 - ok
14:45:59.0578 2748 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
14:45:59.0578 2748 VolSnap - ok
14:45:59.0625 2748 vtnxuxin - ok
14:45:59.0750 2748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:45:59.0750 2748 Wanarp - ok
14:45:59.0812 2748 WBHWDOCT - ok
14:45:59.0937 2748 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:45:59.0953 2748 Wdf01000 - ok
14:46:00.0015 2748 WDICA - ok
14:46:00.0109 2748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:00.0109 2748 wdmaud - ok
14:46:00.0187 2748 wegoiriil - ok
14:46:00.0453 2748 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:46:00.0453 2748 WpdUsb - ok
14:46:00.0531 2748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:46:00.0531 2748 WS2IFSL - ok
14:46:00.0640 2748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:46:00.0656 2748 WSTCODEC - ok
14:46:00.0718 2748 wwyflsegb - ok
14:46:00.0796 2748 xgwua - ok
14:46:00.0859 2748 xhsyvhxbw - ok
14:46:00.0921 2748 xifcqf - ok
14:46:00.0984 2748 xplvdwbsy - ok
14:46:01.0031 2748 xyfnzrdb - ok
14:46:01.0093 2748 yabmg - ok
14:46:01.0140 2748 yekth - ok
14:46:01.0187 2748 ygbmst - ok
14:46:01.0234 2748 yogggdcub - ok
14:46:01.0281 2748 yulpqlqk - ok
14:46:01.0343 2748 yzziw - ok
14:46:01.0390 2748 zjwvgxh - ok
14:46:01.0453 2748 zrlwa - ok
14:46:01.0531 2748 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
14:46:01.0718 2748 \Device\Harddisk0\DR0 - ok
14:46:01.0750 2748 Boot (0x1200) (f3affbdc64234cf4afc513adaee99c45) \Device\Harddisk0\DR0\Partition0
14:46:01.0750 2748 \Device\Harddisk0\DR0\Partition0 - ok
14:46:01.0750 2748 ============================================================
14:46:01.0750 2748 Scan finished
14:46:01.0750 2748 ============================================================
14:46:01.0812 2740 Detected object count: 1
14:46:01.0812 2740 Actual detected object count: 1

[John.Ross]

ComboFix 12-02-27.02 - Táta 28.02.2012 14:57:39.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.502 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tßta\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tßta\Plocha\CFScript.txt
AV: Antivirový systém AVG 7.0.289 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-28 do 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:36 . 2003-04-10 13:46 260096 ----a-w- c:\windows\system32\richtx32.ocx
2012-02-28 12:36 . 2001-11-20 16:09 278528 ----a-w- c:\windows\system32\mejlovani.dll
2012-02-28 12:36 . 1998-06-23 20:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-02-28 12:36 . 1996-06-13 18:24 53760 ----a-w- c:\windows\system32\ZlibTool.ocx
2012-02-28 12:36 . 2012-02-28 12:36 -------- d-----w- c:\program files\2HCS
2012-02-28 07:19 . 2012-02-28 07:19 -------- d-----w- c:\program files\TeamViewer
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 09:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 22:11 . 2012-02-26 22:11 -------- d-----w- c:\program files\Reference Assemblies
2012-02-26 20:29 . 2012-02-26 20:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2012-02-26 18:29 . 2012-02-23 16:11 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\drivers\msmpu401.sys
2012-02-22 09:23 . 2012-02-22 09:23 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\PCHealth
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\program files\MSBuild
2012-02-22 09:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-22 09:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-22 09:03 . 2012-02-22 09:04 -------- d-----w- C:\f50b39369c4fcb2f0514f47cc9f0
2012-02-21 15:02 . 2012-02-21 15:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft Help
2012-02-21 14:28 . 2012-02-21 14:28 -------- d-sh--w- c:\documents and settings\Táta\IECompatCache
2012-02-21 14:23 . 2012-02-21 14:23 -------- d-sh--w- c:\documents and settings\Táta\PrivacIE
2012-02-21 14:20 . 2012-02-21 14:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-21 14:19 . 2012-02-21 14:19 -------- d-sh--w- c:\documents and settings\Táta\IETldCache
2012-02-21 14:09 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-21 14:07 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-21 14:07 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-21 14:07 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-21 14:02 . 2012-02-21 14:07 -------- dc-h--w- c:\windows\ie8
2012-02-21 10:49 . 2012-02-21 10:49 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\Microsoft Help
2012-02-21 10:09 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-21 10:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-21 10:06 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-21 10:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-21 10:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-21 10:04 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-21 10:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-21 10:03 . 2012-02-21 10:03 -------- d-----w- c:\program files\HP
2012-02-21 10:00 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-21 10:00 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-21 09:56 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-21 09:55 . 2012-02-21 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-02-21 09:55 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-21 09:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-21 09:55 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-21 09:55 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-21 09:54 . 2012-02-21 09:54 -------- d-sh--w- c:\windows\ftpcache
2012-02-21 09:54 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-21 09:52 . 2012-02-21 09:52 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-21 09:52 . 2007-04-10 11:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-02-21 09:52 . 2010-08-10 13:02 81408 ----a-w- c:\windows\system32\E_TD4BHEE.DLL
2012-02-21 09:40 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-21 09:40 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-21 09:40 . 2008-04-21 21:15 216576 ----a-w- c:\program files\Windows NT\Accessories\SET1F3.tmp
2012-02-21 09:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-21 09:31 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-20 11:54 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-02-20 11:26 . 2012-02-20 11:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2012-02-20 11:16 . 2012-02-20 11:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-20 09:06 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2012-02-20 08:49 . 2012-02-20 08:49 -------- d-----w- C:\output
2012-02-20 08:31 . 2012-02-20 10:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\PhotoScape
2012-02-20 08:29 . 2012-02-20 08:30 -------- d-----w- c:\program files\PhotoScape
2012-02-20 08:21 . 2012-02-20 08:24 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Filter Forge 3
2012-02-20 07:48 . 2012-02-09 13:13 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-17 11:00 . 2012-02-17 11:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Mikrotik
2012-02-15 12:18 . 2012-02-20 08:17 -------- d-----w- c:\documents and settings\Táta\.gimp-2.6
2012-02-15 11:42 . 2012-02-15 11:42 -------- d-----w- c:\program files\XnView
2012-02-15 10:44 . 2012-02-15 10:44 -------- d-----w- c:\documents and settings\Táta\Data aplikací\inkscape
2012-02-15 10:40 . 2012-02-15 10:43 -------- d-----w- c:\program files\Inkscape
2012-02-09 13:45 . 2012-02-15 12:37 -------- d-----w- c:\documents and settings\Táta\Data aplikací\XnView
2012-02-09 12:26 . 2012-02-09 12:26 -------- d-----w- c:\documents and settings\Táta\Data aplikací\OpenOffice.org
2012-02-09 09:29 . 2008-04-14 07:52 33792 ------w- c:\windows\system32\mmcperf.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-02-09 09:23 . 2008-04-13 21:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-02-09 09:23 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-02-09 09:21 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003272_.tmp
2012-02-09 08:31 . 2012-02-26 21:11 -------- d-----w- C:\ADDDESIGN
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\SBD files
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- c:\program files\Cutting Technologies
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\Hsprint
2012-02-08 12:05 . 2010-07-12 13:49 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-02-08 12:05 . 2010-07-12 13:49 67400 ----a-w- c:\windows\system32\ftcserco.dll
2012-02-08 12:05 . 2010-07-12 13:48 73032 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-02-08 12:05 . 2010-07-12 13:50 198464 ----a-w- c:\windows\system32\ftd2xx.dll
2012-02-08 12:05 . 2010-07-12 13:50 105288 ----a-w- c:\windows\system32\ftbusui.dll
2012-02-08 12:05 . 2010-07-12 13:49 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-02-08 12:05 . 2010-07-12 13:49 60104 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-02-06 14:05 . 2012-02-06 14:05 -------- d-----w- c:\program files\OpenOffice.org 3
2012-02-06 08:56 . 2012-02-06 08:56 -------- d-----w- c:\documents and settings\Táta\Data aplikací\DWGeditor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 13:13 . 2011-11-05 22:22 31552 -c--a-w- c:\windows\system32\TURegOpt.exe
2012-01-12 17:20 . 2004-08-17 13:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-27_20.55.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-27 20:58 . 2012-02-27 20:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-27 20:55 . 2012-02-27 20:55 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hpzsetup.LNK - D:\HPZstub.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2024:TCP"= 2024:TCP:guyohzch
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2007 15:05 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [26.2.2012 19:29 24408]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [23.4.2005 9:21 14912]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [28.2.2012 8:19 2886528]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [9.2.2012 14:13 1529152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [13.10.2011 17:33 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S2 jrjsmvutg;Server Helper;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S2 tscmgmt;Terminal Server Connection Manager;c:\windows\system32\tscmgmt.exe [17.8.2004 14:49 8192]
S3 abvqjki;abvqjki;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 adsgsq;adsgsq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afbdk;afbdk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afnwhsr;afnwhsr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 bzrzxjbh;bzrzxjbh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cbzhyf;cbzhyf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ckacgrmz;ckacgrmz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 corivuw;corivuw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cwxhmm;cwxhmm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cyphqy;cyphqy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 daxbhk;daxbhk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dbtxmk;dbtxmk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dvhzf;dvhzf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 egkusi;egkusi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 eizcej;eizcej;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evlwjmsh;evlwjmsh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evqzsnunx;evqzsnunx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjlfi;fjlfi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjqefsb;fjqefsb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gaxxmgbq;gaxxmgbq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gfpoqbde;gfpoqbde;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gghjl;gghjl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gipaixwn;gipaixwn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S3 hiylzjrij;hiylzjrij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hjqbqwcm;hjqbqwcm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hkzrnouy;hkzrnouy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys [?]
S3 igsiij;igsiij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ihkad;ihkad;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ijhnsamdx;ijhnsamdx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ipstvh;ipstvh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jlqqui;jlqqui;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jpdezojbe;jpdezojbe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jqcrrfw;jqcrrfw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jscptory;jscptory;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jygrwuyz;jygrwuyz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 legvkhdh;legvkhdh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ljepgj;ljepgj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lvtcdcz;lvtcdcz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lzqhtqb;lzqhtqb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 mlnbpedm;mlnbpedm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ncnks;ncnks;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ngtdzciy;ngtdzciy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nrmxzyvl;nrmxzyvl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 obmszr;obmszr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ohrjjjs;ohrjjjs;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 okesmnu;okesmnu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ompsejc;ompsejc;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pepxxn;pepxxn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pllgjgn;pllgjgn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pnfxbja;pnfxbja;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ptzls;ptzls;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvknfa;pvknfa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvwbcrisk;pvwbcrisk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pymcfu;pymcfu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qigwd;qigwd;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qkfidfax;qkfidfax;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qqvapatz;qqvapatz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qtgmhikf;qtgmhikf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 quivrcl;quivrcl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rbownqwm;rbownqwm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rplwjiamu;rplwjiamu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys --> c:\windows\system32\DRIVERS\sbusb.sys [?]
S3 smmufitk;smmufitk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sonhzw;sonhzw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 spvmqe;spvmqe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sqylkl;sqylkl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 stomqt;stomqt;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sucuwcj;sucuwcj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 suwwbzoeb;suwwbzoeb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tdoke;tdoke;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tgdfz;tgdfz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tnbefu;tnbefu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tuxhrel;tuxhrel;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tvvdndsqg;tvvdndsqg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tzsduqj;tzsduqj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 uavdcvo;uavdcvo;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ucuexm;ucuexm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 vtnxuxin;vtnxuxin;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wegoiriil;wegoiriil;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wwyflsegb;wwyflsegb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xgwua;xgwua;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xhsyvhxbw;xhsyvhxbw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xifcqf;xifcqf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xplvdwbsy;xplvdwbsy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xyfnzrdb;xyfnzrdb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yabmg;yabmg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yekth;yekth;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ygbmst;ygbmst;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yogggdcub;yogggdcub;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yulpqlqk;yulpqlqk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yzziw;yzziw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zjwvgxh;zjwvgxh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zrlwa;zrlwa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jrjsmvutg
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 20:29]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 20:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 10.0.10.1:3128
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-28 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\abvqjki]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adsgsq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afbdk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afnwhsr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\bzrzxjbh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbzhyf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ckacgrmz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\corivuw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cwxhmm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cyphqy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\daxbhk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dbtxmk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dvhzf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\egkusi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\eizcej]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evlwjmsh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evqzsnunx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjlfi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjqefsb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gaxxmgbq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gfpoqbde]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gghjl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gipaixwn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hiylzjrij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hjqbqwcm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hkzrnouy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\igsiij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ihkad]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ijhnsamdx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ipstvh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jlqqui]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jpdezojbe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jqcrrfw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jscptory]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jygrwuyz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\legvkhdh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ljepgj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lvtcdcz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lzqhtqb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mlnbpedm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ncnks]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ngtdzciy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nrmxzyvl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\obmszr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohrjjjs]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\okesmnu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ompsejc]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pepxxn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pllgjgn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pnfxbja]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ptzls]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvknfa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvwbcrisk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pymcfu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qigwd]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qkfidfax]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qqvapatz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qtgmhikf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\quivrcl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rbownqwm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rplwjiamu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\smmufitk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sonhzw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\spvmqe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sqylkl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stomqt]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sucuwcj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\suwwbzoeb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tdoke]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tgdfz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tnbefu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tuxhrel]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tvvdndsqg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tzsduqj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\uavdcvo]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ucuexm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vtnxuxin]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wegoiriil]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wwyflsegb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xgwua]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xhsyvhxbw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xifcqf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xplvdwbsy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xyfnzrdb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yabmg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yekth]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ygbmst]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yogggdcub]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yulpqlqk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yzziw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zjwvgxh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zrlwa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jrjsmvutg]
"ServiceDll"="c:\windows\system32\phqreek.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1292428093-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{473CC802-2DB2-B9EC-A114-6D587B64B552}*]
"hakldljdbhiffoka"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
"iaembbacnagcgmlgko"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{473CC802-2DB2-B9EC-A114-6D587B64B552}\InProcServer32*]
"jagmmnjpcbhbpkdimncd"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,
70,6f,67,00,00
"iagmonlbhblleoomno"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3944)
c:\program files\TeamViewer\Version7\tv_w32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2012-02-28 15:07:01
ComboFix-quarantined-files.txt 2012-02-28 14:06
ComboFix2.txt 2012-02-27 20:58
.
Před spuštěním: Volných bajtů: 20 430 123 008
Po spuštění: Volných bajtů: 20 408 832 000
.
- - End Of File - - E464F98E3A50925A4E24A5C132F24AD9

[John.Ross]

A NOVÝ LOG Z HJT


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:34, on 28.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Táta\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.10.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpzsetup.LNK = D:\HPZstub.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Terminal Server Connection Manager (tscmgmt) - Unknown owner - C:\WINDOWS\system32\tscmgmt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 4978 bytes

[jaro3]

Zkopíroval si ten script celý? Je tam posuvník!!

Udělej znovu s tímto:

Kód: Vybrat vše

KillAll::
File::
c:\program files\Windows NT\Accessories\SET1F3.tmp
c:\windows\003272_.tmp
c:\windows\system32\01.tmp
c:\windows\system32\phqreek.dll

Folder::
c:\progra~1\MYWEBS~1

Driver::
guyohzch
jrjsmvutg
TeamViewer7
abvqjki
adsgsq
afbdk
afnwhsr
bzrzxjbh
cbzhyf
ckacgrmz
corivuw
cwxhmm
cyphqy
daxbhk
dbtxmk
dvhzf
egkusi
eizcej
evlwjmsh
evqzsnunx
fjlfi
fjqefsb
gaxxmgbq
gfpoqbde
gghjl
gipaixwn
hiylzjrij
hkzrnouy
idrmkl
igsiij
ihkad
ijhnsamdx
ipstvh
jlqqui
jpdezojbe
jqcrrfw
jscptory
jygrwuyz
legvkhdh
ljepgj
lvtcdcz
lzqhtqb
mlnbpedm
ncnks
ngtdzciy
nrmxzyvl
obmszr
ohrjjjs
okesmnu
ompsejc
pepxxn
pllgjgn
pnfxbja
ptzls
pvknfa
pvwbcrisk
pymcfu
qigwd
qkfidfax
qqvapatz
qtgmhikf
quivrcl
rbownqwm
rplwjiamu
sbusb
smmufitk
sonhzw
spvmqe
sqylkl
stomqt
sucuwcj
suwwbzoeb
tdoke
tgdfz
tnbefu
tuxhrel
tvvdndsqg
tzsduqj
uavdcvo
ucuexm
vtnxuxin
wegoiriil
wwyflsegb
xgwua
xhsyvhxbw
xifcqf
xplvdwbsy
xyfnzrdb
yabmg
yekth
ygbmst
yogggdcub
yulpqlqk
yzziw
zjwvgxh
zrlwa
jrjsmvutg

NetSvcs::
jrjsmvutg

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MyWebSearch Plugin"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2024:TCP"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2024:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adsgsq]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afbdk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afnwhsr]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\bzrzxjbh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbzhyf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ckacgrmz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\corivuw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cwxhmm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cyphqy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\daxbhk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dbtxmk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dvhzf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\egkusi]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\eizcej]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evlwjmsh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evqzsnunx]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjlfi]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjqefsb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gaxxmgbq]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gfpoqbde]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gghjl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gipaixwn]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hiylzjrij]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hjqbqwcm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hkzrnouy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\igsiij]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ihkad]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ijhnsamdx]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ipstvh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jlqqui]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jpdezojbe]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jqcrrfw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jscptory]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jygrwuyz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\legvkhdh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ljepgj]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lvtcdcz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lzqhtqb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mlnbpedm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ncnks]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ngtdzciy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nrmxzyvl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\obmszr]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohrjjjs]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\okesmnu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ompsejc]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pepxxn]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pllgjgn]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pnfxbja]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ptzls]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvknfa]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvwbcrisk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pymcfu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qigwd]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qkfidfax]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qqvapatz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qtgmhikf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\quivrcl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rbownqwm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rplwjiamu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\smmufitk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sonhzw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\spvmqe]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sqylkl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stomqt]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sucuwcj]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\suwwbzoeb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tdoke]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tgdfz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tnbefu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tuxhrel]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tvvdndsqg]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tzsduqj]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\uavdcvo]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ucuexm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vtnxuxin]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wegoiriil]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wwyflsegb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xgwua]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xhsyvhxbw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xifcqf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xplvdwbsy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xyfnzrdb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yabmg]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yekth]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ygbmst]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yogggdcub]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yulpqlqk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yzziw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zjwvgxh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zrlwa]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jrjsmvutg]

FixCSet::


Log z HJT dávat už nemusíš..

[John.Ross]

doufám, že jsem vše udělal jak bylo napsáno.nedával jsem výběr vše, ale zkopíroval jsem co bylo v okně napsané od killer až po FixCSet:: log po proběhnutí scriptování...


ComboFix 12-02-27.02 - Táta 28.02.2012 14:57:39.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.502 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tßta\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tßta\Plocha\CFScript.txt
AV: Antivirový systém AVG 7.0.289 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-28 do 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:36 . 2003-04-10 13:46 260096 ----a-w- c:\windows\system32\richtx32.ocx
2012-02-28 12:36 . 2001-11-20 16:09 278528 ----a-w- c:\windows\system32\mejlovani.dll
2012-02-28 12:36 . 1998-06-23 20:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-02-28 12:36 . 1996-06-13 18:24 53760 ----a-w- c:\windows\system32\ZlibTool.ocx
2012-02-28 12:36 . 2012-02-28 12:36 -------- d-----w- c:\program files\2HCS
2012-02-28 07:19 . 2012-02-28 07:19 -------- d-----w- c:\program files\TeamViewer
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 09:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 22:11 . 2012-02-26 22:11 -------- d-----w- c:\program files\Reference Assemblies
2012-02-26 20:29 . 2012-02-26 20:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2012-02-26 18:29 . 2012-02-23 16:11 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\drivers\msmpu401.sys
2012-02-22 09:23 . 2012-02-22 09:23 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\PCHealth
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\program files\MSBuild
2012-02-22 09:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-22 09:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-22 09:03 . 2012-02-22 09:04 -------- d-----w- C:\f50b39369c4fcb2f0514f47cc9f0
2012-02-21 15:02 . 2012-02-21 15:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft Help
2012-02-21 14:28 . 2012-02-21 14:28 -------- d-sh--w- c:\documents and settings\Táta\IECompatCache
2012-02-21 14:23 . 2012-02-21 14:23 -------- d-sh--w- c:\documents and settings\Táta\PrivacIE
2012-02-21 14:20 . 2012-02-21 14:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-21 14:19 . 2012-02-21 14:19 -------- d-sh--w- c:\documents and settings\Táta\IETldCache
2012-02-21 14:09 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-21 14:07 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-21 14:07 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-21 14:07 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-21 14:02 . 2012-02-21 14:07 -------- dc-h--w- c:\windows\ie8
2012-02-21 10:49 . 2012-02-21 10:49 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\Microsoft Help
2012-02-21 10:09 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-21 10:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-21 10:06 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-21 10:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-21 10:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-21 10:04 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-21 10:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-21 10:03 . 2012-02-21 10:03 -------- d-----w- c:\program files\HP
2012-02-21 10:00 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-21 10:00 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-21 09:56 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-21 09:55 . 2012-02-21 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-02-21 09:55 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-21 09:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-21 09:55 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-21 09:55 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-21 09:54 . 2012-02-21 09:54 -------- d-sh--w- c:\windows\ftpcache
2012-02-21 09:54 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-21 09:52 . 2012-02-21 09:52 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-21 09:52 . 2007-04-10 11:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-02-21 09:52 . 2010-08-10 13:02 81408 ----a-w- c:\windows\system32\E_TD4BHEE.DLL
2012-02-21 09:40 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-21 09:40 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-21 09:40 . 2008-04-21 21:15 216576 ----a-w- c:\program files\Windows NT\Accessories\SET1F3.tmp
2012-02-21 09:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-21 09:31 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-20 11:54 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-02-20 11:26 . 2012-02-20 11:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2012-02-20 11:16 . 2012-02-20 11:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-20 09:06 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2012-02-20 08:49 . 2012-02-20 08:49 -------- d-----w- C:\output
2012-02-20 08:31 . 2012-02-20 10:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\PhotoScape
2012-02-20 08:29 . 2012-02-20 08:30 -------- d-----w- c:\program files\PhotoScape
2012-02-20 08:21 . 2012-02-20 08:24 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Filter Forge 3
2012-02-20 07:48 . 2012-02-09 13:13 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-17 11:00 . 2012-02-17 11:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Mikrotik
2012-02-15 12:18 . 2012-02-20 08:17 -------- d-----w- c:\documents and settings\Táta\.gimp-2.6
2012-02-15 11:42 . 2012-02-15 11:42 -------- d-----w- c:\program files\XnView
2012-02-15 10:44 . 2012-02-15 10:44 -------- d-----w- c:\documents and settings\Táta\Data aplikací\inkscape
2012-02-15 10:40 . 2012-02-15 10:43 -------- d-----w- c:\program files\Inkscape
2012-02-09 13:45 . 2012-02-15 12:37 -------- d-----w- c:\documents and settings\Táta\Data aplikací\XnView
2012-02-09 12:26 . 2012-02-09 12:26 -------- d-----w- c:\documents and settings\Táta\Data aplikací\OpenOffice.org
2012-02-09 09:29 . 2008-04-14 07:52 33792 ------w- c:\windows\system32\mmcperf.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-02-09 09:23 . 2008-04-13 21:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-02-09 09:23 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-02-09 09:21 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003272_.tmp
2012-02-09 08:31 . 2012-02-26 21:11 -------- d-----w- C:\ADDDESIGN
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\SBD files
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- c:\program files\Cutting Technologies
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\Hsprint
2012-02-08 12:05 . 2010-07-12 13:49 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-02-08 12:05 . 2010-07-12 13:49 67400 ----a-w- c:\windows\system32\ftcserco.dll
2012-02-08 12:05 . 2010-07-12 13:48 73032 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-02-08 12:05 . 2010-07-12 13:50 198464 ----a-w- c:\windows\system32\ftd2xx.dll
2012-02-08 12:05 . 2010-07-12 13:50 105288 ----a-w- c:\windows\system32\ftbusui.dll
2012-02-08 12:05 . 2010-07-12 13:49 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-02-08 12:05 . 2010-07-12 13:49 60104 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-02-06 14:05 . 2012-02-06 14:05 -------- d-----w- c:\program files\OpenOffice.org 3
2012-02-06 08:56 . 2012-02-06 08:56 -------- d-----w- c:\documents and settings\Táta\Data aplikací\DWGeditor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 13:13 . 2011-11-05 22:22 31552 -c--a-w- c:\windows\system32\TURegOpt.exe
2012-01-12 17:20 . 2004-08-17 13:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-27_20.55.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-27 20:58 . 2012-02-27 20:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-27 21:04 . 2012-02-27 21:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-27 20:57 . 2012-02-27 20:57 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-27 20:56 . 2012-02-27 20:56 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-27 20:55 . 2012-02-27 20:55 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hpzsetup.LNK - D:\HPZstub.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2024:TCP"= 2024:TCP:guyohzch
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2007 15:05 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [26.2.2012 19:29 24408]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [23.4.2005 9:21 14912]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [28.2.2012 8:19 2886528]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [9.2.2012 14:13 1529152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [13.10.2011 17:33 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S2 jrjsmvutg;Server Helper;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S2 tscmgmt;Terminal Server Connection Manager;c:\windows\system32\tscmgmt.exe [17.8.2004 14:49 8192]
S3 abvqjki;abvqjki;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 adsgsq;adsgsq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afbdk;afbdk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afnwhsr;afnwhsr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 bzrzxjbh;bzrzxjbh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cbzhyf;cbzhyf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ckacgrmz;ckacgrmz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 corivuw;corivuw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cwxhmm;cwxhmm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cyphqy;cyphqy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 daxbhk;daxbhk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dbtxmk;dbtxmk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dvhzf;dvhzf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 egkusi;egkusi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 eizcej;eizcej;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evlwjmsh;evlwjmsh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evqzsnunx;evqzsnunx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjlfi;fjlfi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjqefsb;fjqefsb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gaxxmgbq;gaxxmgbq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gfpoqbde;gfpoqbde;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gghjl;gghjl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gipaixwn;gipaixwn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S3 hiylzjrij;hiylzjrij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hjqbqwcm;hjqbqwcm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hkzrnouy;hkzrnouy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys [?]
S3 igsiij;igsiij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ihkad;ihkad;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ijhnsamdx;ijhnsamdx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ipstvh;ipstvh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jlqqui;jlqqui;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jpdezojbe;jpdezojbe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jqcrrfw;jqcrrfw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jscptory;jscptory;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jygrwuyz;jygrwuyz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 legvkhdh;legvkhdh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ljepgj;ljepgj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lvtcdcz;lvtcdcz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lzqhtqb;lzqhtqb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 mlnbpedm;mlnbpedm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ncnks;ncnks;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ngtdzciy;ngtdzciy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nrmxzyvl;nrmxzyvl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 obmszr;obmszr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ohrjjjs;ohrjjjs;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 okesmnu;okesmnu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ompsejc;ompsejc;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pepxxn;pepxxn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pllgjgn;pllgjgn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pnfxbja;pnfxbja;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ptzls;ptzls;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvknfa;pvknfa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvwbcrisk;pvwbcrisk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pymcfu;pymcfu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qigwd;qigwd;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qkfidfax;qkfidfax;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qqvapatz;qqvapatz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qtgmhikf;qtgmhikf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 quivrcl;quivrcl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rbownqwm;rbownqwm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rplwjiamu;rplwjiamu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys --> c:\windows\system32\DRIVERS\sbusb.sys [?]
S3 smmufitk;smmufitk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sonhzw;sonhzw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 spvmqe;spvmqe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sqylkl;sqylkl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 stomqt;stomqt;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sucuwcj;sucuwcj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 suwwbzoeb;suwwbzoeb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tdoke;tdoke;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tgdfz;tgdfz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tnbefu;tnbefu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tuxhrel;tuxhrel;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tvvdndsqg;tvvdndsqg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tzsduqj;tzsduqj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 uavdcvo;uavdcvo;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ucuexm;ucuexm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 vtnxuxin;vtnxuxin;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wegoiriil;wegoiriil;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wwyflsegb;wwyflsegb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xgwua;xgwua;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xhsyvhxbw;xhsyvhxbw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xifcqf;xifcqf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xplvdwbsy;xplvdwbsy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xyfnzrdb;xyfnzrdb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yabmg;yabmg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yekth;yekth;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ygbmst;ygbmst;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yogggdcub;yogggdcub;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yulpqlqk;yulpqlqk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yzziw;yzziw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zjwvgxh;zjwvgxh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zrlwa;zrlwa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jrjsmvutg
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 20:29]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 20:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 10.0.10.1:3128
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-28 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\abvqjki]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adsgsq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afbdk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afnwhsr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\bzrzxjbh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbzhyf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ckacgrmz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\corivuw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cwxhmm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cyphqy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\daxbhk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dbtxmk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dvhzf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\egkusi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\eizcej]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evlwjmsh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evqzsnunx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjlfi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjqefsb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gaxxmgbq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gfpoqbde]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gghjl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gipaixwn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hiylzjrij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hjqbqwcm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hkzrnouy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\igsiij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ihkad]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ijhnsamdx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ipstvh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jlqqui]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jpdezojbe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jqcrrfw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jscptory]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jygrwuyz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\legvkhdh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ljepgj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lvtcdcz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lzqhtqb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mlnbpedm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ncnks]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ngtdzciy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nrmxzyvl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\obmszr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohrjjjs]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\okesmnu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ompsejc]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pepxxn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pllgjgn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pnfxbja]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ptzls]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvknfa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvwbcrisk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pymcfu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qigwd]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qkfidfax]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qqvapatz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qtgmhikf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\quivrcl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rbownqwm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rplwjiamu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\smmufitk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sonhzw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\spvmqe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sqylkl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stomqt]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sucuwcj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\suwwbzoeb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tdoke]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tgdfz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tnbefu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tuxhrel]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tvvdndsqg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tzsduqj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\uavdcvo]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ucuexm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vtnxuxin]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wegoiriil]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wwyflsegb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xgwua]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xhsyvhxbw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xifcqf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xplvdwbsy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xyfnzrdb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yabmg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yekth]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ygbmst]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yogggdcub]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yulpqlqk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yzziw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zjwvgxh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zrlwa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jrjsmvutg]
"ServiceDll"="c:\windows\system32\phqreek.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1292428093-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{473CC802-2DB2-B9EC-A114-6D587B64B552}*]
"hakldljdbhiffoka"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
"iaembbacnagcgmlgko"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{473CC802-2DB2-B9EC-A114-6D587B64B552}\InProcServer32*]
"jagmmnjpcbhbpkdimncd"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,
70,6f,67,00,00
"iagmonlbhblleoomno"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3944)
c:\program files\TeamViewer\Version7\tv_w32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2012-02-28 15:07:01
ComboFix-quarantined-files.txt 2012-02-28 14:06
ComboFix2.txt 2012-02-27 20:58
.
Před spuštěním: Volných bajtů: 20 430 123 008
Po spuštění: Volných bajtů: 20 408 832 000
.
- - End Of File - - E464F98E3A50925A4E24A5C132F24AD9

[John.Ross]

Ještě jsem zapoměl že tyto procesy v tom počítači provádím, přes teamviewer z domu. jen jestli to nějak nevadí.