Kontrola - HJT - malware

Golfy · Příspěvekod **Golfy** » 02 dub 2012 18:19

Dobrý den / ahoj,

prosím o kontrolu následujícího logu. Poslední dobou na mne vyskakuje hlášení z Comodo o nějakém malware v local settings (c:\documents and settings\golfy\local settings\temp\main.class).
Když jsem zkoušel spustit Malware bytes, tak po označení rychlý sken a stisknutí skenovat se malware bytes vypne - mám za to, že je možná vypínán dotyčným škodlivým kódem (či jiným)

Děkuji

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:13:48, on 2.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EPuras\EPurasLog.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\wamp\wampmanager.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\EPSON\EPuras\EPuras.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Golfy\Data aplikací\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Golfy\Dokumenty\Stažené soubory\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\CENZURA Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\CENZURA Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\CENZURA Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aestan Tray Menu] C:\wamp\wampmanager.exe
O4 - HKCU\..\Run: [EPSON BX305 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE /FU "C:\WINDOWS\TEMP\E_S24A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-602162358-2052111302-725345543-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26ACAE6F-BC95-44B4-9150-61E4D20D5C2E} (Activex Control) - http://mhd.frag.cz/loadgame_et.cab
O16 - DPF: {3352B5B9-82E8-4FFD-9EB1-1A3E60056904} (Chilkat Crypt2) - http://www.chilkatsoft.com/download/ChilkatCrypt2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1307075421
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: AVerUpdateServer - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Epson Puras Service (EpsonPuras) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPuras\EPuras.exe
O23 - Service: Epson Puras Log Service (EpsonPurasLog) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPuras\EPurasLog.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: SnugTV Service - AVerMedia Technologies, Inc. - C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe
O24 - Desktop Component 0: (no name) - http://www.dpnet.org/caches/background/ ... lendar.jpg

--
End of file - 17550 bytes

Reklama

Damned · Příspěvekod **Damned** » 02 dub 2012 19:04

Odinstaluj si CENZURA Toolbar a avast.

Restartuj a pak sem vlož nový log z HJT.

Golfy · Příspěvekod **Golfy** » 03 dub 2012 18:38

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:54, on 3.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\EPSON\EPuras\EPurasLog.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\EPSON\EPuras\EPuras.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\wamp\wampmanager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Golfy\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Golfy\Dokumenty\Stažené soubory\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aestan Tray Menu] C:\wamp\wampmanager.exe
O4 - HKCU\..\Run: [EPSON BX305 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE /FU "C:\WINDOWS\TEMP\E_S24A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-602162358-2052111302-725345543-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26ACAE6F-BC95-44B4-9150-61E4D20D5C2E} (Activex Control) - http://mhd.frag.cz/loadgame_et.cab
O16 - DPF: {3352B5B9-82E8-4FFD-9EB1-1A3E60056904} (Chilkat Crypt2) - http://www.chilkatsoft.com/download/ChilkatCrypt2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1307075421
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: AVerUpdateServer - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Epson Puras Service (EpsonPuras) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPuras\EPuras.exe
O23 - Service: Epson Puras Log Service (EpsonPurasLog) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPuras\EPurasLog.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: SnugTV Service - AVerMedia Technologies, Inc. - C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe
O24 - Desktop Component 0: (no name) - http://www.dpnet.org/caches/background/ ... lendar.jpg

--
End of file - 16523 bytes

Příspěvekod **jaro3** » 03 dub 2012 19:13

COMODO Internet Security—používáš jen firewall?

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {3352B5B9-82E8-4FFD-9EB1-1A3E60056904} (Chilkat Crypt2) - http://www.chilkatsoft.com/download/ChilkatCrypt2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1307075421

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Golfy · Příspěvekod **Golfy** » 03 dub 2012 19:58

19:17:51.0875 5056 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
19:17:52.0062 5056 ============================================================
19:17:52.0062 5056 Current date / time: 2012/04/03 19:17:52.0062
19:17:52.0062 5056 SystemInfo:
19:17:52.0062 5056
19:17:52.0062 5056 OS Version: 5.1.2600 ServicePack: 3.0
19:17:52.0062 5056 Product type: Workstation
19:17:52.0062 5056 ComputerName: GOLFY-
19:17:52.0062 5056 UserName: Golfy
19:17:52.0062 5056 Windows directory: C:\WINDOWS
19:17:52.0062 5056 System windows directory: C:\WINDOWS
19:17:52.0062 5056 Processor architecture: Intel x86
19:17:52.0062 5056 Number of processors: 4
19:17:52.0062 5056 Page size: 0x1000
19:17:52.0062 5056 Boot type: Normal boot
19:17:52.0062 5056 ============================================================
19:17:52.0859 5056 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:17:52.0875 5056 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:17:52.0890 5056 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
19:17:52.0890 5056 \Device\Harddisk0\DR0:
19:17:52.0890 5056 MBR used
19:17:52.0890 5056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
19:17:52.0906 5056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x1FDA120
19:17:52.0906 5056 \Device\Harddisk1\DR1:
19:17:52.0921 5056 MBR used
19:17:52.0921 5056 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB773707
19:17:52.0937 5056 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xB773785, BlocksNum 0x19CB9F3C
19:17:52.0937 5056 \Device\Harddisk2\DR2:
19:17:52.0937 5056 MBR used
19:17:52.0937 5056 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x321A5000
19:17:52.0953 5056 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x321A6000, BlocksNum 0x12CDD000
19:17:53.0234 5056 Initialize success
19:17:53.0234 5056 ============================================================
19:17:56.0234 2740 ============================================================
19:17:56.0234 2740 Scan started
19:17:56.0234 2740 Mode: Manual;
19:17:56.0234 2740 ============================================================
19:17:56.0593 2740 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
19:17:56.0593 2740 602XML Updater - ok
19:17:56.0687 2740 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
19:17:56.0687 2740 61883 - ok
19:17:56.0687 2740 Abiosdsk - ok
19:17:56.0703 2740 abp480n5 - ok
19:17:56.0734 2740 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:17:56.0750 2740 ACPI - ok
19:17:56.0781 2740 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:17:56.0781 2740 ACPIEC - ok
19:17:56.0812 2740 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:17:56.0812 2740 ADIHdAudAddService - ok
19:17:56.0906 2740 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
19:17:56.0906 2740 Adobe Version Cue CS3 - ok
19:17:56.0906 2740 adpu160m - ok
19:17:56.0937 2740 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
19:17:56.0937 2740 AEAudio - ok
19:17:56.0953 2740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:17:56.0953 2740 aec - ok
19:17:56.0984 2740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:17:57.0000 2740 AFD - ok
19:17:57.0000 2740 Aha154x - ok
19:17:57.0000 2740 aic78u2 - ok
19:17:57.0015 2740 aic78xx - ok
19:17:57.0031 2740 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
19:17:57.0031 2740 Alerter - ok
19:17:57.0062 2740 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
19:17:57.0062 2740 ALG - ok
19:17:57.0062 2740 AliIde - ok
19:17:57.0093 2740 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:17:57.0093 2740 AmdPPM - ok
19:17:57.0109 2740 amsint - ok
19:17:57.0156 2740 Apache2 (9b4001e690d3b8256dc8fcd229c45f20) C:\apache2triad\bin\httpd.exe
19:17:57.0156 2740 Apache2 - ok
19:17:57.0171 2740 Apache2SSL (9b4001e690d3b8256dc8fcd229c45f20) C:\apache2triad\bin\httpd.exe
19:17:57.0171 2740 Apache2SSL - ok
19:17:57.0218 2740 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:57.0218 2740 Apple Mobile Device - ok
19:17:57.0234 2740 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
19:17:57.0234 2740 AppMgmt - ok
19:17:57.0250 2740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:17:57.0250 2740 Arp1394 - ok
19:17:57.0265 2740 asc - ok
19:17:57.0265 2740 asc3350p - ok
19:17:57.0281 2740 asc3550 - ok
19:17:57.0375 2740 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:17:57.0375 2740 aspnet_state - ok
19:17:57.0390 2740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:17:57.0390 2740 AsyncMac - ok
19:17:57.0390 2740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:17:57.0390 2740 atapi - ok
19:17:57.0406 2740 Atdisk - ok
19:17:57.0437 2740 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:17:57.0437 2740 atksgt - ok
19:17:57.0453 2740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:17:57.0453 2740 Atmarpc - ok
19:17:57.0500 2740 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
19:17:57.0500 2740 AudioSrv - ok
19:17:57.0515 2740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:17:57.0515 2740 audstub - ok
19:17:57.0515 2740 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
19:17:57.0515 2740 Avc - ok
19:17:57.0562 2740 AVerA706 (8563e435d16799c8d4a13857c3757c6a) C:\WINDOWS\system32\DRIVERS\AVerA706.sys
19:17:57.0578 2740 AVerA706 - ok
19:17:57.0640 2740 AVerBDA3x (87a76ec8bf8ed0f67e548c4a8e1efb90) C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys
19:17:57.0656 2740 AVerBDA3x - ok
19:17:57.0703 2740 AVerRemote (317521d19a0ae532ceffd08e6077097c) C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
19:17:57.0703 2740 AVerRemote - ok
19:17:57.0718 2740 AVerScheduleService (ec9cc8ddce3d2d8fa13975600eecc5f3) C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
19:17:57.0718 2740 AVerScheduleService - ok
19:17:57.0796 2740 AVerUpdateServer (ac116b5ebd1cd55eb4fa6399dc3abc3d) C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
19:17:57.0796 2740 AVerUpdateServer - ok
19:17:57.0812 2740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:17:57.0812 2740 Beep - ok
19:17:57.0843 2740 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
19:17:57.0875 2740 BITS - ok
19:17:57.0937 2740 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:17:57.0937 2740 Bonjour Service - ok
19:17:57.0953 2740 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
19:17:57.0953 2740 Browser - ok
19:17:57.0968 2740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:17:57.0968 2740 cbidf2k - ok
19:17:58.0031 2740 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
19:17:58.0031 2740 CCALib8 - ok
19:17:58.0062 2740 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:17:58.0062 2740 CCDECODE - ok
19:17:58.0062 2740 cd20xrnt - ok
19:17:58.0093 2740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:17:58.0093 2740 Cdaudio - ok
19:17:58.0109 2740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:17:58.0109 2740 Cdfs - ok
19:17:58.0109 2740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:17:58.0109 2740 Cdrom - ok
19:17:58.0125 2740 Changer - ok
19:17:58.0140 2740 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
19:17:58.0140 2740 CiSvc - ok
19:17:58.0156 2740 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
19:17:58.0156 2740 ClipSrv - ok
19:17:58.0203 2740 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:58.0203 2740 clr_optimization_v2.0.50727_32 - ok
19:17:58.0234 2740 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:58.0234 2740 clr_optimization_v4.0.30319_32 - ok
19:17:58.0328 2740 cmdAgent (6629d81b41badd0d787f0e306ceee7e0) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:17:58.0328 2740 cmdAgent - ok
19:17:58.0343 2740 cmdGuard (f8a304ab7bbc61b26f66ab65aae27693) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:17:58.0343 2740 cmdGuard - ok
19:17:58.0375 2740 cmdHlp (a736f2263310fee1799de88cb50c1023) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:17:58.0375 2740 cmdHlp - ok
19:17:58.0375 2740 CmdIde - ok
19:17:58.0390 2740 COMSysApp - ok
19:17:58.0390 2740 Cpqarray - ok
19:17:58.0421 2740 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
19:17:58.0421 2740 CryptSvc - ok
19:17:58.0421 2740 dac2w2k - ok
19:17:58.0437 2740 dac960nt - ok
19:17:58.0468 2740 DCamUSBSTK02N (3835ff5a08c4474142814f3db5cd4ca4) C:\WINDOWS\system32\DRIVERS\STK02NW2.sys
19:17:58.0468 2740 DCamUSBSTK02N - ok
19:17:58.0515 2740 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
19:17:58.0515 2740 DcomLaunch - ok
19:17:58.0531 2740 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
19:17:58.0531 2740 Dhcp - ok
19:17:58.0546 2740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:17:58.0546 2740 Disk - ok
19:17:58.0546 2740 dmadmin - ok
19:17:58.0578 2740 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
19:17:58.0593 2740 dmboot - ok
19:17:58.0593 2740 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
19:17:58.0609 2740 dmio - ok
19:17:58.0625 2740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:17:58.0625 2740 dmload - ok
19:17:58.0656 2740 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
19:17:58.0656 2740 dmserver - ok
19:17:58.0687 2740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:17:58.0687 2740 DMusic - ok
19:17:58.0718 2740 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
19:17:58.0718 2740 Dnscache - ok
19:17:58.0718 2740 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
19:17:58.0718 2740 Dot3svc - ok
19:17:58.0734 2740 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:17:58.0734 2740 dot4 - ok
19:17:58.0750 2740 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
19:17:58.0750 2740 Dot4Print - ok
19:17:58.0750 2740 dot4usb (ccc4092dfc85336f2e1c142483adeb42) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
19:17:58.0765 2740 dot4usb - ok
19:17:58.0765 2740 dpti2o - ok
19:17:58.0765 2740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:17:58.0781 2740 drmkaud - ok
19:17:58.0796 2740 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
19:17:58.0796 2740 EapHost - ok
19:17:58.0812 2740 EPSON TM Parallel Port Driver (710f8ba6368f87096280d16a24df2e1e) C:\WINDOWS\system32\drivers\tmlpt.sys
19:17:58.0812 2740 EPSON TM Parallel Port Driver - ok
19:17:58.0859 2740 EpsonPuras (29ceaa489d7b6d236c32c42951eda588) C:\Program Files\EPSON\EPuras\EPuras.exe
19:17:58.0859 2740 EpsonPuras - ok
19:17:58.0875 2740 EpsonPurasLog (2af34ecc354f0642e73841ade4370872) C:\Program Files\EPSON\EPuras\EPurasLog.exe
19:17:58.0875 2740 EpsonPurasLog - ok
19:17:58.0921 2740 EPSON_EB_RPCV4_04 (b92f2b3247f0a99490c1298a1d3d7b4c) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:17:58.0921 2740 EPSON_EB_RPCV4_04 - ok
19:17:58.0937 2740 EPSON_PM_RPCV4_04 (651336b99c75fb54e4b5971cf458f9bd) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:17:58.0937 2740 EPSON_PM_RPCV4_04 - ok
19:17:58.0953 2740 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
19:17:58.0953 2740 ERSvc - ok
19:17:58.0984 2740 EST_BusEnum (a0f019102a3ae1dfab81a106483753cd) C:\WINDOWS\system32\DRIVERS\GenBus.sys
19:17:58.0984 2740 EST_BusEnum - ok
19:17:59.0015 2740 EST_Server (69f5f5d031ade2cab525f87b90018676) C:\WINDOWS\system32\DRIVERS\GenHC.sys
19:17:59.0015 2740 EST_Server - ok
19:17:59.0031 2740 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:17:59.0046 2740 Eventlog - ok
19:17:59.0078 2740 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
19:17:59.0078 2740 EventSystem - ok
19:17:59.0093 2740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:17:59.0093 2740 Fastfat - ok
19:17:59.0125 2740 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:17:59.0140 2740 FastUserSwitchingCompatibility - ok
19:17:59.0140 2740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:17:59.0140 2740 Fdc - ok
19:17:59.0171 2740 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
19:17:59.0171 2740 Fips - ok
19:17:59.0203 2740 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:17:59.0203 2740 FLEXnet Licensing Service - ok
19:17:59.0218 2740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:17:59.0218 2740 Flpydisk - ok
19:17:59.0234 2740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:17:59.0234 2740 FltMgr - ok
19:17:59.0296 2740 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:17:59.0296 2740 FontCache3.0.0.0 - ok
19:17:59.0296 2740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:17:59.0296 2740 Fs_Rec - ok
19:17:59.0312 2740 FTDIBUS (35abe7359740461c8c953d16c307c7e4) C:\WINDOWS\system32\drivers\ftdibus.sys
19:17:59.0312 2740 FTDIBUS - ok
19:17:59.0328 2740 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:17:59.0328 2740 Ftdisk - ok
19:17:59.0343 2740 FTSER2K (95234864059f4c020702d7ddc8616c43) C:\WINDOWS\system32\drivers\ftser2k.sys
19:17:59.0343 2740 FTSER2K - ok
19:17:59.0375 2740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:17:59.0375 2740 GEARAspiWDM - ok
19:17:59.0390 2740 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:17:59.0390 2740 giveio - ok
19:17:59.0421 2740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:17:59.0421 2740 Gpc - ok
19:17:59.0453 2740 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:17:59.0453 2740 gupdate - ok
19:17:59.0453 2740 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:17:59.0453 2740 gupdatem - ok
19:17:59.0484 2740 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:17:59.0484 2740 gusvc - ok
19:17:59.0515 2740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:17:59.0515 2740 HDAudBus - ok
19:17:59.0578 2740 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:17:59.0578 2740 helpsvc - ok
19:17:59.0593 2740 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
19:17:59.0593 2740 HidServ - ok
19:17:59.0609 2740 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:17:59.0609 2740 hidusb - ok
19:17:59.0625 2740 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
19:17:59.0625 2740 hkmsvc - ok
19:17:59.0640 2740 hpn - ok
19:17:59.0656 2740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:17:59.0671 2740 HTTP - ok
19:17:59.0703 2740 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
19:17:59.0703 2740 HTTPFilter - ok
19:17:59.0718 2740 i2omgmt - ok
19:17:59.0718 2740 i2omp - ok
19:17:59.0734 2740 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\drivers\i8042prt.sys
19:17:59.0734 2740 i8042prt - ok
19:17:59.0781 2740 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:17:59.0796 2740 idsvc - ok
19:17:59.0796 2740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:17:59.0796 2740 Imapi - ok
19:17:59.0828 2740 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
19:17:59.0828 2740 ImapiService - ok
19:17:59.0843 2740 ini910u - ok
19:17:59.0859 2740 Inspect (456003490faa4a2361ceacbfb6409172) C:\WINDOWS\system32\DRIVERS\inspect.sys
19:17:59.0859 2740 Inspect - ok
19:17:59.0875 2740 IntelIde - ok
19:17:59.0875 2740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:17:59.0875 2740 Ip6Fw - ok
19:17:59.0906 2740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:17:59.0906 2740 IpFilterDriver - ok
19:17:59.0921 2740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:17:59.0921 2740 IpInIp - ok
19:17:59.0921 2740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:17:59.0921 2740 IpNat - ok
19:17:59.0968 2740 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
19:17:59.0984 2740 iPod Service - ok
19:17:59.0984 2740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:17:59.0984 2740 IPSec - ok
19:18:00.0000 2740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:18:00.0000 2740 IRENUM - ok
19:18:00.0000 2740 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:18:00.0000 2740 isapnp - ok
19:18:00.0078 2740 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:18:00.0078 2740 JavaQuickStarterService - ok
19:18:00.0109 2740 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
19:18:00.0109 2740 JGOGO - ok
19:18:00.0109 2740 JRAID (c341318beae24fa4042c5f8c64cb38b6) C:\WINDOWS\system32\DRIVERS\jraid.sys
19:18:00.0125 2740 JRAID - ok
19:18:00.0125 2740 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:18:00.0125 2740 Kbdclass - ok
19:18:00.0125 2740 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:18:00.0140 2740 kbdhid - ok
19:18:00.0156 2740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:18:00.0156 2740 kmixer - ok
19:18:00.0187 2740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:18:00.0187 2740 KSecDD - ok
19:18:00.0203 2740 lanmanserver (21920ac69594ab021237054fa728fe46) C:\WINDOWS\System32\srvsvc.dll
19:18:00.0203 2740 lanmanserver - ok
19:18:00.0234 2740 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
19:18:00.0250 2740 lanmanworkstation - ok
19:18:00.0281 2740 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:18:00.0281 2740 LBeepKE - ok
19:18:00.0281 2740 lbrtfdc - ok
19:18:00.0359 2740 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
19:18:00.0359 2740 LBTServ - ok
19:18:00.0375 2740 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
19:18:00.0375 2740 LEqdUsb - ok
19:18:00.0390 2740 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
19:18:00.0390 2740 LHidEqd - ok
19:18:00.0406 2740 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:18:00.0406 2740 LHidFilt - ok
19:18:00.0453 2740 LightScribeService (9c0546a363fcf52c4aac6560a92e88ff) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:18:00.0468 2740 LightScribeService - ok
19:18:00.0500 2740 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:18:00.0500 2740 lirsgt - ok
19:18:00.0531 2740 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
19:18:00.0531 2740 LmHosts - ok
19:18:00.0531 2740 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:18:00.0531 2740 LMouFilt - ok
19:18:00.0578 2740 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
19:18:00.0578 2740 MarvinBus - ok
19:18:00.0593 2740 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:18:00.0593 2740 MBAMSwissArmy - ok
19:18:00.0609 2740 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
19:18:00.0609 2740 Messenger - ok
19:18:00.0640 2740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:18:00.0640 2740 mnmdd - ok
19:18:00.0656 2740 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
19:18:00.0656 2740 mnmsrvc - ok
19:18:00.0671 2740 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
19:18:00.0671 2740 Modem - ok
19:18:00.0671 2740 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:18:00.0671 2740 Mouclass - ok
19:18:00.0687 2740 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:18:00.0687 2740 mouhid - ok
19:18:00.0687 2740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:18:00.0687 2740 MountMgr - ok
19:18:00.0718 2740 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:18:00.0718 2740 MPE - ok
19:18:00.0718 2740 mraid35x - ok
19:18:00.0734 2740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:18:00.0734 2740 MRxDAV - ok
19:18:00.0765 2740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:18:00.0812 2740 MRxSmb - ok
19:18:00.0843 2740 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
19:18:00.0843 2740 MSDTC - ok
19:18:00.0875 2740 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
19:18:00.0875 2740 MSDV - ok
19:18:00.0890 2740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:18:00.0890 2740 Msfs - ok
19:18:00.0890 2740 MSIServer - ok
19:18:00.0906 2740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:18:00.0906 2740 MSKSSRV - ok
19:18:00.0921 2740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:18:00.0921 2740 MSPCLOCK - ok
19:18:00.0953 2740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:18:00.0953 2740 MSPQM - ok
19:18:00.0953 2740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:18:00.0953 2740 mssmbios - ok
19:18:01.0015 2740 MSSQL$SQLEXPRESS - ok
19:18:01.0062 2740 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:18:01.0062 2740 MSSQLServerADHelper100 - ok
19:18:01.0062 2740 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:18:01.0062 2740 MSTEE - ok
19:18:01.0093 2740 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:18:01.0093 2740 MTsensor - ok
19:18:01.0109 2740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:18:01.0109 2740 Mup - ok
19:18:01.0218 2740 MySql (9e514306e495ff0b726275837835c610) C:\apache2triad\mysql\bin\mysqld.exe
19:18:01.0281 2740 MySql - ok
19:18:01.0312 2740 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:18:01.0312 2740 NABTSFEC - ok
19:18:01.0343 2740 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
19:18:01.0343 2740 napagent - ok
19:18:01.0359 2740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:18:01.0359 2740 NDIS - ok
19:18:01.0359 2740 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:18:01.0359 2740 NdisIP - ok
19:18:01.0390 2740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:18:01.0390 2740 NdisTapi - ok
19:18:01.0406 2740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:18:01.0406 2740 Ndisuio - ok
19:18:01.0406 2740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:18:01.0406 2740 NdisWan - ok
19:18:01.0437 2740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:18:01.0437 2740 NDProxy - ok
19:18:01.0468 2740 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:18:01.0484 2740 Nero BackItUp Scheduler 4.0 - ok
19:18:01.0515 2740 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\WINDOWS\system32\HPZinw12.dll
19:18:01.0515 2740 Net Driver HPZ12 - ok
19:18:01.0531 2740 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
19:18:01.0531 2740 Netaapl - ok
19:18:01.0546 2740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:18:01.0546 2740 NetBIOS - ok
19:18:01.0546 2740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:18:01.0546 2740 NetBT - ok
19:18:01.0578 2740 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:18:01.0578 2740 NetDDE - ok
19:18:01.0593 2740 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:18:01.0593 2740 NetDDEdsdm - ok
19:18:01.0609 2740 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:18:01.0609 2740 Netlogon - ok
19:18:01.0640 2740 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
19:18:01.0640 2740 Netman - ok
19:18:01.0734 2740 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:18:01.0734 2740 NetTcpPortSharing - ok
19:18:01.0734 2740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:18:01.0734 2740 NIC1394 - ok
19:18:01.0765 2740 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
19:18:01.0765 2740 Nla - ok
19:18:01.0781 2740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:18:01.0781 2740 Npfs - ok
19:18:01.0796 2740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:18:01.0796 2740 Ntfs - ok
19:18:01.0812 2740 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:18:01.0812 2740 NtLmSsp - ok
19:18:01.0843 2740 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
19:18:01.0843 2740 NtmsSvc - ok
19:18:01.0875 2740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:18:01.0875 2740 Null - ok
19:18:01.0906 2740 NUS_Bus (51415cbe22cc5d8b373c57e960e9b22b) C:\WINDOWS\system32\DRIVERS\NUS_Bus.sys
19:18:01.0906 2740 NUS_Bus - ok
19:18:02.0109 2740 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:18:02.0281 2740 nv - ok
19:18:02.0281 2740 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
19:18:02.0281 2740 nvata - ok
19:18:02.0312 2740 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:18:02.0312 2740 NVENETFD - ok
19:18:02.0312 2740 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:18:02.0312 2740 nvnetbus - ok
19:18:02.0343 2740 NVSvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe
19:18:02.0343 2740 NVSvc - ok
19:18:02.0468 2740 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:18:02.0468 2740 nvUpdatusService - ok
19:18:02.0515 2740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:18:02.0515 2740 NwlnkFlt - ok
19:18:02.0515 2740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:18:02.0515 2740 NwlnkFwd - ok
19:18:02.0531 2740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:18:02.0531 2740 ohci1394 - ok
19:18:02.0562 2740 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:18:02.0562 2740 ose - ok
19:18:02.0578 2740 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
19:18:02.0578 2740 Parport - ok
19:18:02.0578 2740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:18:02.0578 2740 PartMgr - ok
19:18:02.0593 2740 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
19:18:02.0609 2740 ParVdm - ok
19:18:02.0609 2740 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
19:18:02.0609 2740 PCI - ok
19:18:02.0609 2740 PCIDump - ok
19:18:02.0640 2740 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:18:02.0640 2740 PCIIde - ok
19:18:02.0656 2740 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:18:02.0656 2740 Pcmcia - ok
19:18:02.0656 2740 PDCOMP - ok
19:18:02.0671 2740 PDFRAME - ok
19:18:02.0671 2740 PDRELI - ok
19:18:02.0687 2740 PDRFRAME - ok
19:18:02.0687 2740 perc2 - ok
19:18:02.0703 2740 perc2hib - ok
19:18:02.0781 2740 PgSql (e60635e62acb894113e25310df461cc6) C:\apache2triad\pgsql\bin\pg_ctl.exe
19:18:02.0781 2740 PgSql - ok
19:18:02.0796 2740 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:18:02.0812 2740 PlugPlay - ok
19:18:02.0843 2740 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\WINDOWS\system32\HPZipm12.dll
19:18:02.0843 2740 Pml Driver HPZ12 - ok
19:18:02.0875 2740 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
19:18:02.0875 2740 PnkBstrA - ok
19:18:02.0906 2740 PnkBstrB (7c01817adf3207fb65a4b56e6d5ad833) C:\WINDOWS\system32\PnkBstrB.exe
19:18:02.0921 2740 PnkBstrB - ok
19:18:02.0921 2740 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:18:02.0921 2740 PolicyAgent - ok
19:18:02.0921 2740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:18:02.0921 2740 PptpMiniport - ok
19:18:02.0937 2740 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
19:18:02.0937 2740 Processor - ok
19:18:02.0937 2740 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:18:02.0937 2740 ProtectedStorage - ok
19:18:02.0953 2740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:18:02.0953 2740 PSched - ok
19:18:02.0968 2740 PSI_SVC_2 (0b6dea0a1662cab8f2bf339dc0752ef4) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:18:02.0968 2740 PSI_SVC_2 - ok
19:18:02.0984 2740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:18:02.0984 2740 Ptilink - ok
19:18:03.0000 2740 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:18:03.0000 2740 PxHelp20 - ok
19:18:03.0000 2740 ql1080 - ok
19:18:03.0015 2740 Ql10wnt - ok
19:18:03.0015 2740 ql12160 - ok
19:18:03.0031 2740 ql1240 - ok
19:18:03.0031 2740 ql1280 - ok
19:18:03.0046 2740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:18:03.0046 2740 RasAcd - ok
19:18:03.0078 2740 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
19:18:03.0078 2740 RasAuto - ok
19:18:03.0078 2740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:18:03.0078 2740 Rasl2tp - ok
19:18:03.0125 2740 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
19:18:03.0125 2740 RasMan - ok
19:18:03.0140 2740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:18:03.0140 2740 RasPppoe - ok
19:18:03.0140 2740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:18:03.0140 2740 Raspti - ok
19:18:03.0156 2740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:18:03.0156 2740 Rdbss - ok
19:18:03.0156 2740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:18:03.0156 2740 RDPCDD - ok
19:18:03.0171 2740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:18:03.0171 2740 rdpdr - ok
19:18:03.0218 2740 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:18:03.0218 2740 RDPWD - ok
19:18:03.0234 2740 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
19:18:03.0234 2740 RDSessMgr - ok
19:18:03.0250 2740 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:18:03.0250 2740 redbook - ok
19:18:03.0265 2740 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
19:18:03.0265 2740 RemoteAccess - ok
19:18:03.0296 2740 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
19:18:03.0296 2740 RemoteRegistry - ok
19:18:03.0312 2740 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
19:18:03.0328 2740 RpcLocator - ok
19:18:03.0343 2740 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
19:18:03.0343 2740 RpcSs - ok
19:18:03.0375 2740 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
19:18:03.0375 2740 RsFx0102 - ok
19:18:03.0390 2740 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
19:18:03.0390 2740 RSVP - ok
19:18:03.0406 2740 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:18:03.0406 2740 SamSs - ok
19:18:03.0421 2740 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
19:18:03.0421 2740 SCardSvr - ok
19:18:03.0453 2740 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
19:18:03.0453 2740 Schedule - ok
19:18:03.0484 2740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:18:03.0484 2740 Secdrv - ok
19:18:03.0515 2740 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
19:18:03.0515 2740 seclogon - ok
19:18:03.0546 2740 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
19:18:03.0546 2740 SenFiltService - ok
19:18:03.0578 2740 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
19:18:03.0578 2740 SENS - ok
19:18:03.0578 2740 sensorsview - ok
19:18:03.0609 2740 Ser2pl (6cd8dc61304bf5ca16fe48dc3039cc05) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
19:18:03.0609 2740 Ser2pl - ok
19:18:03.0609 2740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:18:03.0609 2740 serenum - ok
19:18:03.0625 2740 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
19:18:03.0625 2740 Serial - ok
19:18:03.0640 2740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:18:03.0640 2740 Sfloppy - ok
19:18:03.0671 2740 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
19:18:03.0671 2740 SharedAccess - ok
19:18:03.0703 2740 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:18:03.0718 2740 ShellHWDetection - ok
19:18:03.0718 2740 Simbad - ok
19:18:03.0750 2740 SlimFTPd (0b32b17df7f1fc7e0bb2e1317419549b) C:\apache2triad\ftp\SlimFTPd.exe
19:18:03.0750 2740 SlimFTPd - ok
19:18:03.0781 2740 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:18:03.0781 2740 SLIP - ok
19:18:03.0812 2740 SnugTV Service (d1591bacdc8187a828471075ff1a3eed) C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
19:18:03.0828 2740 SnugTV Service - ok
19:18:03.0828 2740 Sparrow - ok
19:18:03.0859 2740 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
19:18:03.0859 2740 speedfan - ok
19:18:03.0875 2740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:18:03.0875 2740 splitter - ok
19:18:03.0890 2740 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:18:03.0890 2740 Spooler - ok
19:18:03.0906 2740 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
19:18:03.0906 2740 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
19:18:03.0906 2740 sptd ( LockedFile.Multi.Generic ) - warning
19:18:03.0906 2740 sptd - detected LockedFile.Multi.Generic (1)
19:18:03.0984 2740 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:18:03.0984 2740 SQLAgent$SQLEXPRESS - ok
19:18:04.0015 2740 SQLBrowser (99de6acfa5ca83fad6a765c81c6f129f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:18:04.0015 2740 SQLBrowser - ok
19:18:04.0031 2740 SQLWriter (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:18:04.0031 2740 SQLWriter - ok
19:18:04.0031 2740 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
19:18:04.0031 2740 sr - ok
19:18:04.0062 2740 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
19:18:04.0062 2740 srservice - ok
19:18:04.0093 2740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:18:04.0093 2740 Srv - ok
19:18:04.0125 2740 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
19:18:04.0125 2740 SSDPSRV - ok
19:18:04.0156 2740 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
19:18:04.0171 2740 stisvc - ok
19:18:04.0187 2740 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:18:04.0187 2740 streamip - ok
19:18:04.0203 2740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:18:04.0203 2740 swenum - ok
19:18:04.0218 2740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:18:04.0218 2740 swmidi - ok
19:18:04.0234 2740 SwPrv - ok
19:18:04.0250 2740 symc810 - ok
19:18:04.0250 2740 symc8xx - ok
19:18:04.0265 2740 sym_hi - ok
19:18:04.0265 2740 sym_u3 - ok
19:18:04.0296 2740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:18:04.0296 2740 sysaudio - ok
19:18:04.0328 2740 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
19:18:04.0328 2740 SysmonLog - ok
19:18:04.0343 2740 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
19:18:04.0359 2740 TapiSrv - ok
19:18:04.0406 2740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:18:04.0406 2740 Tcpip - ok
19:18:04.0421 2740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:18:04.0421 2740 TDPIPE - ok
19:18:04.0437 2740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:18:04.0453 2740 TDTCP - ok
19:18:04.0546 2740 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:18:04.0562 2740 TeamViewer7 - ok
19:18:04.0609 2740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:18:04.0609 2740 TermDD - ok
19:18:04.0625 2740 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
19:18:04.0625 2740 TermService - ok
19:18:04.0640 2740 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:18:04.0640 2740 Themes - ok
19:18:04.0671 2740 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
19:18:04.0671 2740 TlntSvr - ok
19:18:04.0734 2740 TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
19:18:04.0734 2740 TomTomHOMEService - ok
19:18:04.0734 2740 TosIde - ok
19:18:04.0765 2740 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
19:18:04.0765 2740 TrkWks - ok
19:18:04.0796 2740 TuneUp.Defrag (0d630405311e1ae574bc2ec6681e485e) C:\WINDOWS\System32\TuneUpDefragService.exe
19:18:04.0812 2740 TuneUp.Defrag - ok
19:18:04.0828 2740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:18:04.0828 2740 Udfs - ok
19:18:04.0843 2740 ultra - ok
19:18:04.0875 2740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:18:04.0890 2740 Update - ok
19:18:04.0906 2740 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
19:18:04.0906 2740 upnphost - ok
19:18:04.0921 2740 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
19:18:04.0937 2740 UPS - ok
19:18:04.0953 2740 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:18:04.0953 2740 USBAAPL - ok
19:18:04.0968 2740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:18:04.0968 2740 usbccgp - ok
19:18:04.0984 2740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:18:04.0984 2740 usbehci - ok
19:18:04.0984 2740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:18:04.0984 2740 usbhub - ok
19:18:05.0000 2740 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:18:05.0000 2740 usbohci - ok
19:18:05.0062 2740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:18:05.0062 2740 usbprint - ok
19:18:05.0078 2740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:18:05.0078 2740 usbscan - ok
19:18:05.0125 2740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:18:05.0125 2740 USBSTOR - ok
19:18:05.0156 2740 UxTuneUp (838c97b3d28bfebdd11d12adfe957004) C:\WINDOWS\System32\uxtuneup.dll
19:18:05.0156 2740 UxTuneUp - ok
19:18:05.0156 2740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:18:05.0156 2740 VgaSave - ok
19:18:05.0171 2740 ViaIde - ok
19:18:05.0171 2740 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
19:18:05.0187 2740 VolSnap - ok
19:18:05.0203 2740 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
19:18:05.0203 2740 VSS - ok
19:18:05.0218 2740 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
19:18:05.0218 2740 W32Time - ok
19:18:05.0265 2740 wampapache (375640f39f2d613b6fdcf8c2f956205a) c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
19:18:05.0281 2740 wampapache - ok
19:18:05.0312 2740 wampmysqld - ok
19:18:05.0312 2740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:18:05.0312 2740 Wanarp - ok
19:18:05.0375 2740 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:18:05.0375 2740 Wdf01000 - ok
19:18:05.0375 2740 WDICA - ok
19:18:05.0406 2740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:18:05.0406 2740 wdmaud - ok
19:18:05.0406 2740 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
19:18:05.0406 2740 WebClient - ok
19:18:05.0515 2740 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:18:05.0515 2740 winmgmt - ok
19:18:05.0546 2740 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:18:05.0546 2740 WmdmPmSN - ok
19:18:05.0593 2740 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
19:18:05.0593 2740 Wmi - ok
19:18:05.0625 2740 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:18:05.0625 2740 WmiApSrv - ok
19:18:05.0687 2740 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:18:05.0703 2740 WMPNetworkSvc - ok
19:18:05.0796 2740 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:18:05.0796 2740 WPFFontCache_v0400 - ok
19:18:05.0828 2740 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
19:18:05.0828 2740 wscsvc - ok
19:18:05.0859 2740 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:18:05.0859 2740 WSTCODEC - ok
19:18:05.0875 2740 WTService - ok
19:18:05.0890 2740 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
19:18:05.0906 2740 wuauserv - ok
19:18:05.0921 2740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:18:05.0921 2740 WudfPf - ok
19:18:05.0937 2740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:18:05.0937 2740 WudfRd - ok
19:18:05.0953 2740 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:18:05.0953 2740 WudfSvc - ok
19:18:05.0984 2740 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
19:18:06.0015 2740 WZCSVC - ok
19:18:06.0109 2740 XMail (b23e115bfb52f967f62b9040dd921629) C:\apache2triad\mail\bin\XMail.exe
19:18:06.0125 2740 XMail - ok
19:18:06.0140 2740 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
19:18:06.0156 2740 xmlprov - ok
19:18:06.0171 2740 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
19:18:06.0328 2740 \Device\Harddisk0\DR0 - ok
19:18:06.0343 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:18:06.0343 2740 \Device\Harddisk1\DR1 - ok
19:18:06.0390 2740 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk2\DR2
19:18:06.0468 2740 \Device\Harddisk2\DR2 - ok
19:18:06.0484 2740 Boot (0x1200) (58978f7e3d8a55ea41c966c03c669ac1) \Device\Harddisk0\DR0\Partition0
19:18:06.0484 2740 \Device\Harddisk0\DR0\Partition0 - ok
19:18:06.0500 2740 Boot (0x1200) (7f9ba64a1de9cc3ab75b4e8dc5c4c84f) \Device\Harddisk0\DR0\Partition1
19:18:06.0500 2740 \Device\Harddisk0\DR0\Partition1 - ok
19:18:06.0500 2740 Boot (0x1200) (0f2acc619e8605eda53b0bb919db5a67) \Device\Harddisk1\DR1\Partition0
19:18:06.0500 2740 \Device\Harddisk1\DR1\Partition0 - ok
19:18:06.0515 2740 Boot (0x1200) (a5304e0d28e6cfac2395281de645fd3a) \Device\Harddisk1\DR1\Partition1
19:18:06.0515 2740 \Device\Harddisk1\DR1\Partition1 - ok
19:18:06.0515 2740 Boot (0x1200) (7ad12073cbfe292499252663b54c7b01) \Device\Harddisk2\DR2\Partition0
19:18:06.0515 2740 \Device\Harddisk2\DR2\Partition0 - ok
19:18:06.0531 2740 Boot (0x1200) (8b4672f0448429681cee47be65c68632) \Device\Harddisk2\DR2\Partition1
19:18:06.0531 2740 \Device\Harddisk2\DR2\Partition1 - ok
19:18:06.0531 2740 ============================================================
19:18:06.0531 2740 Scan finished
19:18:06.0531 2740 ============================================================
19:18:06.0546 5052 Detected object count: 1
19:18:06.0546 5052 Actual detected object count: 1
19:18:13.0156 5052 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:18:13.0156 5052 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:18:15.0953 3200 Deinitialize success

Golfy · Příspěvekod **Golfy** » 03 dub 2012 19:59

ComboFix 12-04-03.02 - Golfy 03.04.2012 19:22:31.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2768 [GMT 2:00]
Spuštěný z: c:\documents and settings\Golfy\Plocha\ComboFix.exe
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Golfy\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
F:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-03 do 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-03-19 15:47 . 2012-03-19 15:47 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 15:47 . 2012-03-19 15:47 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 19:34 . 2012-03-19 17:00 -------- d-----w- c:\documents and settings\Golfy\Data aplikací\602XML
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\documents and settings\Golfy\Data aplikací\602Installer
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\program files\Common Files\soft602
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\program files\Software602
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\program files\Common Files\Freedom Scientific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 16:21 . 2010-05-02 13:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 17:06 . 2011-05-25 13:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 09:01 . 2010-04-03 16:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-17 09:00 . 2010-04-03 15:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-17 09:00 . 2010-04-03 15:59 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-17 09:00 . 2010-04-03 15:59 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-17 21:00 . 2011-01-06 16:37 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-19 15:47 . 2011-03-25 19:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"Aestan Tray Menu"="c:\wamp\wampmanager.exe" [2007-02-18 1152512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"MacrokeyManager"="WTMKM.exe" [2008-10-22 1969824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Golfy\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-7-2 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2009-7-3 738968]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-7-2 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-7-2 679936]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-12 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^createMiniDump_Rayjet.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\createMiniDump_Rayjet.lnk
backup=c:\windows\pss\createMiniDump_Rayjet.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiseStubReboot]
MSIEXEC [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EZEHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-29 10:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Server]
2010-04-27 08:35 1937408 ----a-w- c:\program files\USB Server 2\USB Server.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Steam"="c:\program files\Steam\Steam.exe" -silent
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\apache2triad\\bin\\httpd.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Formix SE\\Formix.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Eric's TelNet98\\Telnet98.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\apache2triad\\php\\bin\\DbgListener.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\SnugTV\\SnugTV Station\\AMAServer.exe"=
"c:\\Program Files\\SnugTV\\SnugTV Station\\ConfigWizard.exe"=
"c:\\Program Files\\Avid\\Studio\\programs\\RM.exe"=
"c:\\Program Files\\Avid\\Studio\\programs\\NGStudio.exe"=
"c:\\Program Files\\Avid\\Studio\\programs\\UMI.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Golfy\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.7.2009 21:56 717296]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6.1.2011 18:37 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6.1.2011 18:37 31704]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 13:55 85344]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2.7.2009 21:29 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2.7.2009 21:29 409600]
R2 AVerUpdateServer;AVerUpdateServer;c:\program files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [6.1.2011 14:42 168448]
R2 EPSON TM Parallel Port Driver;EPSON TM Parallel Port Driver;c:\windows\system32\drivers\tmlpt.sys [28.3.2011 7:20 18696]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [26.7.2011 11:09 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [26.7.2011 11:09 121856]
R2 EpsonPuras;Epson Puras Service;c:\program files\epson\EPuras\EPuras.exe [28.3.2011 7:20 438272]
R2 EpsonPurasLog;Epson Puras Log Service;c:\program files\epson\EPuras\EPurasLog.exe [28.3.2011 7:20 323584]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12.7.2010 19:09 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [24.1.2012 20:32 2253120]
R2 SnugTV Service;SnugTV Service;c:\program files\SnugTV\SnugTV Station\AMAServer.exe [5.1.2011 4:31 570880]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [23.2.2012 12:40 2886528]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 11:38 92008]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [20.2.2011 10:49 1170304]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [28.7.2009 17:25 27136]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [17.6.2009 18:55 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [17.6.2009 18:55 10384]
R3 NUS_Bus;Network USB Server Bus;c:\windows\system32\drivers\NUS_Bus.sys [28.1.2010 14:51 27392]
S1 sensorsview;sensorsview;\??\c:\program files\SensorsViewPro41\drv\sensorsview32.sys --> c:\program files\SensorsViewPro41\drv\sensorsview32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.11.2009 15:04 135664]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [24.10.2010 13:22 17408]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2.7.2009 21:46 1180672]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [31.8.2010 17:30 101520]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [29.9.2011 19:07 173056]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.11.2009 15:04 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.5.2010 15:42 40776]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6.3.2011 19:12 18432]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [24.10.2010 13:25 75207]
S3 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [24.10.2010 13:22 54272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [24.10.2010 13:23 339968]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 97071126
*NewlyCreated* - APPMGMT
*Deregistered* - 97071126
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:04]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:04]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 93.99.128.1 77.48.100.254
DPF: {26ACAE6F-BC95-44B4-9150-61E4D20D5C2E} - hxxp://mhd.frag.cz/loadgame_et.cab
FF - ProfilePath - c:\documents and settings\Golfy\Data aplikací\Mozilla\Firefox\Profiles\mo3hp3q0.default\
FF - user.js: capability.policy.policynames - allowclipboard
user_pref(capability.policy.allowclipboard.sites,
hxxp://hygienickyservis.itabo.cz http://tytyty.cz http://cipisekbazarek.cz);
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
AddRemove-Money S3 - c:\program files\CIGLER SOFTWARE\Common Files\Money S3\Setup\Uninst.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 19:32
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,d2,c3,67,dc,ca,d2,48,a1,09,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,d2,c3,67,dc,ca,d2,48,a1,09,53,\
.
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4571B2AB-AFA4-B64E-A7B9-EC7567198DF4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadiebhndjpcngehpo"=hex:6a,61,65,6f,6d,6f,62,6c,61,67,63,6c,65,6c,6c,68,6d,65,
6c,70,00,00
"hajcndefnahgikcm"=hex:6a,61,68,6f,6d,62,62,6d,67,6d,6f,6d,65,6a,65,6f,6e,6b,
63,64,00,00
.
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9372DDAE-F771-C125-BBFC-D09C5A1EE701}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iammghmppdnebeocdk"=hex:6a,61,69,65,66,66,69,64,70,6e,68,6b,6f,69,61,70,66,67,
6b,64,00,00
"hagmmogldbnmjjmm"=hex:6a,61,69,65,66,66,69,64,70,6e,68,6b,6f,69,61,70,66,67,
6b,64,00,ff
"iaicbaemikmjflokda"=hex:63,61,70,64,6c,6e,00,7c
.
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8b,cc,89,da,99,e1,3d,6d,03,eb,37,a1,09,5f,47,50,ca,a9,8c,cc,7e,
7f,8a,00,81,28,18,26,29,86,89,d2,45,db,ef,92,20,34,5c,5d,88,6c,72,ad,c6,29,\
"rkeysecu"=hex:47,a9,52,1c,db,f3,9d,f9,46,f0,34,d4,22,5e,26,85
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\guard32.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(972)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-04-03 19:35:06
ComboFix-quarantined-files.txt 2012-04-03 17:35
.
Před spuštěním: Volných bajtů: 133 597 335 552
Po spuštění: Volných bajtů: 134 002 831 360
.
- - End Of File - - D499977B1966C79D24C38616002CF2F6

Golfy · Příspěvekod **Golfy** » 03 dub 2012 19:59

Comodo využívám Firewall a také Defense+; ale jako program je to jen Comodo Firewall

Příspěvekod **jaro3** » 03 dub 2012 20:11

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

File::
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
sensorsview
gupdate

DDS::
uInternet Settings,ProxyOverride = <local>;*.local

RegNull::
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4571B2AB-AFA4-B64E-A7B9-EC7567198DF4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadiebhndjpcngehpo"=hex:6a,61,65,6f,6d,6f,62,6c,61,67,63,6c,65,6c,6c,68,6d,65,
 6c,70,00,00
"hajcndefnahgikcm"=hex:6a,61,68,6f,6d,62,62,6d,67,6d,6f,6d,65,6a,65,6f,6e,6b,
 63,64,00,00
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9372DDAE-F771-C125-BBFC-D09C5A1EE701}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iammghmppdnebeocdk"=hex:6a,61,69,65,66,66,69,64,70,6e,68,6b,6f,69,61,70,66,67,
 6b,64,00,00
"hagmmogldbnmjjmm"=hex:6a,61,69,65,66,66,69,64,70,6e,68,6b,6f,69,61,70,66,67,
 6b,64,00,ff
"iaicbaemikmjflokda"=hex:63,61,70,64,6c,6e,00,7c

RegLock::
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4571B2AB-AFA4-B64E-A7B9-EC7567198DF4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadiebhndjpcngehpo"=hex:6a,61,65,6f,6d,6f,62,6c,61,67,63,6c,65,6c,6c,68,6d,65,
 6c,70,00,00
"hajcndefnahgikcm"=hex:6a,61,68,6f,6d,62,62,6d,67,6d,6f,6d,65,6a,65,6f,6e,6b,
 63,64,00,00
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9372DDAE-F771-C125-BBFC-D09C5A1EE701}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iammghmppdnebeocdk"=hex:6a,61,69,65,66,66,69,64,70,6e,68,6b,6f,69,61,70,66,67,
 6b,64,00,00
"hagmmogldbnmjjmm"=hex:6a,61,69,65,66,66,69,64,70,6e,68,6b,6f,69,61,70,66,67,
 6b,64,00,ff
"iaicbaemikmjflokda"=hex:63,61,70,64,6c,6e,00,7c

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Golfy · Příspěvekod **Golfy** » 03 dub 2012 22:01

Zatím ComboFix, asw bude následovat

ComboFix 12-04-03.02 - Golfy 03.04.2012 21:25:52.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2687 [GMT 2:00]
Spuštěný z: c:\documents and settings\Golfy\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Golfy\Plocha\CFScript.txt
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_SENSORSVIEW
-------\Service_gupdate
-------\Service_sensorsview
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-03 do 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-03-19 15:47 . 2012-03-19 15:47 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 15:47 . 2012-03-19 15:47 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 19:34 . 2012-03-19 17:00 -------- d-----w- c:\documents and settings\Golfy\Data aplikací\602XML
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\documents and settings\Golfy\Data aplikací\602Installer
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\program files\Common Files\soft602
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\program files\Software602
2012-03-16 19:34 . 2012-03-16 19:34 -------- d-----w- c:\program files\Common Files\Freedom Scientific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 16:21 . 2010-05-02 13:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-22 17:06 . 2011-05-25 13:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 09:01 . 2010-04-03 16:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-17 09:00 . 2010-04-03 15:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-17 09:00 . 2010-04-03 15:59 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-17 09:00 . 2010-04-03 15:59 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-17 21:00 . 2011-01-06 16:37 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-19 15:47 . 2011-03-25 19:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_17.33.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 19:40 . 2012-04-03 19:40 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2009-07-02 16:43 . 2012-04-03 19:41 7439544 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"Aestan Tray Menu"="c:\wamp\wampmanager.exe" [2007-02-18 1152512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"MacrokeyManager"="WTMKM.exe" [2008-10-22 1969824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Golfy\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-7-2 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2009-7-3 738968]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-7-2 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-7-2 679936]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-12 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^createMiniDump_Rayjet.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\createMiniDump_Rayjet.lnk
backup=c:\windows\pss\createMiniDump_Rayjet.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiseStubReboot]
MSIEXEC [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EZEHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-29 10:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Server]
2010-04-27 08:35 1937408 ----a-w- c:\program files\USB Server 2\USB Server.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Steam"="c:\program files\Steam\Steam.exe" -silent
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\apache2triad\\bin\\httpd.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Formix SE\\Formix.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Eric's TelNet98\\Telnet98.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\apache2triad\\php\\bin\\DbgListener.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\SnugTV\\SnugTV Station\\AMAServer.exe"=
"c:\\Program Files\\SnugTV\\SnugTV Station\\ConfigWizard.exe"=
"c:\\Program Files\\Avid\\Studio\\programs\\RM.exe"=
"c:\\Program Files\\Avid\\Studio\\programs\\NGStudio.exe"=
"c:\\Program Files\\Avid\\Studio\\programs\\UMI.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Golfy\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.7.2009 21:56 717296]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6.1.2011 18:37 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6.1.2011 18:37 31704]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 13:55 85344]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2.7.2009 21:29 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2.7.2009 21:29 409600]
R2 AVerUpdateServer;AVerUpdateServer;c:\program files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [6.1.2011 14:42 168448]
R2 EPSON TM Parallel Port Driver;EPSON TM Parallel Port Driver;c:\windows\system32\drivers\tmlpt.sys [28.3.2011 7:20 18696]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [26.7.2011 11:09 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [26.7.2011 11:09 121856]
R2 EpsonPuras;Epson Puras Service;c:\program files\epson\EPuras\EPuras.exe [28.3.2011 7:20 438272]
R2 EpsonPurasLog;Epson Puras Log Service;c:\program files\epson\EPuras\EPurasLog.exe [28.3.2011 7:20 323584]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12.7.2010 19:09 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [24.1.2012 20:32 2253120]
R2 SnugTV Service;SnugTV Service;c:\program files\SnugTV\SnugTV Station\AMAServer.exe [5.1.2011 4:31 570880]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [23.2.2012 12:40 2886528]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 11:38 92008]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [20.2.2011 10:49 1170304]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [28.7.2009 17:25 27136]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [17.6.2009 18:55 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [17.6.2009 18:55 10384]
R3 NUS_Bus;Network USB Server Bus;c:\windows\system32\drivers\NUS_Bus.sys [28.1.2010 14:51 27392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [24.10.2010 13:22 17408]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2.7.2009 21:46 1180672]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [31.8.2010 17:30 101520]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [29.9.2011 19:07 173056]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.11.2009 15:04 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.5.2010 15:42 40776]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6.3.2011 19:12 18432]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [24.10.2010 13:25 75207]
S3 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [24.10.2010 13:22 54272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [24.10.2010 13:23 339968]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:04]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:04]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 93.99.128.1 77.48.100.254
DPF: {26ACAE6F-BC95-44B4-9150-61E4D20D5C2E} - hxxp://mhd.frag.cz/loadgame_et.cab
FF - ProfilePath - c:\documents and settings\Golfy\Data aplikací\Mozilla\Firefox\Profiles\mo3hp3q0.default\
FF - user.js: capability.policy.policynames - allowclipboard
user_pref(capability.policy.allowclipboard.sites,
hxxp://hygienickyservis.itabo.cz http://tytyty.cz http://cipisekbazarek.cz);
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 21:42
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,d2,c3,67,dc,ca,d2,48,a1,09,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,d2,c3,67,dc,ca,d2,48,a1,09,53,\
.
[HKEY_USERS\S-1-5-21-602162358-2052111302-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8b,cc,89,da,99,e1,3d,6d,03,eb,37,a1,09,5f,47,50,ca,a9,8c,cc,7e,
7f,8a,00,81,28,18,26,29,86,89,d2,45,db,ef,92,20,34,5c,5d,88,6c,72,ad,c6,29,\
"rkeysecu"=hex:47,a9,52,1c,db,f3,9d,f9,46,f0,34,d4,22,5e,26,85
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(1052)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(4952)
c:\windows\system32\guard32.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\TeamViewer\Version7\tv_w32.dll
c:\documents and settings\Golfy\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MPR.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(960)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\atwtusb.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\WTMKM.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
.
**************************************************************************
.
Celkový čas: 2012-04-03 21:47:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-03 19:47
ComboFix2.txt 2012-04-03 17:35
.
Před spuštěním: Volných bajtů: 133 998 977 024
Po spuštění: Volných bajtů: 133 791 342 592
.
- - End Of File - - 0CFEEBE86E38A1D4A0B441C19D7B3766

Golfy · Příspěvekod **Golfy** » 03 dub 2012 22:03

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 22:01:46
-----------------------------
22:01:46.406 OS Version: Windows 5.1.2600 Service Pack 3
22:01:46.406 Number of processors: 4 586 0x203
22:01:46.406 ComputerName: GOLFY- UserName: Golfy
22:01:47.671 Initialize success
22:02:32.015 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:02:32.015 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
22:02:32.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077
22:02:32.015 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
22:02:32.015 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\0000007b
22:02:32.015 Disk 2 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
22:02:32.031 Device \Driver\nvata -> MajorFunction 8b84b1f8
22:02:32.046 Disk 2 MBR read successfully
22:02:32.046 Disk 2 MBR scan
22:02:32.046 Disk 2 Windows XP default MBR code
22:02:32.046 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 410442 MB offset 2048
22:02:32.046 Disk 2 Partition - 00 05 Extended 543426 MB offset 840587264
22:02:32.078 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 154042 MB offset 840589312
22:02:32.078 Disk 2 scanning sectors +1953525168
22:02:32.125 Disk 2 scanning C:\WINDOWS\system32\drivers
22:02:36.187 Service scanning
22:02:42.218 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:02:44.421 Modules scanning
22:02:47.765 Disk 2 trace - called modules:
22:02:47.781 TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8b84b1f8]<<
22:02:47.781 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8b80bab8]
22:02:47.781 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8b7b1bc0]
22:02:47.781 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\0000007b[0x8b77d030]
22:02:47.781 \Driver\nvata[0x8b785a08] -> IRP_MJ_CREATE -> 0x8b84b1f8
22:02:47.781 Scan finished successfully
22:02:53.812 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Golfy\Plocha\MBR.dat"
22:02:53.812 The log file has been saved successfully to "C:\Documents and Settings\Golfy\Plocha\aswMBR.txt"

Golfy · Příspěvekod **Golfy** » 03 dub 2012 22:03

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:03:47, on 3.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EPuras\EPurasLog.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\EPSON\EPuras\EPuras.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\wamp\wampmanager.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Golfy\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Golfy\Dokumenty\Stažené soubory\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aestan Tray Menu] C:\wamp\wampmanager.exe
O4 - HKUS\S-1-5-21-602162358-2052111302-725345543-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26ACAE6F-BC95-44B4-9150-61E4D20D5C2E} (Activex Control) - http://mhd.frag.cz/loadgame_et.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: AVerUpdateServer - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Epson Puras Service (EpsonPuras) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPuras\EPuras.exe
O23 - Service: Epson Puras Log Service (EpsonPurasLog) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPuras\EPurasLog.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: SnugTV Service - AVerMedia Technologies, Inc. - C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe
O24 - Desktop Component 0: (no name) - http://www.dpnet.org/caches/background/ ... lendar.jpg

--
End of file - 15057 bytes

Damned · Příspěvekod **Damned** » 03 dub 2012 23:12

Odinstaluj ComboFix. ComboFix se odinstaluje takto:
Vypni antivir a pokud máš i Antispyware ( nutné ) .

Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall

Stáhni si T-Cleaner (nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš - volíš a/n)

(pozn.Pokud máš Avast,AVG,Aviru, MSSE před stažením T-Cleaneru a po dobu čištění deaktivuj Avast,AVG,Aviru,MSSE (i rezidenty), následně T-Cleaner smaž a zapni si Avast,AVG, Aviru...)
*************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup, zaškrtni Pro všechny uživatele.Pod Běžné registry změň na Vše, Specifické registry na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Kontrola - HJT - malware Vyřešeno

Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Re: Kontrola - HJT - malware

Kdo je online