Prosím o kontrolu logu nalezeny rootkit

jakubha · Příspěvekod **jakubha** » 11 srp 2012 14:49

Zdravím,

prosím o kontrolu níže uvedeného logu. AVG 12 nalezlo 3 rootkity, které neumí vyléčit
1) Inline hook ntkrnlpa.exe
2) Hook funkce služby NtCreate ThreadEx
3) Hook funkce služby NtMapViweOfSection.

Nabízí jejich odstranění a následný restart, po kterém jsou rootkity opět v systému. Mnou původně využívaný stále aktualizovaný avast vůbec a jiné programy rootkity nenalezly. Win7 mají všechny dostupné aktualizace.

Počítač se chová nestandardně, je neúměrně pomalý i při banálních záležitostech, hlavně při připojení do sítě přes wi-fi během několika minut zamrzá. Lze jej využívat pouze v nouzovém režimu.

Přikládám log z HiJackThis a díky za rady.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:05:33, on 11.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\AsScrPro.exe
C:\Program Files\ASUS\Asus WebStorage\BackupService.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\ŽaK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ŽaK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ŽaK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ŽaK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll" (file missing)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [HotKeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\windows\AsScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxExt] C:\windows\system32\IgfxExt.exe /RegServer
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [DigitalZoomControl] "C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\windows\system32\UAService7.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 14131 bytes

Reklama

Příspěvekod **memphisto** » 11 srp 2012 16:51

Odinstaluj Dealio Toolbar, Spyware Terminátora, Trojan Scanner, Search Settings

v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll" (file missing)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

jakubha · Příspěvekod **jakubha** » 12 srp 2012 09:14

Radky, tykající se odinstalovaných aplikací, nebylo možné zafixovat. Ostatní provedené dle popisu. Ještě drobnost k ATF cleaner k prohlížeči, používám Google Chrome.

Log z Anti Malware:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.11.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ŽaK :: PC [administrátor]

Ochrana: Povolena

11.8.2012 17:33:43
mbam-log-2012-08-11 (17-33-43).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 359527
Uplynulý čas: 2 hodin, 7 minut, 45 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

jakubha · Příspěvekod **jakubha** » 12 srp 2012 09:14

Radky, tykající se odinstalovaných aplikací, nebylo možné zafixovat. Ostatní provedené dle popisu. Ještě drobnost k ATF cleaner k prohlížeči, používám Google Chrome.

Log z Anti Malware:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.11.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ŽaK :: PC [administrátor]

Ochrana: Povolena

11.8.2012 17:33:43
mbam-log-2012-08-11 (17-33-43).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 359527
Uplynulý čas: 2 hodin, 7 minut, 45 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Příspěvekod **jaro3** » 12 srp 2012 11:32

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

jakubha · Příspěvekod **jakubha** » 12 srp 2012 17:56

Nejprve log z TDSSKiller

2012/08/12 12:28:26.0139 4488 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2012/08/12 12:28:26.0420 4488 ================================================================================
2012/08/12 12:28:26.0420 4488 SystemInfo:
2012/08/12 12:28:26.0420 4488
2012/08/12 12:28:26.0420 4488 OS Version: 6.1.7601 ServicePack: 1.0
2012/08/12 12:28:26.0420 4488 Product type: Workstation
2012/08/12 12:28:26.0420 4488 ComputerName: PC
2012/08/12 12:28:26.0420 4488 UserName: ŽaK
2012/08/12 12:28:26.0420 4488 Windows directory: C:\windows
2012/08/12 12:28:26.0420 4488 System windows directory: C:\windows
2012/08/12 12:28:26.0420 4488 Processor architecture: Intel x86
2012/08/12 12:28:26.0420 4488 Number of processors: 2
2012/08/12 12:28:26.0420 4488 Page size: 0x1000
2012/08/12 12:28:26.0420 4488 Boot type: Normal boot
2012/08/12 12:28:26.0420 4488 ================================================================================
2012/08/12 12:28:27.0653 4488 Initialize success
2012/08/12 12:28:35.0718 5148 ================================================================================
2012/08/12 12:28:35.0718 5148 Scan started
2012/08/12 12:28:35.0718 5148 Mode: Manual;
2012/08/12 12:28:35.0718 5148 ================================================================================
2012/08/12 12:28:37.0418 5148 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2012/08/12 12:28:37.0668 5148 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2012/08/12 12:28:37.0855 5148 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2012/08/12 12:28:38.0073 5148 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2012/08/12 12:28:38.0307 5148 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2012/08/12 12:28:38.0573 5148 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2012/08/12 12:28:38.0807 5148 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
2012/08/12 12:28:39.0041 5148 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2012/08/12 12:28:39.0181 5148 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2012/08/12 12:28:39.0462 5148 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2012/08/12 12:28:39.0618 5148 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2012/08/12 12:28:39.0852 5148 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2012/08/12 12:28:40.0039 5148 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2012/08/12 12:28:40.0226 5148 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2012/08/12 12:28:40.0413 5148 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
2012/08/12 12:28:40.0694 5148 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2012/08/12 12:28:40.0866 5148 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
2012/08/12 12:28:41.0037 5148 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2012/08/12 12:28:41.0334 5148 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2012/08/12 12:28:41.0443 5148 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2012/08/12 12:28:41.0568 5148 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
2012/08/12 12:28:41.0880 5148 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\windows\system32\drivers\aswFsBlk.sys
2012/08/12 12:28:42.0145 5148 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\windows\system32\drivers\aswMonFlt.sys
2012/08/12 12:28:42.0379 5148 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\windows\system32\drivers\aswRdr.sys
2012/08/12 12:28:42.0675 5148 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\windows\system32\drivers\aswSnx.sys
2012/08/12 12:28:42.0941 5148 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\windows\system32\drivers\aswSP.sys
2012/08/12 12:28:43.0175 5148 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\windows\system32\drivers\aswTdi.sys
2012/08/12 12:28:43.0346 5148 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2012/08/12 12:28:43.0471 5148 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2012/08/12 12:28:43.0877 5148 athr (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys
2012/08/12 12:28:44.0251 5148 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\windows\system32\DRIVERS\avgarkt.sys
2012/08/12 12:28:44.0485 5148 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
2012/08/12 12:28:44.0813 5148 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\windows\system32\DRIVERS\AvgArCln.sys
2012/08/12 12:28:45.0047 5148 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\windows\system32\DRIVERS\AvgAsCln.sys
2012/08/12 12:28:45.0296 5148 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\windows\system32\DRIVERS\avgidsdriverx.sys
2012/08/12 12:28:45.0608 5148 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\windows\system32\DRIVERS\avgidsfilterx.sys
2012/08/12 12:28:45.0842 5148 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\windows\system32\DRIVERS\avgidshx.sys
2012/08/12 12:28:45.0983 5148 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\windows\system32\DRIVERS\avgidsshimx.sys
2012/08/12 12:28:46.0139 5148 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\windows\system32\DRIVERS\avgldx86.sys
2012/08/12 12:28:46.0404 5148 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\windows\system32\DRIVERS\avgmfx86.sys
2012/08/12 12:28:46.0638 5148 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\windows\system32\DRIVERS\avgrkx86.sys
2012/08/12 12:28:46.0825 5148 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\windows\system32\DRIVERS\avgtdix.sys
2012/08/12 12:28:47.0106 5148 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2012/08/12 12:28:47.0355 5148 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2012/08/12 12:28:47.0621 5148 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2012/08/12 12:28:47.0933 5148 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2012/08/12 12:28:48.0167 5148 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
2012/08/12 12:28:48.0338 5148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2012/08/12 12:28:48.0432 5148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2012/08/12 12:28:48.0759 5148 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2012/08/12 12:28:48.0884 5148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2012/08/12 12:28:48.0947 5148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2012/08/12 12:28:49.0056 5148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2012/08/12 12:28:49.0243 5148 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
2012/08/12 12:28:49.0399 5148 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2012/08/12 12:28:49.0617 5148 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2012/08/12 12:28:49.0898 5148 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
2012/08/12 12:28:50.0148 5148 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
2012/08/12 12:28:50.0304 5148 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
2012/08/12 12:28:50.0397 5148 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
2012/08/12 12:28:50.0600 5148 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\drivers\btwavdt.sys
2012/08/12 12:28:50.0959 5148 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2012/08/12 12:28:51.0224 5148 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
2012/08/12 12:28:51.0396 5148 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2012/08/12 12:28:51.0770 5148 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
2012/08/12 12:28:52.0004 5148 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2012/08/12 12:28:52.0223 5148 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2012/08/12 12:28:52.0503 5148 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2012/08/12 12:28:52.0722 5148 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2012/08/12 12:28:52.0956 5148 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
2012/08/12 12:28:53.0143 5148 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2012/08/12 12:28:53.0315 5148 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2012/08/12 12:28:53.0595 5148 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2012/08/12 12:28:53.0985 5148 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2012/08/12 12:28:54.0235 5148 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2012/08/12 12:28:54.0469 5148 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2012/08/12 12:28:54.0765 5148 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2012/08/12 12:28:54.0953 5148 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2012/08/12 12:28:55.0358 5148 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2012/08/12 12:28:55.0670 5148 EC168BDA (605b2a95557fd4c20bf32c985bd274bf) C:\windows\system32\DRIVERS\EC168BDA.sys
2012/08/12 12:28:55.0935 5148 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2012/08/12 12:28:56.0247 5148 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2012/08/12 12:28:56.0528 5148 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2012/08/12 12:28:56.0731 5148 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2012/08/12 12:28:56.0996 5148 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2012/08/12 12:28:57.0215 5148 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2012/08/12 12:28:57.0293 5148 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2012/08/12 12:28:57.0402 5148 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2012/08/12 12:28:57.0761 5148 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2012/08/12 12:28:57.0979 5148 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2012/08/12 12:28:58.0135 5148 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2012/08/12 12:28:58.0400 5148 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
2012/08/12 12:28:58.0587 5148 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2012/08/12 12:28:58.0790 5148 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2012/08/12 12:28:58.0993 5148 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2012/08/12 12:28:59.0165 5148 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2012/08/12 12:28:59.0383 5148 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2012/08/12 12:28:59.0586 5148 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2012/08/12 12:28:59.0804 5148 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2012/08/12 12:28:59.0976 5148 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2012/08/12 12:29:00.0163 5148 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\drivers\hidusb.sys
2012/08/12 12:29:00.0522 5148 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2012/08/12 12:29:00.0771 5148 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2012/08/12 12:29:01.0037 5148 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2012/08/12 12:29:01.0255 5148 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2012/08/12 12:29:01.0505 5148 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
2012/08/12 12:29:01.0770 5148 igd (f918d5396d2c5fa76c938d471c46ba2a) C:\windows\system32\DRIVERS\igdkmd32.sys
2012/08/12 12:29:01.0910 5148 igfx (f918d5396d2c5fa76c938d471c46ba2a) C:\windows\system32\DRIVERS\igdkmd32.sys
2012/08/12 12:29:02.0160 5148 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2012/08/12 12:29:02.0456 5148 IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\windows\system32\drivers\RTKVHDA.sys
2012/08/12 12:29:02.0753 5148 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2012/08/12 12:29:02.0893 5148 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2012/08/12 12:29:03.0065 5148 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2012/08/12 12:29:03.0330 5148 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2012/08/12 12:29:03.0455 5148 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2012/08/12 12:29:03.0611 5148 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2012/08/12 12:29:03.0860 5148 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2012/08/12 12:29:04.0063 5148 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2012/08/12 12:29:04.0281 5148 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2012/08/12 12:29:04.0531 5148 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2012/08/12 12:29:04.0687 5148 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
2012/08/12 12:29:04.0937 5148 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
2012/08/12 12:29:05.0093 5148 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
2012/08/12 12:29:05.0467 5148 L1C (3705b2273e8efc9a707864ab7324b614) C:\windows\system32\DRIVERS\L1C62x86.sys
2012/08/12 12:29:05.0763 5148 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2012/08/12 12:29:06.0075 5148 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2012/08/12 12:29:06.0278 5148 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2012/08/12 12:29:06.0512 5148 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2012/08/12 12:29:06.0590 5148 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2012/08/12 12:29:06.0871 5148 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2012/08/12 12:29:07.0058 5148 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys
2012/08/12 12:29:07.0292 5148 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2012/08/12 12:29:07.0448 5148 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2012/08/12 12:29:07.0713 5148 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\windows\system32\A44D.tmp
2012/08/12 12:29:07.0947 5148 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2012/08/12 12:29:08.0135 5148 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2012/08/12 12:29:08.0306 5148 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2012/08/12 12:29:08.0587 5148 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2012/08/12 12:29:08.0805 5148 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2012/08/12 12:29:09.0039 5148 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2012/08/12 12:29:09.0289 5148 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2012/08/12 12:29:09.0507 5148 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2012/08/12 12:29:09.0710 5148 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
2012/08/12 12:29:09.0929 5148 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
2012/08/12 12:29:10.0194 5148 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
2012/08/12 12:29:10.0350 5148 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2012/08/12 12:29:10.0537 5148 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2012/08/12 12:29:10.0802 5148 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2012/08/12 12:29:10.0989 5148 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2012/08/12 12:29:11.0177 5148 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2012/08/12 12:29:11.0442 5148 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2012/08/12 12:29:11.0629 5148 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2012/08/12 12:29:11.0879 5148 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2012/08/12 12:29:11.0988 5148 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2012/08/12 12:29:12.0222 5148 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2012/08/12 12:29:12.0456 5148 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2012/08/12 12:29:12.0705 5148 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2012/08/12 12:29:12.0924 5148 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2012/08/12 12:29:13.0236 5148 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2012/08/12 12:29:13.0470 5148 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2012/08/12 12:29:13.0735 5148 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2012/08/12 12:29:13.0953 5148 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2012/08/12 12:29:14.0125 5148 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2012/08/12 12:29:14.0312 5148 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2012/08/12 12:29:14.0468 5148 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2012/08/12 12:29:14.0718 5148 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2012/08/12 12:29:14.0999 5148 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2012/08/12 12:29:15.0420 5148 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\windows\system32\DRIVERS\netr73.sys
2012/08/12 12:29:15.0638 5148 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2012/08/12 12:29:15.0919 5148 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\windows\system32\drivers\ccdcmb.sys
2012/08/12 12:29:16.0169 5148 nmwcdc (3859c69a77793180548802dac9f34a38) C:\windows\system32\drivers\ccdcmbo.sys
2012/08/12 12:29:16.0387 5148 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\windows\system32\drivers\nmwcdnsu.sys
2012/08/12 12:29:16.0637 5148 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\windows\system32\drivers\nmwcdnsuc.sys
2012/08/12 12:29:16.0855 5148 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2012/08/12 12:29:16.0964 5148 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2012/08/12 12:29:17.0245 5148 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
2012/08/12 12:29:17.0541 5148 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2012/08/12 12:29:17.0729 5148 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
2012/08/12 12:29:17.0963 5148 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
2012/08/12 12:29:18.0181 5148 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2012/08/12 12:29:18.0321 5148 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2012/08/12 12:29:18.0696 5148 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2012/08/12 12:29:18.0945 5148 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
2012/08/12 12:29:19.0133 5148 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2012/08/12 12:29:19.0367 5148 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
2012/08/12 12:29:19.0491 5148 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2012/08/12 12:29:19.0632 5148 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2012/08/12 12:29:19.0881 5148 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2012/08/12 12:29:19.0975 5148 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2012/08/12 12:29:20.0131 5148 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2012/08/12 12:29:20.0615 5148 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2012/08/12 12:29:20.0895 5148 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2012/08/12 12:29:21.0176 5148 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2012/08/12 12:29:21.0410 5148 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2012/08/12 12:29:21.0753 5148 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2012/08/12 12:29:21.0956 5148 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2012/08/12 12:29:22.0128 5148 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2012/08/12 12:29:22.0377 5148 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2012/08/12 12:29:22.0627 5148 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2012/08/12 12:29:22.0955 5148 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2012/08/12 12:29:23.0079 5148 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2012/08/12 12:29:23.0298 5148 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2012/08/12 12:29:23.0532 5148 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2012/08/12 12:29:23.0797 5148 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2012/08/12 12:29:24.0031 5148 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2012/08/12 12:29:24.0171 5148 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2012/08/12 12:29:24.0452 5148 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
2012/08/12 12:29:24.0780 5148 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2012/08/12 12:29:25.0029 5148 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2012/08/12 12:29:25.0373 5148 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2012/08/12 12:29:25.0638 5148 s1039bus (20eb79fd0a13a18b70b6731a1285ca94) C:\windows\system32\DRIVERS\s1039bus.sys
2012/08/12 12:29:25.0965 5148 s1039mdfl (58780c6c3ad51da84b57d6ae42dc49ca) C:\windows\system32\DRIVERS\s1039mdfl.sys
2012/08/12 12:29:26.0277 5148 s1039mdm (1ff8b42d1346133a945b52876376ed40) C:\windows\system32\DRIVERS\s1039mdm.sys
2012/08/12 12:29:26.0605 5148 s1039mgmt (f64c13c549cb4732fe99c771fa35d038) C:\windows\system32\DRIVERS\s1039mgmt.sys
2012/08/12 12:29:27.0151 5148 s1039nd5 (ec22d9baa464a892c0637982b67292e6) C:\windows\system32\DRIVERS\s1039nd5.sys
2012/08/12 12:29:27.0369 5148 s1039obex (69e9ce002e7249e61ff2ea1336c71d89) C:\windows\system32\DRIVERS\s1039obex.sys
2012/08/12 12:29:27.0713 5148 s1039unic (482dfb3721a0de11cc22b439d17c348c) C:\windows\system32\DRIVERS\s1039unic.sys
2012/08/12 12:29:27.0993 5148 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2012/08/12 12:29:28.0337 5148 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2012/08/12 12:29:28.0836 5148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2012/08/12 12:29:29.0195 5148 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2012/08/12 12:29:29.0507 5148 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2012/08/12 12:29:29.0725 5148 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2012/08/12 12:29:30.0318 5148 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2012/08/12 12:29:30.0521 5148 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2012/08/12 12:29:30.0770 5148 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2012/08/12 12:29:31.0051 5148 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2012/08/12 12:29:31.0270 5148 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2012/08/12 12:29:31.0441 5148 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2012/08/12 12:29:31.0706 5148 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2012/08/12 12:29:31.0894 5148 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2012/08/12 12:29:32.0237 5148 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2012/08/12 12:29:32.0611 5148 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
2012/08/12 12:29:32.0861 5148 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
2012/08/12 12:29:33.0048 5148 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
2012/08/12 12:29:33.0344 5148 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2012/08/12 12:29:33.0610 5148 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2012/08/12 12:29:33.0890 5148 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2012/08/12 12:29:34.0312 5148 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
2012/08/12 12:29:34.0811 5148 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
2012/08/12 12:29:35.0076 5148 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2012/08/12 12:29:35.0372 5148 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2012/08/12 12:29:35.0544 5148 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
2012/08/12 12:29:35.0887 5148 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2012/08/12 12:29:36.0152 5148 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2012/08/12 12:29:36.0542 5148 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2012/08/12 12:29:36.0761 5148 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2012/08/12 12:29:36.0979 5148 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2012/08/12 12:29:37.0104 5148 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2012/08/12 12:29:37.0354 5148 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2012/08/12 12:29:37.0650 5148 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2012/08/12 12:29:37.0884 5148 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2012/08/12 12:29:38.0102 5148 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2012/08/12 12:29:38.0446 5148 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
2012/08/12 12:29:38.0633 5148 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
2012/08/12 12:29:38.0929 5148 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2012/08/12 12:29:39.0101 5148 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
2012/08/12 12:29:39.0428 5148 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
2012/08/12 12:29:39.0631 5148 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
2012/08/12 12:29:39.0959 5148 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2012/08/12 12:29:40.0286 5148 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\windows\system32\drivers\usbser.sys
2012/08/12 12:29:40.0552 5148 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
2012/08/12 12:29:41.0035 5148 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
2012/08/12 12:29:41.0285 5148 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
2012/08/12 12:29:41.0456 5148 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
2012/08/12 12:29:41.0777 5148 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2012/08/12 12:29:42.0006 5148 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2012/08/12 12:29:42.0146 5148 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2012/08/12 12:29:42.0443 5148 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2012/08/12 12:29:42.0724 5148 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2012/08/12 12:29:42.0958 5148 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2012/08/12 12:29:43.0207 5148 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2012/08/12 12:29:43.0410 5148 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2012/08/12 12:29:43.0613 5148 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2012/08/12 12:29:43.0878 5148 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2012/08/12 12:29:44.0128 5148 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2012/08/12 12:29:44.0408 5148 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2012/08/12 12:29:44.0736 5148 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2012/08/12 12:29:44.0970 5148 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2012/08/12 12:29:45.0235 5148 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2012/08/12 12:29:45.0594 5148 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2012/08/12 12:29:45.0688 5148 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2012/08/12 12:29:46.0156 5148 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2012/08/12 12:29:46.0374 5148 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2012/08/12 12:29:46.0826 5148 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2012/08/12 12:29:46.0982 5148 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2012/08/12 12:29:47.0435 5148 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
2012/08/12 12:29:47.0809 5148 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2012/08/12 12:29:48.0137 5148 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2012/08/12 12:29:48.0433 5148 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2012/08/12 12:29:48.0652 5148 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2012/08/12 12:29:49.0416 5148 ================================================================================
2012/08/12 12:29:49.0416 5148 Scan finished
2012/08/12 12:29:49.0416 5148 ================================================================================
2012/08/12 12:57:57.0443 1300 Deinitialize success

jakubha · Příspěvekod **jakubha** » 12 srp 2012 18:01

Log z Combo, jen pro zajímavost to běželo místo avizovaných několika desítek minut, několik hodin:-)

ComboFix 12-08-10.02 - ŽaK 12.08.2012 13:55:10.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2038.1165 [GMT 2:00]
Spuštěný z: c:\users\ÄaK\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeBA51.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\A44D.tmp
c:\windows\system32\B5E8.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET7CF.tmp
c:\windows\system32\SETADD.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-12 do 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 12:50 . 2012-08-12 15:02 -------- d-----w- c:\users\ŽaK\AppData\Local\temp
2012-08-12 12:50 . 2012-08-12 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 22:34 . 2012-08-11 22:34 -------- d-----w- c:\users\ŽaK\AppData\Local\AVG Secure Search
2012-08-11 22:26 . 2012-08-11 22:26 -------- d-----w- C:\found.000
2012-08-11 10:51 . 2012-08-11 10:51 388096 ----a-r- c:\users\ŽaK\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 10:51 . 2012-08-11 10:51 -------- d-----w- c:\program files\Trend Micro
2012-08-09 19:20 . 2012-08-10 06:51 -------- d-----w- c:\users\ŽaK\AppData\Local\NPE
2012-08-09 09:36 . 2012-08-11 09:24 -------- d-----w- c:\programdata\Norton
2012-08-08 17:01 . 2012-08-08 17:01 -------- d-----w- c:\program files\Sophos
2012-08-08 17:00 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2012-08-08 06:02 . 2012-08-08 06:02 -------- d-----w- c:\users\ŽaK\AppData\Roaming\Grisoft
2012-08-08 06:01 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2012-08-08 06:01 . 2012-08-08 06:01 -------- d-----w- c:\programdata\Grisoft
2012-08-07 15:50 . 2012-08-07 15:50 -------- d-----w- c:\users\ŽaK\AppData\Roaming\Malwarebytes
2012-08-07 15:49 . 2012-08-07 15:49 -------- d-----w- c:\programdata\Malwarebytes
2012-08-07 15:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 15:49 . 2012-08-07 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-06 19:43 . 2012-08-06 19:43 -------- d-----w- c:\users\ŽaK\AppData\Roaming\AVG2012
2012-08-06 19:40 . 2012-08-10 01:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-06 19:40 . 2012-08-06 19:40 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-06 19:40 . 2012-08-10 01:35 -------- d-----w- c:\program files\AVG Secure Search
2012-08-06 19:36 . 2012-08-11 10:15 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-06 19:36 . 2012-08-06 19:36 -------- d-----w- C:\$AVG
2012-08-06 19:21 . 2012-08-10 12:18 -------- d-----w- c:\programdata\AVG2012
2012-08-06 19:20 . 2012-08-06 19:20 -------- d-----w- c:\program files\AVG
2012-08-06 19:19 . 2012-08-06 19:19 -------- d--h--w- c:\programdata\Common Files
2012-08-06 19:19 . 2012-08-10 04:40 -------- d-----w- c:\programdata\MFAData
2012-08-06 18:42 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A9700A8-990C-408A-95D3-F1273A0E7343}\mpengine.dll
2012-08-02 01:01 . 2012-08-02 01:01 -------- d-----w- C:\Temp
2012-07-29 16:10 . 2012-07-29 16:10 -------- d-----w- c:\program files\CCleaner
2012-07-19 15:11 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 15:08 . 2011-11-09 16:18 126976 ----a-w- c:\windows\system32\UAService7.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-06 05:05 . 2012-07-11 15:09 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:08 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-23 13:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 13:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 13:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 13:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 13:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 13:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 13:27 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 13:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 13:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 15:09 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 15:09 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 15:09 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 15:09 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 15:09 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-02 18:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-26 08:39 . 2012-05-26 08:39 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-10 00:07 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-05-26 651264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-10 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-2 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 18:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-10-01 16:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 21:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 21:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.364.0\SeaPort.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netr73;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.364.0\BBSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-AVG Anti-Spyware Driver
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-428573260-2283684235-4234069610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-428573260-2283684235-4234069610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1972)
c:\progra~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-08-12 17:12:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-12 15:12
.
Před spuštěním: Volných bajtů: 15 462 002 688
Po spuštění: Volných bajtů: 15 130 472 448
.
- - End Of File - - BAFD3868E6AE4A948964829A0F27EB52

Příspěvekod **jaro3** » 12 srp 2012 20:33

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

jakubha · Příspěvekod **jakubha** » 12 srp 2012 21:17

Přikládám log ze SecurityCheck

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
AVG Anti-Virus 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AVG Anti-Spyware 7.5
AVG Anti-Rootkit Free
Sophos Anti-Rootkit 1.5.20
Malwarebytes Anti-Malware verze 1.62.0.1300
CCleaner
Java(TM) 6 Update 25
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Příspěvekod **jaro3** » 13 srp 2012 10:19

avast! Antivirus
AVG Anti-Virus 2012

jeden z antivirů musíš odinstalovat !!

Pak nový Combofix.

jakubha · Příspěvekod **jakubha** » 13 srp 2012 11:33

Avast odinstalován.

Nový log:

ComboFix 12-08-10.02 - ŽaK 13.08.2012 10:47:03.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2038.1016 [GMT 2:00]
Spuštěný z: c:\users\ÄaK\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\02012010_TIS17_SfFniAU.log
c:\windows\system32\service\02022010_TIS17_PccScan.log
c:\windows\system32\service\03052010_TIS17_PccScan.log
c:\windows\system32\service\07012010_TIS17_PccScan.log
c:\windows\system32\service\08042010_TIS17_PccScan.log
c:\windows\system32\service\11012010_TIS17_PccScan.log
c:\windows\system32\service\12022010_TIS17_PccScan.log
c:\windows\system32\service\15022010_TIS17_SfFniAU.log
c:\windows\system32\service\18022010_TIS17_PccScan.log
c:\windows\system32\service\18042010_TIS17_PccScan.log
c:\windows\system32\service\18052010_TIS17_PccScan.log
c:\windows\system32\service\20042010_TIS17_SfFniAU.log
c:\windows\system32\service\21022010_TIS17_PccScan.log
c:\windows\system32\service\21022010_TIS17_SfFniAU.log
c:\windows\system32\service\21082010_TIS17_PccScan.log
c:\windows\system32\service\25022010_TIS17_PccScan.log
c:\windows\system32\service\25022010_TIS17_SfFniAU.log
c:\windows\system32\service\27022010_TIS17_PccScan.log
c:\windows\system32\service\27042010_TIS17_PccScan.log
c:\windows\system32\service\27042010_TIS17_SfFniAU.log
c:\windows\system32\service\27122009_TIS17_PccScan.log
c:\windows\system32\service\30122009_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-13 do 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 09:06 . 2012-08-13 09:08 -------- d-----w- c:\users\ŽaK\AppData\Local\temp
2012-08-13 09:06 . 2012-08-13 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 22:34 . 2012-08-11 22:34 -------- d-----w- c:\users\ŽaK\AppData\Local\AVG Secure Search
2012-08-11 22:26 . 2012-08-11 22:26 -------- d-----w- C:\found.000
2012-08-11 10:51 . 2012-08-11 10:51 388096 ----a-r- c:\users\ŽaK\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 10:51 . 2012-08-11 10:51 -------- d-----w- c:\program files\Trend Micro
2012-08-09 19:20 . 2012-08-10 06:51 -------- d-----w- c:\users\ŽaK\AppData\Local\NPE
2012-08-09 09:36 . 2012-08-11 09:24 -------- d-----w- c:\programdata\Norton
2012-08-08 17:01 . 2012-08-08 17:01 -------- d-----w- c:\program files\Sophos
2012-08-08 17:00 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2012-08-08 06:02 . 2012-08-08 06:02 -------- d-----w- c:\users\ŽaK\AppData\Roaming\Grisoft
2012-08-08 06:01 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2012-08-08 06:01 . 2012-08-08 06:01 -------- d-----w- c:\programdata\Grisoft
2012-08-07 15:50 . 2012-08-07 15:50 -------- d-----w- c:\users\ŽaK\AppData\Roaming\Malwarebytes
2012-08-07 15:49 . 2012-08-07 15:49 -------- d-----w- c:\programdata\Malwarebytes
2012-08-07 15:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 15:49 . 2012-08-07 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-06 19:43 . 2012-08-06 19:43 -------- d-----w- c:\users\ŽaK\AppData\Roaming\AVG2012
2012-08-06 19:40 . 2012-08-10 01:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-06 19:40 . 2012-08-06 19:40 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-06 19:40 . 2012-08-10 01:35 -------- d-----w- c:\program files\AVG Secure Search
2012-08-06 19:36 . 2012-08-12 20:58 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-06 19:36 . 2012-08-06 19:36 -------- d-----w- C:\$AVG
2012-08-06 19:21 . 2012-08-10 12:18 -------- d-----w- c:\programdata\AVG2012
2012-08-06 19:20 . 2012-08-06 19:20 -------- d-----w- c:\program files\AVG
2012-08-06 19:19 . 2012-08-06 19:19 -------- d--h--w- c:\programdata\Common Files
2012-08-06 19:19 . 2012-08-12 20:58 -------- d-----w- c:\programdata\MFAData
2012-08-06 18:42 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A9700A8-990C-408A-95D3-F1273A0E7343}\mpengine.dll
2012-08-02 01:01 . 2012-08-02 01:01 -------- d-----w- C:\Temp
2012-07-29 16:10 . 2012-07-29 16:10 -------- d-----w- c:\program files\CCleaner
2012-07-19 15:11 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 15:08 . 2011-11-09 16:18 126976 ----a-w- c:\windows\system32\UAService7.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-06 05:05 . 2012-07-11 15:09 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:08 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-23 13:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 13:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 13:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 13:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 13:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 13:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 13:27 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 13:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 13:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 15:09 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 15:09 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 15:09 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 15:09 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 15:09 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-02 18:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-26 08:39 . 2012-05-26 08:39 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-10 00:07 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-05-26 651264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-10 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-2 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 18:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-10-01 16:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 21:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 21:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2009-05-19 20:16 222504 ------w- c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.364.0\BBSvc.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netr73;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.364.0\SeaPort.exe [x]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-428573260-2283684235-4234069610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-428573260-2283684235-4234069610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-13 11:15:20
ComboFix-quarantined-files.txt 2012-08-13 09:15
ComboFix2.txt 2012-08-12 15:12
.
Před spuštěním: Volných bajtů: 15 379 787 776
Po spuštění: Volných bajtů: 15 197 237 248
.
- - End Of File - - EBB543E946DDC8ACD9E9EC4D32A639B5

Příspěvekod **jaro3** » 13 srp 2012 18:42

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Folder::
C:\found.000
c:\programdata\Norton

RegLock::
[HKEY_USERS\S-1-5-21-428573260-2283684235-4234069610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-428573260-2283684235-4234069610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Prosím o kontrolu logu nalezeny rootkit Vyřešeno

Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Re: Prosím o kontrolu logu nalezeny rootkit

Kdo je online