Prosím o kontrolu logu, PC je divné

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
Paulek155
Level 2.5
Level 2.5
Příspěvky: 381
Registrován: červenec 12
Pohlaví: Muž
Stav:
Offline

Prosím o kontrolu logu, PC je divné

Příspěvekod Paulek155 » 14 zář 2012 18:12

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:38, on 14.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... e04d73893e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\dataap~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--
End of file - 12958 bytes

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod jaro3 » 15 zář 2012 10:16

Divné , co je to za atribut?

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... e04d73893e
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - AppInit_DLLs: c:\docume~1\alluse~1\dataap~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Paulek155
Level 2.5
Level 2.5
Příspěvky: 381
Registrován: červenec 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod Paulek155 » 15 zář 2012 11:16

Tím divné jsem myslel že někdy jede celkem rychle a někdy mu to zas všechno trvá moc dlouho.


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Pavel :: PAVEL-A5C71F66F [administrátor]

15.9.2012 11:08:37
mbam-log-2012-09-15 (11-13-47).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 225614
Uplynulý čas: 4 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileDoumi (PUP.K.OpenTab) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Documents and Settings\Pavel\Data aplikací\FileDoumi\FileDoumi.exe (PUP.K.OpenTab) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Pavel\Data aplikací\FileDoumi\FileDoumiIconMS.exe (PUP.K.OpenTab) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Pavel\Data aplikací\FileDoumi\FileDoumiUnInstall.exe (PUP.K.OpenTab) -> Žádná instrukce nebyla provedena.

(konec)

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod memphisto » 15 zář 2012 11:28

- Takže spus znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
Paulek155
Level 2.5
Level 2.5
Příspěvky: 381
Registrován: červenec 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod Paulek155 » 15 zář 2012 12:30

Log z MbAM:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Pavel :: PAVEL-A5C71F66F [administrátor]

15.9.2012 11:31:22
mbam-log-2012-09-15 (11-31-22).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 225528
Uplynulý čas: 2 minut, 56 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileDoumi (PUP.K.OpenTab) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Documents and Settings\Pavel\Data aplikací\FileDoumi\FileDoumi.exe (PUP.K.OpenTab) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Pavel\Data aplikací\FileDoumi\FileDoumiIconMS.exe (PUP.K.OpenTab) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Pavel\Data aplikací\FileDoumi\FileDoumiUnInstall.exe (PUP.K.OpenTab) -> Umístnění do karantény a smazání se zdařilo.

(konec)

Uživatelský avatar
Paulek155
Level 2.5
Level 2.5
Příspěvky: 381
Registrován: červenec 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod Paulek155 » 15 zář 2012 12:31

Log z TDSSKiller:


12:08:19.0234 2908 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:08:25.0468 2908 ============================================================
12:08:25.0468 2908 Current date / time: 2012/09/15 12:08:25.0468
12:08:25.0468 2908 SystemInfo:
12:08:25.0468 2908
12:08:25.0468 2908 OS Version: 5.1.2600 ServicePack: 3.0
12:08:25.0468 2908 Product type: Workstation
12:08:25.0468 2908 ComputerName: PAVEL-A5C71F66F
12:08:25.0468 2908 UserName: Pavel
12:08:25.0468 2908 Windows directory: C:\WINDOWS
12:08:25.0468 2908 System windows directory: C:\WINDOWS
12:08:25.0468 2908 Processor architecture: Intel x86
12:08:25.0468 2908 Number of processors: 2
12:08:25.0468 2908 Page size: 0x1000
12:08:25.0468 2908 Boot type: Normal boot
12:08:25.0468 2908 ============================================================
12:08:26.0406 2908 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:08:26.0406 2908 ============================================================
12:08:26.0406 2908 \Device\Harddisk0\DR0:
12:08:26.0406 2908 MBR partitions:
12:08:26.0406 2908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:08:26.0406 2908 ============================================================
12:08:26.0437 2908 C: <-> \Device\Harddisk0\DR0\Partition0
12:08:26.0437 2908 ============================================================
12:08:26.0437 2908 Initialize success
12:08:26.0437 2908 ============================================================
12:08:31.0687 2640 ============================================================
12:08:31.0687 2640 Scan started
12:08:31.0687 2640 Mode: Manual;
12:08:31.0687 2640 ============================================================
12:08:31.0921 2640 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
12:08:31.0921 2640 61883 - ok
12:08:31.0921 2640 Abiosdsk - ok
12:08:31.0921 2640 abp480n5 - ok
12:08:31.0953 2640 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:08:31.0953 2640 ACPI - ok
12:08:31.0968 2640 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:08:31.0968 2640 ACPIEC - ok
12:08:32.0000 2640 ACS (f7f9513070cc9698c02acb747070e04c) C:\WINDOWS\system32\acs.exe
12:08:32.0000 2640 ACS - ok
12:08:32.0031 2640 AdobeFlashPlayerUpdateSvc (a9d3b95e8466bd58eeb8a1154654e162) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:08:32.0062 2640 AdobeFlashPlayerUpdateSvc - ok
12:08:32.0062 2640 adpu160m - ok
12:08:32.0171 2640 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
12:08:32.0171 2640 AdvancedSystemCareService5 - ok
12:08:32.0187 2640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:08:32.0234 2640 aec - ok
12:08:32.0250 2640 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:08:32.0250 2640 AegisP - ok
12:08:32.0281 2640 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:08:32.0296 2640 AFD - ok
12:08:32.0296 2640 Aha154x - ok
12:08:32.0296 2640 aic78u2 - ok
12:08:32.0296 2640 aic78xx - ok
12:08:32.0312 2640 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
12:08:32.0312 2640 Alerter - ok
12:08:32.0328 2640 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
12:08:32.0328 2640 ALG - ok
12:08:32.0328 2640 AliIde - ok
12:08:32.0437 2640 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:08:32.0468 2640 Ambfilt - ok
12:08:32.0562 2640 amsint - ok
12:08:32.0625 2640 Apple Mobile Device (b8e865d24f2753a35cc2a9a6a3ce1ad4) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:08:32.0640 2640 Apple Mobile Device - ok
12:08:32.0640 2640 AppMgmt - ok
12:08:32.0671 2640 AR5211 (cb27109c47f900526959f4eb7e15b047) C:\WINDOWS\system32\DRIVERS\ar5211.sys
12:08:32.0718 2640 AR5211 - ok
12:08:32.0828 2640 AR5416 (572d2cda0b0131cb4dbb31981ec75b49) C:\WINDOWS\system32\DRIVERS\athw.sys
12:08:32.0890 2640 AR5416 - ok
12:08:32.0937 2640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:08:32.0953 2640 Arp1394 - ok
12:08:32.0953 2640 asc - ok
12:08:32.0953 2640 asc3350p - ok
12:08:32.0953 2640 asc3550 - ok
12:08:33.0015 2640 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:08:33.0015 2640 aspnet_state - ok
12:08:33.0031 2640 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb32.sys
12:08:33.0031 2640 asusgsb - ok
12:08:33.0046 2640 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
12:08:33.0046 2640 asuskbnt - ok
12:08:33.0062 2640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:08:33.0062 2640 AsyncMac - ok
12:08:33.0078 2640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:08:33.0078 2640 atapi - ok
12:08:33.0093 2640 Atdisk - ok
12:08:33.0109 2640 ATKKeyboardService (f6a30cf0e7280415ddea40b0262339c6) C:\WINDOWS\ATKKBService.exe
12:08:33.0109 2640 ATKKeyboardService - ok
12:08:33.0125 2640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:08:33.0125 2640 Atmarpc - ok
12:08:33.0156 2640 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
12:08:33.0156 2640 AudioSrv - ok
12:08:33.0156 2640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:08:33.0156 2640 audstub - ok
12:08:33.0187 2640 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
12:08:33.0187 2640 Avc - ok
12:08:33.0234 2640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:08:33.0234 2640 Beep - ok
12:08:33.0250 2640 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
12:08:33.0250 2640 BIOS - ok
12:08:33.0281 2640 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
12:08:33.0296 2640 BITS - ok
12:08:33.0328 2640 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
12:08:33.0343 2640 Bonjour Service - ok
12:08:33.0359 2640 Browser (89e739bba5f636297ea5b5f811189e06) C:\WINDOWS\System32\browser.dll
12:08:33.0359 2640 Browser - ok
12:08:33.0578 2640 Browser Manager (29e54364a884ff064b76fa1a2bea3d60) C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
12:08:33.0609 2640 Browser Manager - ok
12:08:33.0750 2640 Cap7134 (b1f7ae583377529c2c084a1ffb0aa756) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
12:08:33.0765 2640 Cap7134 - ok
12:08:33.0796 2640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:08:33.0796 2640 cbidf2k - ok
12:08:33.0812 2640 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:08:33.0812 2640 CCDECODE - ok
12:08:33.0812 2640 cd20xrnt - ok
12:08:33.0812 2640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:08:33.0812 2640 Cdaudio - ok
12:08:33.0843 2640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:08:33.0843 2640 Cdfs - ok
12:08:33.0875 2640 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
12:08:33.0875 2640 cdrbsdrv - ok
12:08:33.0890 2640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:08:33.0890 2640 Cdrom - ok
12:08:33.0890 2640 Changer - ok
12:08:33.0921 2640 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
12:08:33.0921 2640 CiSvc - ok
12:08:33.0953 2640 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
12:08:33.0953 2640 ClipSrv - ok
12:08:33.0984 2640 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:33.0984 2640 clr_optimization_v2.0.50727_32 - ok
12:08:34.0031 2640 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:34.0062 2640 clr_optimization_v4.0.30319_32 - ok
12:08:34.0062 2640 CmdIde - ok
12:08:34.0078 2640 COMSysApp - ok
12:08:34.0078 2640 Cpqarray - ok
12:08:34.0109 2640 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
12:08:34.0109 2640 cpuz135 - ok
12:08:34.0109 2640 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
12:08:34.0109 2640 CryptSvc - ok
12:08:34.0109 2640 dac2w2k - ok
12:08:34.0109 2640 dac960nt - ok
12:08:34.0156 2640 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
12:08:34.0156 2640 DcomLaunch - ok
12:08:34.0187 2640 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
12:08:34.0187 2640 Dhcp - ok
12:08:34.0187 2640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:08:34.0187 2640 Disk - ok
12:08:34.0203 2640 dmadmin - ok
12:08:34.0250 2640 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
12:08:34.0265 2640 dmboot - ok
12:08:34.0265 2640 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
12:08:34.0281 2640 dmio - ok
12:08:34.0281 2640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:08:34.0281 2640 dmload - ok
12:08:34.0312 2640 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
12:08:34.0312 2640 dmserver - ok
12:08:34.0312 2640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:08:34.0312 2640 DMusic - ok
12:08:34.0359 2640 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
12:08:34.0359 2640 Dnscache - ok
12:08:34.0375 2640 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
12:08:34.0390 2640 Dot3svc - ok
12:08:34.0390 2640 dpti2o - ok
12:08:34.0390 2640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:08:34.0390 2640 drmkaud - ok
12:08:34.0421 2640 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
12:08:34.0421 2640 eamon - ok
12:08:34.0437 2640 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
12:08:34.0437 2640 EapHost - ok
12:08:34.0453 2640 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:08:34.0453 2640 ehdrv - ok
12:08:34.0484 2640 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
12:08:34.0484 2640 EIO - ok
12:08:34.0578 2640 ekrn (3b944199f8edd76be94460c0361409ab) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:08:34.0593 2640 ekrn - ok
12:08:34.0609 2640 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:08:34.0609 2640 epfwtdir - ok
12:08:34.0625 2640 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
12:08:34.0625 2640 ERSvc - ok
12:08:34.0656 2640 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:08:34.0703 2640 Eventlog - ok
12:08:34.0734 2640 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
12:08:34.0734 2640 EventSystem - ok
12:08:34.0750 2640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:08:34.0765 2640 Fastfat - ok
12:08:34.0781 2640 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:08:34.0796 2640 FastUserSwitchingCompatibility - ok
12:08:34.0828 2640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:08:34.0828 2640 Fdc - ok
12:08:34.0828 2640 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
12:08:34.0828 2640 Fips - ok
12:08:34.0843 2640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:08:34.0843 2640 Flpydisk - ok
12:08:34.0859 2640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:08:34.0859 2640 FltMgr - ok
12:08:34.0921 2640 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:08:34.0921 2640 FontCache3.0.0.0 - ok
12:08:34.0921 2640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:08:34.0937 2640 Fs_Rec - ok
12:08:34.0937 2640 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:08:34.0937 2640 Ftdisk - ok
12:08:34.0953 2640 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:08:34.0953 2640 GEARAspiWDM - ok
12:08:34.0953 2640 GMSIPCI - ok
12:08:34.0984 2640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:08:34.0984 2640 Gpc - ok
12:08:35.0000 2640 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:08:35.0000 2640 hamachi - ok
12:08:35.0015 2640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:08:35.0031 2640 HDAudBus - ok
12:08:35.0046 2640 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:08:35.0046 2640 helpsvc - ok
12:08:35.0062 2640 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
12:08:35.0062 2640 HidServ - ok
12:08:35.0078 2640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:08:35.0078 2640 HidUsb - ok
12:08:35.0109 2640 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
12:08:35.0109 2640 hkmsvc - ok
12:08:35.0109 2640 hpn - ok
12:08:35.0125 2640 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:08:35.0125 2640 HPZid412 - ok
12:08:35.0156 2640 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:08:35.0156 2640 HPZipr12 - ok
12:08:35.0171 2640 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:08:35.0171 2640 HPZius12 - ok
12:08:35.0203 2640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:08:35.0218 2640 HTTP - ok
12:08:35.0234 2640 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
12:08:35.0234 2640 HTTPFilter - ok
12:08:35.0234 2640 i2omgmt - ok
12:08:35.0234 2640 i2omp - ok
12:08:35.0265 2640 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:08:35.0265 2640 i8042prt - ok
12:08:35.0343 2640 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:08:35.0343 2640 IDriverT - ok
12:08:35.0406 2640 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:08:35.0468 2640 idsvc - ok
12:08:35.0468 2640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:08:35.0468 2640 Imapi - ok
12:08:35.0484 2640 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
12:08:35.0500 2640 ImapiService - ok
12:08:35.0500 2640 ini910u - ok
12:08:35.0828 2640 IntcAzAudAddService (063dd51cbdc37b8668e09148e0a118bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:08:35.0859 2640 IntcAzAudAddService - ok
12:08:35.0968 2640 IntelIde - ok
12:08:35.0968 2640 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:08:35.0984 2640 intelppm - ok
12:08:35.0984 2640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:08:35.0984 2640 Ip6Fw - ok
12:08:36.0000 2640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:08:36.0000 2640 IpFilterDriver - ok
12:08:36.0000 2640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:08:36.0000 2640 IpInIp - ok
12:08:36.0015 2640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:08:36.0062 2640 IpNat - ok
12:08:36.0109 2640 iPod Service (d2e8efb8af35fcf5a7af22f5a0ce1a82) C:\Program Files\iPod\bin\iPodService.exe
12:08:36.0125 2640 iPod Service - ok
12:08:36.0156 2640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:08:36.0156 2640 IPSec - ok
12:08:36.0171 2640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:08:36.0171 2640 IRENUM - ok
12:08:36.0203 2640 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:08:36.0203 2640 isapnp - ok
12:08:36.0234 2640 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
12:08:36.0265 2640 JavaQuickStarterService - ok
12:08:36.0281 2640 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:08:36.0281 2640 Kbdclass - ok
12:08:36.0281 2640 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:08:36.0296 2640 kbdhid - ok
12:08:36.0312 2640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:08:36.0312 2640 kmixer - ok
12:08:36.0328 2640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:08:36.0328 2640 KSecDD - ok
12:08:36.0343 2640 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
12:08:36.0343 2640 lanmanserver - ok
12:08:36.0375 2640 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
12:08:36.0375 2640 lanmanworkstation - ok
12:08:36.0375 2640 lbrtfdc - ok
12:08:36.0437 2640 LightScribeService (c12476de1affb1bba1a48a459ceb3d39) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:08:36.0437 2640 LightScribeService - ok
12:08:36.0453 2640 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
12:08:36.0453 2640 LmHosts - ok
12:08:36.0468 2640 MarvinBus (d51e16339213898bc20c58670274ec3e) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
12:08:36.0468 2640 MarvinBus - ok
12:08:36.0484 2640 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
12:08:36.0500 2640 Messenger - ok
12:08:36.0515 2640 Microsoft SharePoint Workspace Audit Service - ok
12:08:36.0531 2640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:08:36.0531 2640 mnmdd - ok
12:08:36.0562 2640 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
12:08:36.0562 2640 mnmsrvc - ok
12:08:36.0578 2640 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
12:08:36.0578 2640 Modem - ok
12:08:36.0656 2640 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
12:08:36.0703 2640 Monfilt - ok
12:08:36.0828 2640 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:08:36.0828 2640 Mouclass - ok
12:08:36.0843 2640 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:08:36.0843 2640 mouhid - ok
12:08:36.0859 2640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:08:36.0859 2640 MountMgr - ok
12:08:36.0921 2640 MozillaMaintenance (cb8af049ac9be419a77adae288673359) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:08:36.0921 2640 MozillaMaintenance - ok
12:08:36.0921 2640 mraid35x - ok
12:08:36.0937 2640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:08:36.0984 2640 MRxDAV - ok
12:08:37.0015 2640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:08:37.0046 2640 MRxSmb - ok
12:08:37.0062 2640 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
12:08:37.0062 2640 MSDTC - ok
12:08:37.0078 2640 MSDV (8575d788395c4d6378d98d1ed7cdadb9) C:\WINDOWS\system32\DRIVERS\msdv.sys
12:08:37.0078 2640 MSDV - ok
12:08:37.0078 2640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:08:37.0078 2640 Msfs - ok
12:08:37.0078 2640 MSIServer - ok
12:08:37.0078 2640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:08:37.0093 2640 MSKSSRV - ok
12:08:37.0093 2640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:08:37.0093 2640 MSPCLOCK - ok
12:08:37.0093 2640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:08:37.0093 2640 MSPQM - ok
12:08:37.0125 2640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:08:37.0125 2640 mssmbios - ok
12:08:37.0156 2640 MSSQL$SQLEXPRESS - ok
12:08:37.0218 2640 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:08:37.0218 2640 MSSQLServerADHelper100 - ok
12:08:37.0234 2640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:08:37.0234 2640 MSTEE - ok
12:08:37.0250 2640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:08:37.0250 2640 Mup - ok
12:08:37.0281 2640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:08:37.0281 2640 NABTSFEC - ok
12:08:37.0312 2640 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
12:08:37.0328 2640 napagent - ok
12:08:37.0390 2640 NBService (89844c3d3a7aae8999e229c88e452633) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:08:37.0453 2640 NBService - ok
12:08:37.0468 2640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:08:37.0468 2640 NDIS - ok
12:08:37.0484 2640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:08:37.0484 2640 NdisIP - ok
12:08:37.0500 2640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:08:37.0500 2640 NdisTapi - ok
12:08:37.0515 2640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:08:37.0515 2640 Ndisuio - ok
12:08:37.0515 2640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:08:37.0515 2640 NdisWan - ok
12:08:37.0546 2640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:08:37.0546 2640 NDProxy - ok
12:08:37.0562 2640 Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\WINDOWS\system32\HPZinw12.dll
12:08:37.0562 2640 Net Driver HPZ12 - ok
12:08:37.0609 2640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:08:37.0609 2640 NetBIOS - ok
12:08:37.0625 2640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:08:37.0656 2640 NetBT - ok
12:08:37.0687 2640 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:08:37.0687 2640 NetDDE - ok
12:08:37.0687 2640 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:08:37.0687 2640 NetDDEdsdm - ok
12:08:37.0703 2640 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:08:37.0703 2640 Netlogon - ok
12:08:37.0718 2640 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
12:08:37.0734 2640 Netman - ok
12:08:37.0812 2640 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:37.0812 2640 NetTcpPortSharing - ok
12:08:37.0828 2640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:08:37.0828 2640 NIC1394 - ok
12:08:37.0859 2640 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
12:08:37.0906 2640 Nla - ok
12:08:37.0968 2640 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:08:37.0984 2640 NMIndexingService - ok
12:08:38.0000 2640 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
12:08:38.0000 2640 nmwcd - ok
12:08:38.0015 2640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:08:38.0015 2640 Npfs - ok
12:08:38.0015 2640 NTACCESS - ok
12:08:38.0046 2640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:08:38.0109 2640 Ntfs - ok
12:08:38.0125 2640 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:08:38.0125 2640 NtLmSsp - ok
12:08:38.0171 2640 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
12:08:38.0187 2640 NtmsSvc - ok
12:08:38.0218 2640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:08:38.0218 2640 Null - ok
12:08:38.0875 2640 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:08:39.0171 2640 nv - ok
12:08:39.0281 2640 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
12:08:39.0281 2640 NVSvc - ok
12:08:39.0390 2640 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:08:39.0453 2640 nvUpdatusService - ok
12:08:39.0531 2640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:08:39.0531 2640 NwlnkFlt - ok
12:08:39.0531 2640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:08:39.0531 2640 NwlnkFwd - ok
12:08:39.0531 2640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:08:39.0546 2640 ohci1394 - ok
12:08:39.0671 2640 OODefragAgent (e0b8e85e67099ffd7f8efd4f2b226516) C:\Program Files\OO Software\Defrag\oodag.exe
12:08:39.0750 2640 OODefragAgent - ok
12:08:39.0796 2640 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:08:39.0812 2640 ose - ok
12:08:40.0031 2640 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:08:40.0125 2640 osppsvc - ok
12:08:40.0187 2640 PAC207 (5489b567cdd6ae216519caca7cc700e9) C:\WINDOWS\system32\DRIVERS\pfc027.sys
12:08:40.0234 2640 PAC207 - ok
12:08:40.0250 2640 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
12:08:40.0250 2640 Parport - ok
12:08:40.0265 2640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:08:40.0265 2640 PartMgr - ok
12:08:40.0281 2640 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
12:08:40.0281 2640 ParVdm - ok
12:08:40.0296 2640 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
12:08:40.0296 2640 PCI - ok
12:08:40.0296 2640 PCIDump - ok
12:08:40.0296 2640 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:08:40.0296 2640 PCIIde - ok
12:08:40.0328 2640 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
12:08:40.0328 2640 PCLEPCI - ok
12:08:40.0343 2640 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:08:40.0343 2640 Pcmcia - ok
12:08:40.0359 2640 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:08:40.0359 2640 pcouffin - ok
12:08:40.0359 2640 PDCOMP - ok
12:08:40.0375 2640 PDFRAME - ok
12:08:40.0375 2640 PDRELI - ok
12:08:40.0375 2640 PDRFRAME - ok
12:08:40.0375 2640 perc2 - ok
12:08:40.0390 2640 perc2hib - ok
12:08:40.0406 2640 PhTVTune (e1644e126aafc812f4ced752d18eaa43) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
12:08:40.0406 2640 PhTVTune - ok
12:08:40.0437 2640 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:08:40.0437 2640 PlugPlay - ok
12:08:40.0484 2640 Pml Driver HPZ12 (f0efaf6000e9fcbd77f769d527ce5f9d) C:\WINDOWS\system32\HPZipm12.dll
12:08:40.0484 2640 Pml Driver HPZ12 - ok
12:08:40.0500 2640 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
12:08:40.0515 2640 PnkBstrA - ok
12:08:40.0515 2640 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:08:40.0515 2640 PolicyAgent - ok
12:08:40.0531 2640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:08:40.0531 2640 PptpMiniport - ok
12:08:40.0531 2640 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:08:40.0546 2640 ProtectedStorage - ok
12:08:40.0546 2640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:08:40.0546 2640 PSched - ok
12:08:40.0546 2640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:08:40.0546 2640 Ptilink - ok
12:08:40.0562 2640 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:08:40.0562 2640 PxHelp20 - ok
12:08:40.0562 2640 ql1080 - ok
12:08:40.0578 2640 Ql10wnt - ok
12:08:40.0578 2640 ql12160 - ok
12:08:40.0578 2640 ql1240 - ok
12:08:40.0578 2640 ql1280 - ok
12:08:40.0609 2640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:08:40.0609 2640 RasAcd - ok
12:08:40.0625 2640 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
12:08:40.0625 2640 RasAuto - ok
12:08:40.0640 2640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:08:40.0640 2640 Rasl2tp - ok
12:08:40.0671 2640 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
12:08:40.0687 2640 RasMan - ok
12:08:40.0687 2640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:08:40.0687 2640 RasPppoe - ok
12:08:40.0687 2640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:08:40.0687 2640 Raspti - ok
12:08:40.0703 2640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:08:40.0718 2640 Rdbss - ok
12:08:40.0718 2640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:08:40.0718 2640 RDPCDD - ok
12:08:40.0750 2640 RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
12:08:40.0750 2640 RDPWD - ok
12:08:40.0765 2640 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
12:08:40.0765 2640 RDSessMgr - ok
12:08:40.0843 2640 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:08:40.0875 2640 redbook - ok
12:08:40.0921 2640 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
12:08:40.0921 2640 RemoteAccess - ok
12:08:40.0937 2640 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
12:08:40.0937 2640 RpcLocator - ok
12:08:40.0953 2640 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
12:08:40.0953 2640 RpcSs - ok
12:08:40.0984 2640 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
12:08:41.0031 2640 RsFx0103 - ok
12:08:41.0062 2640 RSUSBSTOR (247b0a8164069cd4fe6f3094c581b13b) C:\WINDOWS\system32\Drivers\RtsUStor.sys
12:08:41.0062 2640 RSUSBSTOR - ok
12:08:41.0093 2640 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
12:08:41.0093 2640 RSVP - ok
12:08:41.0140 2640 RTLE8023xp (d3578c3806ed545e5c36b2a20f5c0b5a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:08:41.0140 2640 RTLE8023xp - ok
12:08:41.0156 2640 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:08:41.0156 2640 SamSs - ok
12:08:41.0187 2640 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
12:08:41.0187 2640 SCardSvr - ok
12:08:41.0203 2640 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
12:08:41.0234 2640 Schedule - ok
12:08:41.0281 2640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:08:41.0281 2640 Secdrv - ok
12:08:41.0296 2640 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
12:08:41.0296 2640 seclogon - ok
12:08:41.0296 2640 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
12:08:41.0312 2640 SENS - ok
12:08:41.0328 2640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:08:41.0328 2640 serenum - ok
12:08:41.0328 2640 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
12:08:41.0328 2640 Serial - ok
12:08:41.0359 2640 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
12:08:41.0375 2640 sfdrv01 - ok
12:08:41.0375 2640 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
12:08:41.0375 2640 sfhlp02 - ok
12:08:41.0390 2640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:08:41.0390 2640 Sfloppy - ok
12:08:41.0390 2640 sfsync02 (6120e41228a3718d8376437fe135dd4d) C:\WINDOWS\system32\drivers\sfsync02.sys
12:08:41.0390 2640 sfsync02 - ok
12:08:41.0406 2640 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
12:08:41.0406 2640 sfvfs02 - ok
12:08:41.0437 2640 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
12:08:41.0484 2640 SharedAccess - ok
12:08:41.0515 2640 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:08:41.0515 2640 ShellHWDetection - ok
12:08:41.0515 2640 Simbad - ok
12:08:41.0531 2640 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:08:41.0531 2640 SLIP - ok
12:08:41.0546 2640 Sparrow - ok
12:08:41.0562 2640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:08:41.0562 2640 splitter - ok
12:08:41.0593 2640 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:08:41.0593 2640 Spooler - ok
12:08:41.0671 2640 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:08:41.0671 2640 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:08:41.0671 2640 sptd ( LockedFile.Multi.Generic ) - warning
12:08:41.0671 2640 sptd - detected LockedFile.Multi.Generic (1)
12:08:41.0781 2640 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
12:08:41.0796 2640 SQLAgent$SQLEXPRESS - ok
12:08:41.0812 2640 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:08:41.0875 2640 SQLBrowser - ok
12:08:41.0890 2640 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:08:41.0890 2640 SQLWriter - ok
12:08:41.0968 2640 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:41.0968 2640 sr - ok
12:08:42.0031 2640 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
12:08:42.0046 2640 srservice - ok
12:08:42.0062 2640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:42.0062 2640 Srv - ok
12:08:42.0093 2640 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
12:08:42.0093 2640 SSDPSRV - ok
12:08:42.0125 2640 STI Simulator (ed78dfad8efcdfbc89500492c4d14645) C:\WINDOWS\System32\PAStiSvc.exe
12:08:42.0125 2640 STI Simulator - ok
12:08:42.0156 2640 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
12:08:42.0203 2640 stisvc - ok
12:08:42.0250 2640 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:08:42.0250 2640 streamip - ok
12:08:42.0265 2640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:42.0265 2640 swenum - ok
12:08:42.0312 2640 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:08:42.0328 2640 SwitchBoard - ok
12:08:42.0343 2640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:08:42.0343 2640 swmidi - ok
12:08:42.0343 2640 SwPrv - ok
12:08:42.0359 2640 symc810 - ok
12:08:42.0359 2640 symc8xx - ok
12:08:42.0359 2640 sym_hi - ok
12:08:42.0375 2640 sym_u3 - ok
12:08:42.0375 2640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:42.0375 2640 sysaudio - ok
12:08:42.0390 2640 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
12:08:42.0406 2640 SysmonLog - ok
12:08:42.0421 2640 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
12:08:42.0468 2640 TapiSrv - ok
12:08:42.0515 2640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:42.0515 2640 Tcpip - ok
12:08:42.0531 2640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:42.0531 2640 TDPIPE - ok
12:08:42.0531 2640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:42.0531 2640 TDTCP - ok
12:08:42.0546 2640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:42.0546 2640 TermDD - ok
12:08:42.0593 2640 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
12:08:42.0609 2640 TermService - ok
12:08:42.0625 2640 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
12:08:42.0671 2640 tffsport - ok
12:08:42.0703 2640 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:08:42.0703 2640 Themes - ok
12:08:42.0703 2640 TosIde - ok
12:08:42.0734 2640 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
12:08:42.0734 2640 TrkWks - ok
12:08:42.0765 2640 TuneUp.Defrag (233fcd3443cfbbaa27e7e463dccbc528) C:\WINDOWS\System32\TuneUpDefragService.exe
12:08:42.0828 2640 TuneUp.Defrag - ok
12:08:42.0843 2640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:08:42.0843 2640 Udfs - ok
12:08:42.0843 2640 ultra - ok
12:08:42.0875 2640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:08:42.0921 2640 Update - ok
12:08:42.0937 2640 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
12:08:42.0984 2640 upnphost - ok
12:08:43.0000 2640 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
12:08:43.0000 2640 UPS - ok
12:08:43.0015 2640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:08:43.0015 2640 usbaudio - ok
12:08:43.0031 2640 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
12:08:43.0046 2640 usbbus - ok
12:08:43.0062 2640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:08:43.0062 2640 usbccgp - ok
12:08:43.0078 2640 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
12:08:43.0078 2640 UsbDiag - ok
12:08:43.0093 2640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:08:43.0093 2640 usbehci - ok
12:08:43.0109 2640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:08:43.0109 2640 usbhub - ok
12:08:43.0125 2640 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
12:08:43.0125 2640 USBModem - ok
12:08:43.0125 2640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:08:43.0125 2640 usbprint - ok
12:08:43.0156 2640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:08:43.0156 2640 usbscan - ok
12:08:43.0171 2640 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:08:43.0171 2640 usbstor - ok
12:08:43.0187 2640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:08:43.0187 2640 usbuhci - ok
12:08:43.0203 2640 UxTuneUp (25895cc7c3f101419a9ed1bf65a8bd62) C:\WINDOWS\System32\uxtuneup.dll
12:08:43.0203 2640 UxTuneUp - ok
12:08:43.0203 2640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:08:43.0218 2640 VgaSave - ok
12:08:43.0218 2640 ViaIde - ok
12:08:43.0265 2640 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
12:08:43.0265 2640 Video3D - ok
12:08:43.0265 2640 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:43.0265 2640 VolSnap - ok
12:08:43.0296 2640 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
12:08:43.0312 2640 VSS - ok
12:08:43.0328 2640 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
12:08:43.0375 2640 W32Time - ok
12:08:43.0390 2640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:08:43.0390 2640 Wanarp - ok
12:08:43.0437 2640 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:08:43.0453 2640 Wdf01000 - ok
12:08:43.0453 2640 WDICA - ok
12:08:43.0468 2640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:08:43.0468 2640 wdmaud - ok
12:08:43.0531 2640 Web Assistant Updater (ce2c4578a8d8265a6c3fd131959ba2fa) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
12:08:43.0546 2640 Web Assistant Updater - ok
12:08:43.0562 2640 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
12:08:43.0562 2640 WebClient - ok
12:08:43.0640 2640 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:08:43.0687 2640 winmgmt - ok
12:08:43.0750 2640 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
12:08:43.0781 2640 WinRM - ok
12:08:43.0812 2640 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:08:43.0812 2640 WmdmPmSN - ok
12:08:43.0828 2640 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:08:43.0828 2640 WmiApSrv - ok
12:08:43.0906 2640 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:08:43.0937 2640 WMPNetworkSvc - ok
12:08:43.0953 2640 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:08:43.0953 2640 WpdUsb - ok
12:08:44.0093 2640 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:08:44.0109 2640 WPFFontCache_v0400 - ok
12:08:44.0140 2640 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:08:44.0140 2640 WS2IFSL - ok
12:08:44.0171 2640 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
12:08:44.0171 2640 wscsvc - ok
12:08:44.0187 2640 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
12:08:44.0187 2640 WSIMD - ok
12:08:44.0203 2640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:08:44.0203 2640 WSTCODEC - ok
12:08:44.0218 2640 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
12:08:44.0218 2640 wuauserv - ok
12:08:44.0250 2640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:08:44.0250 2640 WudfPf - ok
12:08:44.0250 2640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:08:44.0250 2640 WudfRd - ok
12:08:44.0265 2640 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:08:44.0281 2640 WudfSvc - ok
12:08:44.0328 2640 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
12:08:44.0375 2640 WZCSVC - ok
12:08:44.0406 2640 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
12:08:44.0421 2640 xmlprov - ok
12:08:44.0437 2640 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
12:08:44.0718 2640 \Device\Harddisk0\DR0 - ok
12:08:44.0718 2640 Boot (0x1200) (8e09eb9ef6985b77ecf09cdf3f9b5cce) \Device\Harddisk0\DR0\Partition0
12:08:44.0718 2640 \Device\Harddisk0\DR0\Partition0 - ok
12:08:44.0718 2640 ============================================================
12:08:44.0718 2640 Scan finished
12:08:44.0718 2640 ============================================================
12:08:44.0734 3724 Detected object count: 1
12:08:44.0734 3724 Actual detected object count: 1
12:08:51.0937 3724 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:08:51.0937 3724 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:08:55.0843 2904 Deinitialize success

Uživatelský avatar
Paulek155
Level 2.5
Level 2.5
Příspěvky: 381
Registrován: červenec 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod Paulek155 » 15 zář 2012 12:32

Log z ComboFix:


ComboFix 12-09-14.03 - Pavel 15.09.2012 12:17:35.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1144 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-15 do 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-09 14:22 . 2012-09-06 01:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 16:22 . 2012-09-08 16:24 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Philipp Winterberg
2012-09-07 14:51 . 2012-09-07 14:52 -------- d-----w- c:\program files\RAR Password Cracker
2012-09-06 09:34 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-09-04 14:19 . 2012-09-04 14:19 -------- d-----w- c:\program files\ESET
2012-09-04 14:19 . 2012-09-04 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-27 17:11 . 2012-08-27 17:11 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\FLT
2012-08-27 17:01 . 2012-08-27 17:06 -------- d-----w- c:\program files\Orcs Must Die 2
2012-08-25 17:58 . 2012-08-25 17:58 -------- d-----w- C:\World_of_Tanks_Setup
2012-08-16 12:06 . 2012-08-16 13:55 -------- d-----w- C:\bf9fa3b10f1fd9ecee86be57c18d0a4c
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2011-08-28 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 05:25 . 2011-09-19 17:21 188128 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-08-15 13:35 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 13:35 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-12 11:39 . 2012-08-12 11:40 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-08-12 11:39 . 2012-08-12 11:40 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-16 16:23 . 2012-07-16 16:29 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:23 . 2012-07-16 16:29 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:23 . 2012-07-16 16:29 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-09-30 12:33 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 21:30 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-09-06 01:26 . 2012-05-27 11:57 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2012-07-16 219008]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Games\\World_of_Tanks_Physics_Preview\\WorldOfTanks.exe"=
"c:\\Program Files\\Orcs Must Die 2\\build\\release\\OrcsMustDie2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [13.9.2012 17:53 1701400]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17.3.2012 12:13 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 13:35]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-09-15 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?s=C8Ca106&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-15 12:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2944)
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-09-15 12:27:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-15 10:27
.
Před spuštěním: Volných bajtů: 36 497 326 080
Po spuštění: Volných bajtů: 36 350 042 112
.
- - End Of File - - 9B791BCE318673FB4FA89BE52B070CAC

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod memphisto » 15 zář 2012 21:53

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
DirLook::
C:\bf9fa3b10f1fd9ecee86be57c18d0a4c

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=-

Driver::
cpuz135

File::
c:\windows\system32\drivers\cpuz135_x32.sys

Firefox::
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?s=C8Ca106&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
Paulek155
Level 2.5
Level 2.5
Příspěvky: 381
Registrován: červenec 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod Paulek155 » 16 zář 2012 09:14

Tady je ten log:


ComboFix 12-09-14.03 - Pavel 16.09.2012 9:02.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1260 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\drivers\cpuz135_x32.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\cpuz135_x32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ135
-------\Service_cpuz135
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-16 do 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-15 10:33 . 2012-09-15 10:34 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Temporary Projects
2012-09-09 14:22 . 2012-09-06 01:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 16:22 . 2012-09-08 16:24 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Philipp Winterberg
2012-09-07 14:51 . 2012-09-07 14:52 -------- d-----w- c:\program files\RAR Password Cracker
2012-09-06 09:34 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-09-04 14:19 . 2012-09-04 14:19 -------- d-----w- c:\program files\ESET
2012-09-04 14:19 . 2012-09-04 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-27 17:11 . 2012-08-27 17:11 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\FLT
2012-08-27 17:01 . 2012-08-27 17:06 -------- d-----w- c:\program files\Orcs Must Die 2
2012-08-25 17:58 . 2012-08-25 17:58 -------- d-----w- C:\World_of_Tanks_Setup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2011-08-28 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 05:25 . 2011-09-19 17:21 188128 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-08-15 13:35 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 13:35 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-12 11:39 . 2012-08-12 11:40 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-08-12 11:39 . 2012-08-12 11:40 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-16 16:23 . 2012-07-16 16:29 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:23 . 2012-07-16 16:29 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:23 . 2012-07-16 16:29 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-09-30 12:33 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 21:30 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-09-06 01:26 . 2012-05-27 11:57 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\bf9fa3b10f1fd9ecee86be57c18d0a4c ----
.
2011-06-09 01:02 . 2011-06-09 01:02 496640 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\vstor40_x86.msi
2011-06-09 01:00 . 2011-06-09 01:00 2250619 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\vstor40_x86.cab
2011-06-09 00:54 . 2011-06-09 00:54 48992 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1053.dll
2011-06-09 00:54 . 2011-06-09 00:54 49504 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1049.dll
2011-06-09 00:54 . 2011-06-09 00:54 49504 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1046.dll
2011-06-09 00:54 . 2011-06-09 00:54 48992 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1044.dll
2011-06-09 00:54 . 2011-06-09 00:54 51040 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1045.dll
2011-06-09 00:54 . 2011-06-09 00:54 51040 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1043.dll
2011-06-09 00:54 . 2011-06-09 00:54 42848 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1037.dll
2011-06-09 00:54 . 2011-06-09 00:54 48480 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1035.dll
2011-06-09 00:54 . 2011-06-09 00:54 44896 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1025.dll
2011-06-09 00:54 . 2011-06-09 00:54 49504 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1030.dll
2011-06-09 00:54 . 2011-06-09 00:54 37728 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1041.dll
2011-06-09 00:54 . 2011-06-09 00:54 36192 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1042.dll
2011-06-09 00:54 . 2011-06-09 00:54 52064 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1040.dll
2011-06-09 00:54 . 2011-06-09 00:54 53600 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1036.dll
2011-06-09 00:54 . 2011-06-09 00:54 53088 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1031.dll
2011-06-09 00:54 . 2011-06-09 00:54 52576 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.3082.dll
2011-06-09 00:54 . 2011-06-09 00:54 32096 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1028.dll
2011-06-09 00:54 . 2011-06-09 00:54 31584 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.2052.dll
2011-06-09 00:53 . 2011-06-09 00:53 47456 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.res.1033.dll
2011-06-09 00:53 . 2011-06-09 00:53 596304 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.exe
2011-06-09 00:44 . 2011-06-09 00:44 3216 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\globdata.ini
2011-06-09 00:44 . 2011-06-09 00:44 13144 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\install.ini
2011-06-09 00:16 . 2011-06-09 00:16 9732 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1025.txt
2011-06-09 00:16 . 2011-06-09 00:16 3840 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1028.txt
2011-06-09 00:16 . 2011-06-09 00:16 11254 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1030.txt
2011-06-09 00:16 . 2011-06-09 00:16 15216 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1031.txt
2011-06-09 00:16 . 2011-06-09 00:16 9698 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1033.txt
2011-06-09 00:16 . 2011-06-09 00:16 12140 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1035.txt
2011-06-09 00:16 . 2011-06-09 00:16 12026 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1036.txt
2011-06-09 00:16 . 2011-06-09 00:16 8334 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1037.txt
2011-06-09 00:16 . 2011-06-09 00:16 13730 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1040.txt
2011-06-09 00:16 . 2011-06-09 00:16 5688 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1041.txt
2011-06-09 00:16 . 2011-06-09 00:16 5848 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1042.txt
2011-06-09 00:16 . 2011-06-09 00:16 12290 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1043.txt
2011-06-09 00:16 . 2011-06-09 00:16 11576 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1044.txt
2011-06-09 00:16 . 2011-06-09 00:16 13082 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1045.txt
2011-06-09 00:16 . 2011-06-09 00:16 11036 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1046.txt
2011-06-09 00:16 . 2011-06-09 00:16 13568 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1049.txt
2011-06-09 00:16 . 2011-06-09 00:16 11054 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.1053.txt
2011-06-09 00:16 . 2011-06-09 00:16 3846 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.2052.txt
2011-06-09 00:16 . 2011-06-09 00:16 12638 ----a-w- c:\bf9fa3b10f1fd9ecee86be57c18d0a4c\eula.3082.txt
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-15_10.23.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-16 07:08 . 2012-09-16 07:08 16384 c:\windows\temp\Perflib_Perfdata_120.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2012-07-16 219008]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Games\\World_of_Tanks_Physics_Preview\\WorldOfTanks.exe"=
"c:\\Program Files\\Orcs Must Die 2\\build\\release\\OrcsMustDie2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [13.9.2012 17:53 1701400]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 13:35]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-09-15 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 09:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3484)
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-09-16 09:12:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-16 07:12
.
Před spuštěním: Volných bajtů: 35 502 469 120
Po spuštění: Volných bajtů: 35 482 165 248
.
- - End Of File - - 549B87A2CBFF704A336B6D977B8E1ADF

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod memphisto » 16 zář 2012 12:01

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
Paulek155
Level 2.5
Level 2.5
Příspěvky: 381
Registrován: červenec 12
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod Paulek155 » 16 zář 2012 13:17

Tady je ten log: Jo už se chová normálně.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:16:29, on 16.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--
End of file - 12462 bytes

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, PC je divné

Příspěvekod memphisto » 16 zář 2012 13:51

HJT je taky ok. Pokud nejsou problémy, tak je to vše
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 81 hostů