Prosím o kontrolu logů Vyřešeno

[martin386]

Zde jsou 2 logy, prosím o kontrolu. 1. log

ComboFix 12-01-12.04 - oem 12.01.2012 20:49:18.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1390 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\oem\WINDOWS
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\windows\desktop
c:\windows\desktop\ Prodigy Internet.lnk
c:\windows\system32\Cache
c:\windows\system32\Cache\60bdcbb403ad4ccd.fb
c:\windows\system32\Cache\60bdcbb403ad4ccd__exp__1288796114
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-12 do 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-04 06:26 . 2012-01-04 06:26 -------- d-----w- C:\c218d694f0ed759a57001d
2012-01-02 21:14 . 2012-01-02 21:14 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\SKIDROW
2012-01-02 20:13 . 2012-01-02 20:13 -------- d-----w- c:\program files\RailSimulator.com
2012-01-02 15:30 . 2012-01-02 15:30 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-02 15:13 . 2010-01-12 19:32 -------- d-s---w- c:\documents and settings\Administrator
2012-01-01 16:20 . 2012-01-01 16:20 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-01 15:53 . 2012-01-02 14:26 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\Yandex
2012-01-01 15:53 . 2012-01-02 14:25 -------- d-----w- c:\documents and settings\oem\Data aplikací\Yandex
2012-01-01 15:49 . 2012-01-01 15:49 -------- d-----w- c:\documents and settings\oem\Data aplikací\DAEMON Tools Pro
2012-01-01 15:49 . 2012-01-01 15:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2012-01-01 15:14 . 2012-01-01 15:14 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\2K Games
2011-12-30 22:02 . 2011-12-30 22:02 -------- d-----w- c:\windows\system32\winrm
2011-12-30 22:02 . 2011-12-30 22:02 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-30 22:01 . 2011-12-30 22:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-30 20:41 . 2011-12-31 11:56 2586 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-30 20:28 . 2011-11-19 10:52 17280 ----a-w- c:\windows\system32\roboot.exe
2011-12-30 19:49 . 2011-12-30 19:49 84267 ----a-w- c:\windows\cscmondump.bin
2011-12-25 04:21 . 2011-10-19 21:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-25 00:14 . 2011-12-25 00:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-12-25 00:13 . 2012-01-02 20:15 -------- d-----w- c:\documents and settings\oem\Data aplikací\IObit
2011-12-25 00:13 . 2011-12-30 20:49 -------- d-----w- c:\program files\IObit
2011-12-25 00:12 . 2011-12-25 00:12 -------- d-----w- c:\documents and settings\oem\Data aplikací\GlarySoft
2011-12-24 23:56 . 2011-12-24 23:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-24 23:56 . 2011-12-24 23:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-12-24 22:30 . 2011-12-24 22:30 -------- d-----r- c:\program files\Skype
2011-12-24 18:04 . 2010-01-09 20:36 -------- d-----w- c:\program files\G9 16-in-1
2011-12-24 18:02 . 2010-01-09 19:24 -------- d-----w- c:\program files\OscarG9
2011-12-20 19:21 . 2010-01-11 18:35 -------- d-----w- c:\program files\totalcmd
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-18 14:01 . 2011-12-18 14:01 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 15:51 . 2009-10-04 12:05 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-25 18:28 . 2011-01-29 21:10 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-25 18:28 . 2011-01-29 21:10 271200 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-16 19:59 . 2011-01-29 21:11 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-16 19:59 . 2011-01-29 21:10 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-10 14:24 . 2010-01-12 19:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 20:16 . 2011-03-15 10:55 138056 -c--a-w- c:\documents and settings\oem\Data aplikací\PnkBstrK.sys
2011-12-03 20:16 . 2011-01-29 21:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-03 20:16 . 2011-12-03 20:16 837192 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-02 18:07 . 2009-03-18 16:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-11-28 18:01 . 2010-06-29 08:37 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-04-21 18:05 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-02-28 14:48 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-04-21 18:05 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-04-21 18:05 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-04-21 18:05 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-04-21 18:05 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-04-21 18:05 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-04-21 18:05 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-04-21 18:05 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 14:40 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 16:15 . 2011-09-16 04:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 16:12 . 2011-11-21 16:12 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-05 14:20 . 2011-11-05 14:20 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-05 14:20 . 2010-07-19 19:13 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-01 20:36 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:36 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-20 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Screenshot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-10-20 14:03 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"FBSearch"=c:\program files\Search Guard Plus\SearchGuardPlus.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.2.2011 15:48 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2010 19:05 314456]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [25.12.2011 1:13 490840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2010 19:05 20568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 11:15 31125880]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.9.2011 16:05 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [21.11.2011 17:12 111872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2010-01-12 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2011-12-25 16:59]
.
2012-01-03 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2011-12-25 14:41]
.
2011-12-30 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-01-03 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-01-03 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-01-03 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=6826
mStart Page = hxxp://home.sweetim.com/?st=1&barid={65A88AE9-CD1A-456A-B465-D67D76646182}
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: ????3?? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 21:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?????????????????????????????????????????????
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
Celkový čas: 2012-01-12 21:04:22
ComboFix-quarantined-files.txt 2012-01-12 20:04
.
Před spuštěním: Volných bajtů: 102 997 643 264
Po spuštění: Volných bajtů: 127 832 035 328
.
- - End Of File - - 430C56559E59CFBCE072FF3FBBD1FCDB

[Reklama]

[martin386]

2. log
Malwarebytes Anti-Malware 1.60.0.1800
http://www.malwarebytes.org

Verze databáze: v2012.01.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
oem :: LAN [administrátor]

12.1.2010 20:11:35
mbam-log-2010-01-12 (20-25-39).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 187695
Uplynulý čas: 13 minut, 7 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 15
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: ©Ž±#ĄaI¶»
äG\Ę -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredi ... 2010082516 -> Žádná instrukce nebyla provedena.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\WINDOWS\KMSEmulator.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.

(konec)

[martin386]

Udělá někdo prosím kontrolu.. ?

[jaro3]

Příště sám neprováděj Combofix , je to mocný a nebezpečný nástroj, který se má spouštět , jen na radu rádce!!

Vlož log z HJT:
viewtopic.php?f=70&t=5119

Popiš problémy..

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

[martin386]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:15:31, on 12.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={65A88AE9-CD1A-456A-B465-D67D76646182}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: Download all by YouTube Robot - C:\Program Files\YouTubeRobot\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\YouTubeRobot\downlink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8338 bytes


HJT

[martin386]

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Verze databáze: v2012.01.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
oem :: LAN [administrátor]

12.1.2012 22:14:12
mbam-log-2012-01-12 (22-14-12).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 179544
Uplynulý čas: 6 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\WINDOWS\KMSEmulator.exe (RiskWare.Tool.CK) -> Umístnění do karantény a smazání se zdařilo.

(konec)

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


Internet Explorer v6.00
Avast5

Oboje doporučuji aktualizovat.


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.



Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\roboot.exe
c:\program files\Search Guard PlusU\sgpUpdaters.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[martin386]

https://www.virustotal.com/file/71348bd ... 326405387/

[martin386]

c:\program files\Search Guard PlusU\sgpUpdaters.exe
tuhle složku v PC nemám...

[martin386]

Log TDSS


22:50:59.0822 2540 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
22:50:59.0978 2540 ============================================================
22:50:59.0978 2540 Current date / time: 2012/01/12 22:50:59.0978
22:50:59.0978 2540 SystemInfo:
22:50:59.0978 2540
22:50:59.0978 2540 OS Version: 5.1.2600 ServicePack: 3.0
22:50:59.0978 2540 Product type: Workstation
22:50:59.0978 2540 ComputerName: LAN
22:50:59.0978 2540 UserName: oem
22:50:59.0978 2540 Windows directory: C:\WINDOWS
22:50:59.0978 2540 System windows directory: C:\WINDOWS
22:50:59.0978 2540 Processor architecture: Intel x86
22:50:59.0978 2540 Number of processors: 2
22:50:59.0978 2540 Page size: 0x1000
22:50:59.0978 2540 Boot type: Normal boot
22:50:59.0978 2540 ============================================================
22:51:02.0072 2540 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
22:51:02.0119 2540 Initialize success
22:51:06.0509 2796 ============================================================
22:51:06.0509 2796 Scan started
22:51:06.0509 2796 Mode: Manual;
22:51:06.0509 2796 ============================================================
22:51:07.0244 2796 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:51:07.0244 2796 Aavmker4 - ok
22:51:07.0259 2796 Abiosdsk - ok
22:51:07.0259 2796 abp480n5 - ok
22:51:07.0306 2796 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:51:07.0306 2796 ACPI - ok
22:51:07.0353 2796 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:51:07.0353 2796 ACPIEC - ok
22:51:07.0353 2796 adpu160m - ok
22:51:07.0400 2796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:51:07.0400 2796 aec - ok
22:51:07.0447 2796 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:51:07.0447 2796 AFD - ok
22:51:07.0447 2796 Aha154x - ok
22:51:07.0462 2796 aic78u2 - ok
22:51:07.0478 2796 aic78xx - ok
22:51:07.0478 2796 AliIde - ok
22:51:07.0494 2796 amsint - ok
22:51:07.0509 2796 asc - ok
22:51:07.0509 2796 asc3350p - ok
22:51:07.0525 2796 asc3550 - ok
22:51:07.0587 2796 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:51:07.0587 2796 aswFsBlk - ok
22:51:07.0619 2796 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
22:51:07.0619 2796 aswMon2 - ok
22:51:07.0650 2796 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
22:51:07.0650 2796 aswRdr - ok
22:51:07.0681 2796 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
22:51:07.0681 2796 aswSnx - ok
22:51:07.0697 2796 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
22:51:07.0697 2796 aswSP - ok
22:51:07.0712 2796 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
22:51:07.0712 2796 aswTdi - ok
22:51:07.0759 2796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:51:07.0759 2796 AsyncMac - ok
22:51:07.0806 2796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:51:07.0806 2796 atapi - ok
22:51:07.0806 2796 Atdisk - ok
22:51:07.0837 2796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:51:07.0837 2796 Atmarpc - ok
22:51:07.0869 2796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:51:07.0869 2796 audstub - ok
22:51:07.0916 2796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:51:07.0916 2796 Beep - ok
22:51:07.0978 2796 catchme - ok
22:51:08.0103 2796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:51:08.0103 2796 cbidf2k - ok
22:51:08.0166 2796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:51:08.0181 2796 CCDECODE - ok
22:51:08.0181 2796 cd20xrnt - ok
22:51:08.0197 2796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:51:08.0212 2796 Cdaudio - ok
22:51:08.0244 2796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:51:08.0244 2796 Cdfs - ok
22:51:08.0306 2796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:51:08.0306 2796 Cdrom - ok
22:51:08.0322 2796 Changer - ok
22:51:08.0337 2796 CmdIde - ok
22:51:08.0353 2796 Cpqarray - ok
22:51:08.0353 2796 dac2w2k - ok
22:51:08.0369 2796 dac960nt - ok
22:51:08.0384 2796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:51:08.0384 2796 Disk - ok
22:51:08.0509 2796 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
22:51:08.0509 2796 dmboot - ok
22:51:08.0556 2796 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
22:51:08.0556 2796 dmio - ok
22:51:08.0603 2796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:51:08.0603 2796 dmload - ok
22:51:08.0681 2796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:51:08.0681 2796 DMusic - ok
22:51:08.0712 2796 dpti2o - ok
22:51:08.0759 2796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:51:08.0759 2796 drmkaud - ok
22:51:08.0884 2796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:51:08.0884 2796 Fastfat - ok
22:51:08.0916 2796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:51:08.0916 2796 Fdc - ok
22:51:08.0994 2796 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
22:51:08.0994 2796 Fips - ok
22:51:09.0009 2796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:51:09.0009 2796 Flpydisk - ok
22:51:09.0103 2796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:51:09.0103 2796 FltMgr - ok
22:51:09.0150 2796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:51:09.0150 2796 Fs_Rec - ok
22:51:09.0228 2796 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:51:09.0228 2796 Ftdisk - ok
22:51:09.0291 2796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:51:09.0291 2796 Gpc - ok
22:51:09.0384 2796 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:51:09.0384 2796 hamachi - ok
22:51:09.0478 2796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:51:09.0478 2796 HDAudBus - ok
22:51:09.0509 2796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:51:09.0525 2796 HidUsb - ok
22:51:09.0587 2796 hpn - ok
22:51:09.0650 2796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:51:09.0650 2796 HTTP - ok
22:51:09.0712 2796 i2omgmt - ok
22:51:09.0712 2796 i2omp - ok
22:51:09.0759 2796 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:51:09.0759 2796 i8042prt - ok
22:51:09.0853 2796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:51:09.0853 2796 Imapi - ok
22:51:09.0900 2796 ini910u - ok
22:51:10.0041 2796 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:51:10.0072 2796 IntcAzAudAddService - ok
22:51:10.0072 2796 IntelIde - ok
22:51:10.0103 2796 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:51:10.0103 2796 intelppm - ok
22:51:10.0119 2796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:51:10.0119 2796 Ip6Fw - ok
22:51:10.0212 2796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:51:10.0212 2796 IpFilterDriver - ok
22:51:10.0259 2796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:51:10.0259 2796 IpInIp - ok
22:51:10.0291 2796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:51:10.0291 2796 IpNat - ok
22:51:10.0306 2796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:51:10.0306 2796 IPSec - ok
22:51:10.0369 2796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:51:10.0369 2796 IRENUM - ok
22:51:10.0462 2796 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:51:10.0462 2796 isapnp - ok
22:51:10.0509 2796 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:51:10.0509 2796 Kbdclass - ok
22:51:10.0572 2796 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:51:10.0572 2796 kbdhid - ok
22:51:10.0619 2796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:51:10.0619 2796 kmixer - ok
22:51:10.0728 2796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:51:10.0728 2796 KSecDD - ok
22:51:10.0744 2796 lbrtfdc - ok
22:51:10.0806 2796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:51:10.0806 2796 mnmdd - ok
22:51:10.0869 2796 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
22:51:10.0869 2796 Modem - ok
22:51:10.0916 2796 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:51:10.0916 2796 Mouclass - ok
22:51:10.0962 2796 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:51:10.0962 2796 mouhid - ok
22:51:11.0056 2796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:51:11.0056 2796 MountMgr - ok
22:51:11.0056 2796 mraid35x - ok
22:51:11.0103 2796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:51:11.0103 2796 MRxDAV - ok
22:51:11.0228 2796 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:51:11.0228 2796 MRxSmb - ok
22:51:11.0291 2796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:51:11.0291 2796 Msfs - ok
22:51:11.0369 2796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:51:11.0369 2796 MSKSSRV - ok
22:51:11.0400 2796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:51:11.0400 2796 MSPCLOCK - ok
22:51:11.0416 2796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:51:11.0416 2796 MSPQM - ok
22:51:11.0478 2796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:51:11.0478 2796 mssmbios - ok
22:51:11.0541 2796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:51:11.0541 2796 MSTEE - ok
22:51:11.0634 2796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:51:11.0634 2796 Mup - ok
22:51:11.0681 2796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:51:11.0681 2796 NABTSFEC - ok
22:51:11.0791 2796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:51:11.0791 2796 NDIS - ok
22:51:11.0837 2796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:51:11.0837 2796 NdisIP - ok
22:51:11.0869 2796 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:51:11.0869 2796 NdisTapi - ok
22:51:11.0900 2796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:51:11.0900 2796 Ndisuio - ok
22:51:11.0916 2796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:51:11.0916 2796 NdisWan - ok
22:51:11.0978 2796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:51:11.0978 2796 NDProxy - ok
22:51:12.0025 2796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:51:12.0025 2796 NetBIOS - ok
22:51:12.0041 2796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:51:12.0056 2796 NetBT - ok
22:51:12.0103 2796 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
22:51:12.0103 2796 nmwcd - ok
22:51:12.0212 2796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:51:12.0212 2796 Npfs - ok
22:51:12.0244 2796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:51:12.0244 2796 Ntfs - ok
22:51:12.0291 2796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:51:12.0291 2796 Null - ok
22:51:12.0494 2796 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:51:12.0541 2796 nv - ok
22:51:12.0634 2796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:51:12.0634 2796 NwlnkFlt - ok
22:51:12.0666 2796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:51:12.0666 2796 NwlnkFwd - ok
22:51:12.0791 2796 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
22:51:12.0791 2796 Parport - ok
22:51:12.0806 2796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:51:12.0806 2796 PartMgr - ok
22:51:12.0869 2796 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:51:12.0869 2796 ParVdm - ok
22:51:12.0900 2796 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
22:51:12.0900 2796 PCI - ok
22:51:12.0962 2796 PCIDump - ok
22:51:13.0009 2796 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:51:13.0009 2796 PCIIde - ok
22:51:13.0056 2796 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:51:13.0056 2796 Pcmcia - ok
22:51:13.0119 2796 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:51:13.0119 2796 pcouffin - ok
22:51:13.0166 2796 PDCOMP - ok
22:51:13.0181 2796 PDFRAME - ok
22:51:13.0212 2796 PDRELI - ok
22:51:13.0228 2796 PDRFRAME - ok
22:51:13.0259 2796 perc2 - ok
22:51:13.0291 2796 perc2hib - ok
22:51:13.0353 2796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:51:13.0353 2796 PptpMiniport - ok
22:51:13.0447 2796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:51:13.0447 2796 PSched - ok
22:51:13.0478 2796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:51:13.0478 2796 Ptilink - ok
22:51:13.0541 2796 ql1080 - ok
22:51:13.0541 2796 Ql10wnt - ok
22:51:13.0556 2796 ql12160 - ok
22:51:13.0556 2796 ql1240 - ok
22:51:13.0572 2796 ql1280 - ok
22:51:13.0603 2796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:51:13.0619 2796 RasAcd - ok
22:51:13.0666 2796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:51:13.0666 2796 Rasl2tp - ok
22:51:13.0712 2796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:51:13.0712 2796 RasPppoe - ok
22:51:13.0822 2796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:51:13.0822 2796 Raspti - ok
22:51:13.0884 2796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:51:13.0884 2796 Rdbss - ok
22:51:13.0978 2796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:51:13.0978 2796 RDPCDD - ok
22:51:14.0025 2796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:51:14.0025 2796 rdpdr - ok
22:51:14.0056 2796 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:51:14.0056 2796 RDPWD - ok
22:51:14.0181 2796 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:51:14.0181 2796 redbook - ok
22:51:14.0228 2796 RTL8023xp (a74ef45e0dcdb28b9a88a31bc81164cd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:51:14.0244 2796 RTL8023xp - ok
22:51:14.0337 2796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:51:14.0337 2796 Secdrv - ok
22:51:14.0369 2796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:51:14.0369 2796 serenum - ok
22:51:14.0447 2796 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
22:51:14.0462 2796 Serial - ok
22:51:14.0525 2796 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
22:51:14.0525 2796 sfdrv01 - ok
22:51:14.0541 2796 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\WINDOWS\system32\drivers\sfdrv01a.sys
22:51:14.0541 2796 sfdrv01a - ok
22:51:14.0556 2796 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\WINDOWS\system32\drivers\sfhlp02.sys
22:51:14.0556 2796 sfhlp02 - ok
22:51:14.0587 2796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:51:14.0587 2796 Sfloppy - ok
22:51:14.0634 2796 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\WINDOWS\system32\drivers\sfsync02.sys
22:51:14.0634 2796 sfsync02 - ok
22:51:14.0712 2796 sfvfs02 (107b772690050d3b19cbc637ad8fd96e) C:\WINDOWS\system32\drivers\sfvfs02.sys
22:51:14.0712 2796 sfvfs02 - ok
22:51:14.0744 2796 Simbad - ok
22:51:14.0775 2796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:51:14.0791 2796 SLIP - ok
22:51:14.0837 2796 Sparrow - ok
22:51:14.0900 2796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:51:14.0900 2796 splitter - ok
22:51:14.0947 2796 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\WINDOWS\System32\Drivers\sptd.sys
22:51:14.0947 2796 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
22:51:14.0947 2796 sptd ( LockedFile.Multi.Generic ) - warning
22:51:14.0947 2796 sptd - detected LockedFile.Multi.Generic (1)
22:51:15.0025 2796 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
22:51:15.0025 2796 sr - ok
22:51:15.0041 2796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:51:15.0041 2796 Srv - ok
22:51:15.0072 2796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:51:15.0072 2796 streamip - ok
22:51:15.0197 2796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:51:15.0197 2796 swenum - ok
22:51:15.0244 2796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:51:15.0244 2796 swmidi - ok
22:51:15.0306 2796 symc810 - ok
22:51:15.0306 2796 symc8xx - ok
22:51:15.0322 2796 sym_hi - ok
22:51:15.0322 2796 sym_u3 - ok
22:51:15.0337 2796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:51:15.0337 2796 sysaudio - ok
22:51:15.0400 2796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:51:15.0400 2796 Tcpip - ok
22:51:15.0494 2796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:51:15.0494 2796 TDPIPE - ok
22:51:15.0541 2796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:51:15.0541 2796 TDTCP - ok
22:51:15.0603 2796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:51:15.0603 2796 TermDD - ok
22:51:15.0666 2796 TosIde - ok
22:51:15.0712 2796 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
22:51:15.0712 2796 Suspicious file (Forged): c:\windows\system32\drivers\TrueSight.sys. Real md5: f69641efdb19acb4753b0155f7fdeed5, Fake md5: 4437f08532f344e8315dc3e53f5bd075
22:51:15.0712 2796 TrueSight ( ForgedFile.Multi.Generic ) - warning
22:51:15.0712 2796 TrueSight - detected ForgedFile.Multi.Generic (1)
22:51:15.0806 2796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:51:15.0806 2796 Udfs - ok
22:51:15.0822 2796 ultra - ok
22:51:15.0853 2796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:51:15.0853 2796 Update - ok
22:51:15.0962 2796 upperdev (bb16932a4189e82d6c455042c11849b6) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:51:15.0962 2796 upperdev - ok
22:51:16.0025 2796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:51:16.0025 2796 usbccgp - ok
22:51:16.0119 2796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:51:16.0119 2796 usbehci - ok
22:51:16.0166 2796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:51:16.0166 2796 usbhub - ok
22:51:16.0275 2796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:51:16.0275 2796 usbprint - ok
22:51:16.0337 2796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:51:16.0337 2796 usbscan - ok
22:51:16.0431 2796 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
22:51:16.0431 2796 usbser - ok
22:51:16.0494 2796 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:51:16.0494 2796 UsbserFilt - ok
22:51:16.0541 2796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:51:16.0541 2796 USBSTOR - ok
22:51:16.0650 2796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:51:16.0650 2796 usbuhci - ok
22:51:16.0712 2796 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:51:16.0712 2796 usbvideo - ok
22:51:16.0759 2796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:51:16.0759 2796 VgaSave - ok
22:51:16.0775 2796 ViaIde - ok
22:51:16.0775 2796 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
22:51:16.0791 2796 VolSnap - ok
22:51:16.0806 2796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:51:16.0806 2796 Wanarp - ok
22:51:16.0916 2796 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:51:16.0916 2796 Wdf01000 - ok
22:51:16.0916 2796 WDICA - ok
22:51:16.0978 2796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:51:16.0978 2796 wdmaud - ok
22:51:17.0087 2796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:51:17.0087 2796 WpdUsb - ok
22:51:17.0150 2796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:51:17.0150 2796 WS2IFSL - ok
22:51:17.0181 2796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:51:17.0181 2796 WSTCODEC - ok
22:51:17.0275 2796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:51:17.0275 2796 WudfPf - ok
22:51:17.0322 2796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:51:17.0322 2796 WudfRd - ok
22:51:17.0353 2796 ymurpep (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\eacoju.sys
22:51:17.0353 2796 ymurpep - ok
22:51:17.0369 2796 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:51:17.0478 2796 \Device\Harddisk0\DR0 - ok
22:51:17.0478 2796 Boot (0x1200) (0b7b3275bb253a3db9eb468869c5ce33) \Device\Harddisk0\DR0\Partition0
22:51:17.0478 2796 \Device\Harddisk0\DR0\Partition0 - ok
22:51:17.0478 2796 ============================================================
22:51:17.0478 2796 Scan finished
22:51:17.0478 2796 ============================================================
22:51:17.0478 0896 Detected object count: 2
22:51:17.0478 0896 Actual detected object count: 2
22:51:19.0009 0896 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:51:19.0009 0896 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:51:19.0009 0896 TrueSight ( ForgedFile.Multi.Generic ) - skipped by user
22:51:19.0009 0896 TrueSight ( ForgedFile.Multi.Generic ) - User select action: Skip
22:51:23.0744 1484 Deinitialize success

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job


DirLook::
c:\windows\system32\winrm

Driver::
sptd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"FBSearch"=-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 SGPUpdater =-

DDS::
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR

na svojí plochu.Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu , vlož sem celý obsak toho logu.

[martin386]

Z ComboFixu mi žádný log po restartu PC nevyběhl.
ZDe je log HJT :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:37:52, on 13.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\VVCap\VVCap.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Dokumenty\Downloads\aswMBR.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={65A88AE9-CD1A-456A-B465-D67D76646182}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [VVCap] C:\Program Files\VVCap\VVCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: Download all by YouTube Robot - C:\Program Files\YouTubeRobot\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\YouTubeRobot\downlink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7895 bytes