Prosím o kontrolu logu

LaB · Příspěvekod **LaB** » 06 čer 2012 17:59

Včera mi Avira nahlásila několik virů, které pravděpodobně i odstranila. Mohl bych někoho požádat o kontrolu logu (pro jistotu).
Předem děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:54:37, on 6.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bisovi\Local Settings\Temporary Internet Files\Content.IE5\0L4AEN8B\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D25446CA-C0F1-4978-AAFA-8BE11186FF5B}: NameServer = 89.111.106.2,89.111.107.249
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 10344 bytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.06.05.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bisovi :: BISOVI-F7MOOQ1M [administrátor]

6.6.2012 18:02:48
mbam-log-2012-06-06 (18-02-48).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 210036
Uplynulý čas: 3 minut, 8 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Reklama

Příspěvekod **Žbeky** » 06 čer 2012 18:47

Odinstaluj uTorrentControl2 Toolbar a ASK Toolbar

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O20 - AppInit_DLLs:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

LaB · Příspěvekod **LaB** » 06 čer 2012 19:36

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:32:51, on 6.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D25446CA-C0F1-4978-AAFA-8BE11186FF5B}: NameServer = 89.111.106.2,89.111.107.249
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 8087 bytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.06.05.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bisovi :: BISOVI-F7MOOQ1M [administrátor]

6.6.2012 19:34:44
mbam-log-2012-06-06 (19-34-44).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 209540
Uplynulý čas: 1 minut, 7 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Příspěvekod **jaro3** » 07 čer 2012 09:33

Stáhni si a spusť DDS (by sUBs)
a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logů z DDS

LaB · Příspěvekod **LaB** » 07 čer 2012 10:37

Navečer se do toho pustím. Díky.

LaB · Příspěvekod **LaB** » 07 čer 2012 19:47

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bisovi at 19:46:10 on 2012-06-07
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2813.2060 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.idnes.cz/
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [<NO NAME>]
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: Interfaces\{D25446CA-C0F1-4978-AAFA-8BE11186FF5B} : NameServer = 89.111.106.2,89.111.107.249
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bisovi\data aplikací\mozilla\firefox\profiles\okm78hap.default\
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2012-4-10 76768]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-4-11 83392]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-4-2 18544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-6-2 36000]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-3-19 525840]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-6-2 110032]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-6-2 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-6-2 465360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-6-2 83392]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-4-25 24328]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-3-16 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-3-16 497280]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-3 654408]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2012-4-2 75504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-3 22344]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-4-2 30392]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-4-2 1691480]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2012-4-11 25728]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-5-14 1714176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-4-10 8704]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2012-4-2 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-4-10 3072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2012-4-11 106752]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
.
=============== Created Last 30 ================
.
2012-06-06 18:00:06 388608 ----a-w- c:\program files\HijackThis.exe
2012-06-06 17:11:46 -------- d-----w- c:\documents and settings\bisovi\data aplikací\602XML
2012-06-06 17:11:43 -------- d-----w- c:\documents and settings\bisovi\data aplikací\602Installer
2012-06-06 17:11:36 -------- d-----w- c:\program files\common files\soft602
2012-06-06 17:11:35 -------- d-----w- c:\program files\Software602
2012-06-05 15:14:31 -------- d-----w- c:\documents and settings\bisovi\data aplikací\AskToolbar
2012-06-04 16:39:45 911800 ----a-w- c:\windows\system32\drivers\etc\amtlib.dll
2012-06-04 14:28:31 -------- d-----w- c:\program files\YourFileDownloader
2012-06-04 14:28:31 -------- d-----w- c:\documents and settings\bisovi\data aplikací\YourFileDownloader
2012-06-03 09:04:10 -------- d-----w- c:\program files\Conduit
2012-06-03 08:49:50 -------- d-----w- c:\documents and settings\bisovi\data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-06-02 06:52:32 -------- d-----w- c:\documents and settings\bisovi\data aplikací\Avira
2012-06-02 06:46:40 -------- d-----w- c:\program files\Ask.com
2012-06-02 06:46:19 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-02 06:46:19 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-02 06:46:15 -------- d-----w- c:\program files\Avira
2012-05-30 17:14:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-05-30 17:13:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-05-30 17:13:49 -------- d-----w- c:\documents and settings\all users\Microsoft
2012-05-30 17:08:59 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-05-30 16:54:07 87040 -c----w- c:\windows\system32\dllcache\drmstor.dll
2012-05-30 16:52:49 -------- d-----w- c:\windows\network diagnostic
2012-05-30 16:52:47 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-05-30 16:52:06 19569 ----a-w- c:\windows\005537_.tmp
2012-05-25 17:42:17 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-25 17:42:11 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-05-24 17:32:29 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-05-24 17:32:29 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2012-05-24 17:32:25 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-05-24 17:32:25 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2012-05-24 17:32:24 206976 ----a-w- c:\windows\system32\drivers\dot4.sys
2012-05-20 17:47:54 -------- d-----w- c:\documents and settings\bisovi\data aplikací\OpenCandy
2012-05-18 09:36:03 -------- d-----w- c:\windows\system32\NtmsData
2012-05-16 16:26:04 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-14 16:30:21 1714176 ----a-r- c:\windows\system32\drivers\athuw.sys
2012-05-14 16:30:12 1714176 ----a-r- c:\windows\system32\athuw.sys
2012-05-14 16:30:12 -------- d-----w- c:\windows\Options
2012-05-13 09:36:45 -------- d-----w- c:\documents and settings\bisovi\data aplikací\Publish Providers
2012-05-13 09:36:35 -------- d-----w- c:\documents and settings\bisovi\data aplikací\Sony
2012-05-13 09:31:57 -------- d-----w- c:\program files\Vstplugins
2012-05-13 09:14:21 -------- d-----w- c:\program files\Sony
2012-05-13 09:11:01 -------- d-----w- c:\program files\Sony Setup
2012-05-13 09:07:38 -------- d-----w- c:\program files\Terminal Reality
2012-05-13 09:01:30 -------- d-----w- c:\documents and settings\bisovi\data aplikací\Ahead
2012-05-13 09:00:49 -------- d-----w- c:\program files\Nero
2012-05-12 17:29:23 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-05-12 17:29:19 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2012-05-12 17:29:16 48128 ----a-w- c:\windows\system32\drivers\61883.sys
.
==================== Find3M ====================
.
2012-06-03 06:11:45 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-04-14 17:26:56 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-04-14 17:26:43 17488 ----a-w- c:\windows\gdrv.sys
2012-04-14 14:59:07 17488 ----a-w- c:\windows\etdrv.sys
2012-04-11 15:35:18 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-04-11 15:35:18 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-11 15:35:16 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-11 15:35:14 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-04-11 13:33:47 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-04-11 13:33:46 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-04-10 16:41:14 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-04-08 17:32:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 17:32:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 16:42:33 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 19:46:44,50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2.4.2012 17:16:52
System Uptime: 7.6.2012 19:40:12 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P
Processor: AMD Athlon(tm) II X2 260 Processor | Socket M2 | 3221/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 42,126 GiB free.
D: is FIXED (NTFS) - 173 GiB total, 56,002 GiB free.
F: is CDROM ()
Z: is FIXED (NTFS) - 112 GiB total, 111,741 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 5.6.2012 20:06:31 - Kontrolní bod systému
RP96: 6.6.2012 19:11:28 - Installed Software602 Form Filler.
RP97: 6.6.2012 19:18:04 - Removed Software602 Form Filler.
.
==== Installed Programs ======================
.
ACDSee 5.0 Standard Trial
Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS5
Adobe Media Player
AMD USB Filter Driver
Ask Toolbar
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CorelDRAW Graphics Suite X3
CPUID CPU-Z 1.60.1
CPUID HWMonitor 1.19
CrystalDiskInfo 4.6.2a
CZ
EASEUS Partition Master 3.5 Home Edition
Easy Tune 6 B11.0427.1
Enable S3 for USB Device
FontNav
HD Tune Pro 5.00
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
hp deskjet 3820 series (Pouze odstranit)
Kubik SMS DreamCom 5.89
Malwarebytes Anti-Malware verze 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Czech) 2010
Microsoft Office Excel MUI (Czech) 2010
Microsoft Office Groove MUI (Czech) 2010
Microsoft Office InfoPath MUI (Czech) 2010
Microsoft Office OneNote MUI (Czech) 2010
Microsoft Office Outlook MUI (Czech) 2010
Microsoft Office PowerPoint MUI (Czech) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Czech) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Slovak) 2010
Microsoft Office Proofing (Czech) 2010
Microsoft Office Publisher MUI (Czech) 2010
Microsoft Office Shared MUI (Czech) 2010
Microsoft Office Word MUI (Czech) 2010
Microsoft Software Update for Web Folders (Czech) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 12.0 (x86 cs)
Mozilla Maintenance Service
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
ON_OFF Charge B11.0110.1
Oprava Hotfix systému Windows XP (KB942288-v3)
PDF Settings CS5
Picasa 3
rajče průvodce verze 1.59.40.255
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Skype™ 5.1
Sony Vegas Pro 8.0
The Lord of the Rings FREE Trial
TP-LINK Wireless Client Utility
Update Manager
VBA
VC 9.0 Runtime
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm LTD Toolbar
ZoneAlarm Security
Zoner Photo Studio 13
ZTE Smartphone Driver 1.2066.1.3
.
==== End Of File ===========================

Příspěvekod **jaro3** » 07 čer 2012 21:56

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

LaB · Příspěvekod **LaB** » 08 čer 2012 16:12

16:10:15.0500 2732 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:10:17.0500 2732 ============================================================
16:10:17.0500 2732 Current date / time: 2012/06/08 16:10:17.0500
16:10:17.0500 2732 SystemInfo:
16:10:17.0500 2732
16:10:17.0500 2732 OS Version: 5.1.2600 ServicePack: 3.0
16:10:17.0500 2732 Product type: Workstation
16:10:17.0500 2732 ComputerName: BISOVI-F7MOOQ1M
16:10:17.0500 2732 UserName: Bisovi
16:10:17.0500 2732 Windows directory: C:\WINDOWS
16:10:17.0500 2732 System windows directory: C:\WINDOWS
16:10:17.0500 2732 Processor architecture: Intel x86
16:10:17.0500 2732 Number of processors: 2
16:10:17.0500 2732 Page size: 0x1000
16:10:17.0500 2732 Boot type: Normal boot
16:10:17.0500 2732 ============================================================
16:10:19.0046 2732 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:10:19.0046 2732 Drive \Device\Harddisk1\DR1 - Size: 0x1BF4187E00 (111.81 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:10:19.0046 2732 ============================================================
16:10:19.0046 2732 \Device\Harddisk0\DR0:
16:10:19.0046 2732 MBR partitions:
16:10:19.0046 2732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x77FE059
16:10:19.0046 2732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x77FE098, BlocksNum 0x159C64E9
16:10:19.0046 2732 \Device\Harddisk1\DR1:
16:10:19.0046 2732 MBR partitions:
16:10:19.0046 2732 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF9F3C5
16:10:19.0046 2732 ============================================================
16:10:19.0062 2732 C: <-> \Device\Harddisk0\DR0\Partition0
16:10:19.0125 2732 D: <-> \Device\Harddisk0\DR0\Partition1
16:10:19.0171 2732 Z: <-> \Device\Harddisk1\DR1\Partition0
16:10:19.0171 2732 ============================================================
16:10:19.0171 2732 Initialize success
16:10:19.0171 2732 ============================================================
16:10:21.0078 2896 ============================================================
16:10:21.0078 2896 Scan started
16:10:21.0078 2896 Mode: Manual;
16:10:21.0078 2896 ============================================================
16:10:21.0687 2896 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:10:21.0703 2896 61883 - ok
16:10:21.0703 2896 Abiosdsk - ok
16:10:21.0703 2896 abp480n5 - ok
16:10:21.0734 2896 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:10:21.0734 2896 ACPI - ok
16:10:21.0765 2896 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:10:21.0765 2896 ACPIEC - ok
16:10:21.0812 2896 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:21.0828 2896 AdobeFlashPlayerUpdateSvc - ok
16:10:21.0828 2896 adpu160m - ok
16:10:21.0843 2896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:10:21.0859 2896 aec - ok
16:10:21.0859 2896 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
16:10:21.0875 2896 AFD - ok
16:10:21.0875 2896 Aha154x - ok
16:10:21.0875 2896 aic78u2 - ok
16:10:21.0875 2896 aic78xx - ok
16:10:21.0906 2896 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
16:10:21.0906 2896 Alerter - ok
16:10:21.0921 2896 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
16:10:21.0921 2896 ALG - ok
16:10:21.0921 2896 AliIde - ok
16:10:22.0046 2896 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
16:10:22.0140 2896 Ambfilt - ok
16:10:22.0171 2896 amsint - ok
16:10:22.0187 2896 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\WINDOWS\system32\Drivers\androidusb.sys
16:10:22.0187 2896 androidusb - ok
16:10:22.0265 2896 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:10:22.0265 2896 AntiVirSchedulerService - ok
16:10:22.0296 2896 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:10:22.0296 2896 AntiVirService - ok
16:10:22.0328 2896 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:10:22.0328 2896 AntiVirWebService - ok
16:10:22.0359 2896 AppleCharger (e592751036c1d0a74ec3e57302a03745) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
16:10:22.0359 2896 AppleCharger - ok
16:10:22.0375 2896 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\WINDOWS\system32\AppleChargerSrv.exe
16:10:22.0375 2896 AppleChargerSrv - ok
16:10:22.0421 2896 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
16:10:22.0421 2896 AppMgmt - ok
16:10:22.0515 2896 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
16:10:22.0578 2896 AR9271 - ok
16:10:22.0640 2896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:10:22.0640 2896 Arp1394 - ok
16:10:22.0640 2896 asc - ok
16:10:22.0640 2896 asc3350p - ok
16:10:22.0640 2896 asc3550 - ok
16:10:22.0687 2896 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
16:10:22.0687 2896 Aspi32 - ok
16:10:22.0750 2896 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:10:22.0765 2896 aspnet_state - ok
16:10:22.0781 2896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:10:22.0781 2896 AsyncMac - ok
16:10:22.0796 2896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:10:22.0796 2896 atapi - ok
16:10:22.0796 2896 Atdisk - ok
16:10:22.0843 2896 Ati HotKey Poller (43c1105ca8492931b45f1a090fa562c8) C:\WINDOWS\system32\Ati2evxx.exe
16:10:22.0859 2896 Ati HotKey Poller - ok
16:10:23.0078 2896 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:10:23.0109 2896 ati2mtag - ok
16:10:23.0187 2896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:10:23.0187 2896 Atmarpc - ok
16:10:23.0203 2896 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
16:10:23.0203 2896 AudioSrv - ok
16:10:23.0234 2896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:10:23.0250 2896 audstub - ok
16:10:23.0281 2896 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:10:23.0281 2896 Avc - ok
16:10:23.0328 2896 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:10:23.0343 2896 avgntflt - ok
16:10:23.0375 2896 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:10:23.0375 2896 avipbb - ok
16:10:23.0390 2896 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:10:23.0406 2896 avkmgr - ok
16:10:23.0421 2896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:10:23.0421 2896 Beep - ok
16:10:23.0921 2896 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
16:10:24.0000 2896 BITS - ok
16:10:24.0015 2896 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
16:10:24.0015 2896 Browser - ok
16:10:24.0046 2896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:10:24.0046 2896 cbidf2k - ok
16:10:24.0078 2896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:10:24.0078 2896 CCDECODE - ok
16:10:24.0078 2896 cd20xrnt - ok
16:10:24.0093 2896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:10:24.0093 2896 Cdaudio - ok
16:10:24.0109 2896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:10:24.0109 2896 Cdfs - ok
16:10:24.0125 2896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:10:24.0125 2896 Cdrom - ok
16:10:24.0125 2896 Changer - ok
16:10:24.0156 2896 cisvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\System32\cisvc.exe
16:10:24.0171 2896 cisvc - ok
16:10:24.0187 2896 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
16:10:24.0187 2896 ClipSrv - ok
16:10:24.0234 2896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:24.0281 2896 clr_optimization_v2.0.50727_32 - ok
16:10:24.0296 2896 CmdIde - ok
16:10:24.0296 2896 COMSysApp - ok
16:10:24.0296 2896 Cpqarray - ok
16:10:24.0359 2896 cpuz135 (26ce59f9fc8639fd7fed53ce3b785015) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
16:10:24.0359 2896 cpuz135 - ok
16:10:24.0375 2896 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
16:10:24.0390 2896 CryptSvc - ok
16:10:24.0390 2896 dac2w2k - ok
16:10:24.0390 2896 dac960nt - ok
16:10:24.0437 2896 DcomLaunch (c868f3ae15cf71a93f2aa3a32856d839) C:\WINDOWS\system32\rpcss.dll
16:10:24.0437 2896 DcomLaunch - ok
16:10:24.0453 2896 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
16:10:24.0453 2896 Dhcp - ok
16:10:24.0468 2896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:10:24.0468 2896 Disk - ok
16:10:24.0468 2896 dmadmin - ok
16:10:24.0546 2896 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
16:10:24.0562 2896 dmboot - ok
16:10:24.0578 2896 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
16:10:24.0578 2896 dmio - ok
16:10:24.0593 2896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:10:24.0609 2896 dmload - ok
16:10:24.0625 2896 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
16:10:24.0625 2896 dmserver - ok
16:10:24.0625 2896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:10:24.0640 2896 DMusic - ok
16:10:24.0640 2896 Dnscache (0634b791684b84f4a331f3d3536feef8) C:\WINDOWS\System32\dnsrslvr.dll
16:10:24.0656 2896 Dnscache - ok
16:10:24.0671 2896 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
16:10:24.0687 2896 Dot3svc - ok
16:10:24.0703 2896 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:10:24.0718 2896 dot4 - ok
16:10:24.0734 2896 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:10:24.0734 2896 Dot4Print - ok
16:10:24.0734 2896 dot4usb (ccc4092dfc85336f2e1c142483adeb42) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:10:24.0750 2896 dot4usb - ok
16:10:24.0750 2896 dpti2o - ok
16:10:24.0765 2896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:10:24.0781 2896 drmkaud - ok
16:10:24.0796 2896 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
16:10:24.0796 2896 EapHost - ok
16:10:24.0828 2896 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
16:10:24.0828 2896 epmntdrv - ok
16:10:24.0859 2896 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
16:10:24.0859 2896 ERSvc - ok
16:10:24.0875 2896 etdrv (3af0ae042afe486b22644cd3fbebf2e2) C:\WINDOWS\etdrv.sys
16:10:24.0890 2896 etdrv - ok
16:10:24.0890 2896 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
16:10:24.0906 2896 EuGdiDrv - ok
16:10:24.0921 2896 Eventlog (f0d2ae69035092bf22dad6b50fab85c2) C:\WINDOWS\system32\services.exe
16:10:24.0921 2896 Eventlog - ok
16:10:24.0937 2896 EventSystem (260c69fd67687b0dc062fc3d31655857) C:\WINDOWS\System32\es.dll
16:10:24.0953 2896 EventSystem - ok
16:10:25.0015 2896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:10:25.0031 2896 Fastfat - ok
16:10:25.0046 2896 FastUserSwitchingCompatibility (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
16:10:25.0062 2896 FastUserSwitchingCompatibility - ok
16:10:25.0078 2896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:10:25.0093 2896 Fdc - ok
16:10:25.0093 2896 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
16:10:25.0109 2896 Fips - ok
16:10:25.0171 2896 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:10:25.0203 2896 FLEXnet Licensing Service - ok
16:10:25.0203 2896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:10:25.0203 2896 Flpydisk - ok
16:10:25.0234 2896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:10:25.0250 2896 FltMgr - ok
16:10:25.0265 2896 fltsrv (27c75ac6d6fc808d8244d9c9cea681d1) C:\WINDOWS\system32\DRIVERS\fltsrv.sys
16:10:25.0281 2896 fltsrv - ok
16:10:25.0359 2896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:10:25.0359 2896 FontCache3.0.0.0 - ok
16:10:25.0390 2896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:10:25.0390 2896 Fs_Rec - ok
16:10:25.0390 2896 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:10:25.0406 2896 Ftdisk - ok
16:10:25.0421 2896 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
16:10:25.0421 2896 gdrv - ok
16:10:25.0453 2896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:10:25.0453 2896 Gpc - ok
16:10:25.0484 2896 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:10:25.0515 2896 gusvc - ok
16:10:25.0546 2896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:10:25.0546 2896 HDAudBus - ok
16:10:25.0609 2896 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:10:25.0609 2896 helpsvc - ok
16:10:25.0625 2896 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
16:10:25.0625 2896 HidServ - ok
16:10:25.0656 2896 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:10:25.0656 2896 hidusb - ok
16:10:25.0687 2896 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
16:10:25.0687 2896 hkmsvc - ok
16:10:25.0703 2896 hpn - ok
16:10:25.0703 2896 hpt3xx - ok
16:10:25.0718 2896 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:10:25.0718 2896 HTTP - ok
16:10:25.0734 2896 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
16:10:25.0750 2896 HTTPFilter - ok
16:10:25.0750 2896 i2omgmt - ok
16:10:25.0750 2896 i2omp - ok
16:10:25.0765 2896 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:10:25.0765 2896 i8042prt - ok
16:10:25.0828 2896 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:10:25.0828 2896 IDriverT - ok
16:10:25.0890 2896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:10:25.0953 2896 idsvc - ok
16:10:25.0984 2896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
16:10:26.0000 2896 Imapi - ok
16:10:26.0015 2896 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\System32\imapi.exe
16:10:26.0015 2896 ImapiService - ok
16:10:26.0031 2896 ini910u - ok
16:10:26.0281 2896 IntcAzAudAddService (3f7643f4658eaee9428aadfb0d002212) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:10:26.0312 2896 IntcAzAudAddService - ok
16:10:26.0390 2896 IntelIde - ok
16:10:26.0421 2896 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:10:26.0421 2896 ip6fw - ok
16:10:26.0453 2896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:10:26.0453 2896 IpFilterDriver - ok
16:10:26.0484 2896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:10:26.0484 2896 IpInIp - ok
16:10:26.0500 2896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:10:26.0515 2896 IpNat - ok
16:10:26.0515 2896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:10:26.0515 2896 IPSec - ok
16:10:26.0531 2896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:10:26.0531 2896 IRENUM - ok
16:10:26.0546 2896 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:10:26.0546 2896 isapnp - ok
16:10:26.0609 2896 ISWKL (d068bf274c6fc880e43d7b4a7740c451) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:10:26.0625 2896 ISWKL - ok
16:10:26.0640 2896 IswSvc (02ddbb7a11f5ecc1da782790e3f57cef) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:10:26.0640 2896 IswSvc - ok
16:10:26.0640 2896 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:10:26.0656 2896 Kbdclass - ok
16:10:26.0656 2896 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:10:26.0656 2896 kbdhid - ok
16:10:26.0671 2896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:10:26.0671 2896 kmixer - ok
16:10:26.0703 2896 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
16:10:26.0703 2896 KSecDD - ok
16:10:26.0734 2896 L1c (cda416a81cedca675cc3316a0617a213) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
16:10:26.0734 2896 L1c - ok
16:10:26.0750 2896 lanmanserver (21920ac69594ab021237054fa728fe46) C:\WINDOWS\System32\srvsvc.dll
16:10:26.0765 2896 lanmanserver - ok
16:10:26.0781 2896 lanmanworkstation (5190783f51a2d7a8495202c664d7c963) C:\WINDOWS\System32\wkssvc.dll
16:10:26.0781 2896 lanmanworkstation - ok
16:10:26.0781 2896 lbrtfdc - ok
16:10:26.0812 2896 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
16:10:26.0812 2896 LmHosts - ok
16:10:26.0828 2896 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
16:10:26.0843 2896 MBAMProtector - ok
16:10:26.0890 2896 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:10:26.0890 2896 MBAMService - ok
16:10:26.0921 2896 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
16:10:26.0921 2896 Messenger - ok
16:10:26.0937 2896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:10:26.0937 2896 mnmdd - ok
16:10:27.0000 2896 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
16:10:27.0000 2896 mnmsrvc - ok
16:10:27.0015 2896 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
16:10:27.0015 2896 Modem - ok
16:10:27.0078 2896 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
16:10:27.0140 2896 Monfilt - ok
16:10:27.0171 2896 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:10:27.0171 2896 Mouclass - ok
16:10:27.0203 2896 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:10:27.0203 2896 mouhid - ok
16:10:27.0203 2896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:10:27.0218 2896 MountMgr - ok
16:10:27.0281 2896 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:10:27.0281 2896 MozillaMaintenance - ok
16:10:27.0281 2896 mraid35x - ok
16:10:27.0296 2896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:10:27.0312 2896 MRxDAV - ok
16:10:27.0343 2896 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:10:27.0390 2896 MRxSmb - ok
16:10:27.0406 2896 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
16:10:27.0421 2896 MSDTC - ok
16:10:27.0437 2896 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:10:27.0453 2896 MSDV - ok
16:10:27.0453 2896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:10:27.0453 2896 Msfs - ok
16:10:27.0453 2896 MSIServer - ok
16:10:27.0500 2896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:10:27.0500 2896 MSKSSRV - ok
16:10:27.0500 2896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:10:27.0515 2896 MSPCLOCK - ok
16:10:27.0515 2896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:10:27.0515 2896 MSPQM - ok
16:10:27.0531 2896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:10:27.0531 2896 mssmbios - ok
16:10:27.0546 2896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:10:27.0546 2896 MSTEE - ok
16:10:27.0562 2896 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:10:27.0562 2896 Mup - ok
16:10:27.0578 2896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:10:27.0593 2896 NABTSFEC - ok
16:10:27.0640 2896 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
16:10:27.0656 2896 napagent - ok
16:10:27.0750 2896 NBService (87a00faedd703d8d2bdcb29ce5eeea6b) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:10:27.0796 2896 NBService - ok
16:10:27.0812 2896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:10:27.0812 2896 NDIS - ok
16:10:27.0828 2896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:10:27.0828 2896 NdisIP - ok
16:10:27.0859 2896 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:10:27.0859 2896 NdisTapi - ok
16:10:27.0875 2896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:10:27.0875 2896 Ndisuio - ok
16:10:27.0890 2896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:10:27.0890 2896 NdisWan - ok
16:10:27.0890 2896 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:10:27.0906 2896 NDProxy - ok
16:10:27.0906 2896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:10:27.0921 2896 NetBIOS - ok
16:10:27.0937 2896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:10:27.0937 2896 NetBT - ok
16:10:27.0984 2896 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
16:10:28.0000 2896 NetDDE - ok
16:10:28.0000 2896 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
16:10:28.0000 2896 NetDDEdsdm - ok
16:10:28.0031 2896 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
16:10:28.0031 2896 Netlogon - ok
16:10:28.0109 2896 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
16:10:28.0125 2896 Netman - ok
16:10:28.0203 2896 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:10:28.0203 2896 NetTcpPortSharing - ok
16:10:28.0218 2896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:10:28.0234 2896 NIC1394 - ok
16:10:28.0265 2896 Nla (aac97dab5f8a0573cf10e0eac42a7724) C:\WINDOWS\System32\mswsock.dll
16:10:28.0265 2896 Nla - ok
16:10:28.0281 2896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:10:28.0296 2896 Npfs - ok
16:10:28.0312 2896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:10:28.0343 2896 Ntfs - ok
16:10:28.0343 2896 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
16:10:28.0343 2896 NtLmSsp - ok
16:10:28.0406 2896 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
16:10:28.0421 2896 NtmsSvc - ok
16:10:28.0437 2896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:10:28.0437 2896 Null - ok
16:10:28.0453 2896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:10:28.0453 2896 NwlnkFlt - ok
16:10:28.0468 2896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:10:28.0468 2896 NwlnkFwd - ok
16:10:28.0484 2896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:10:28.0484 2896 ohci1394 - ok
16:10:28.0546 2896 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:10:28.0546 2896 ose - ok
16:10:28.0765 2896 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:10:28.0921 2896 osppsvc - ok
16:10:29.0015 2896 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
16:10:29.0015 2896 Parport - ok
16:10:29.0031 2896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:10:29.0031 2896 PartMgr - ok
16:10:29.0046 2896 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:10:29.0046 2896 ParVdm - ok
16:10:29.0062 2896 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
16:10:29.0062 2896 PCI - ok
16:10:29.0062 2896 PCIDump - ok
16:10:29.0093 2896 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:10:29.0093 2896 PCIIde - ok
16:10:29.0125 2896 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:10:29.0125 2896 Pcmcia - ok
16:10:29.0125 2896 PDCOMP - ok
16:10:29.0125 2896 PDFRAME - ok
16:10:29.0140 2896 PDRELI - ok
16:10:29.0140 2896 PDRFRAME - ok
16:10:29.0140 2896 perc2 - ok
16:10:29.0140 2896 perc2hib - ok
16:10:29.0171 2896 PlugPlay (f0d2ae69035092bf22dad6b50fab85c2) C:\WINDOWS\system32\services.exe
16:10:29.0171 2896 PlugPlay - ok
16:10:29.0187 2896 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
16:10:29.0187 2896 PolicyAgent - ok
16:10:29.0203 2896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:10:29.0203 2896 PptpMiniport - ok
16:10:29.0218 2896 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
16:10:29.0218 2896 Processor - ok
16:10:29.0218 2896 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
16:10:29.0218 2896 ProtectedStorage - ok
16:10:29.0234 2896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:10:29.0234 2896 PSched - ok
16:10:29.0250 2896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:10:29.0250 2896 Ptilink - ok
16:10:29.0250 2896 ql1080 - ok
16:10:29.0250 2896 Ql10wnt - ok
16:10:29.0265 2896 ql12160 - ok
16:10:29.0265 2896 ql1240 - ok
16:10:29.0265 2896 ql1280 - ok
16:10:29.0281 2896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:10:29.0281 2896 RasAcd - ok
16:10:29.0312 2896 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
16:10:29.0312 2896 RasAuto - ok
16:10:29.0328 2896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:10:29.0328 2896 Rasl2tp - ok
16:10:29.0359 2896 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
16:10:29.0359 2896 RasMan - ok
16:10:29.0375 2896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:10:29.0375 2896 RasPppoe - ok
16:10:29.0375 2896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:10:29.0375 2896 Raspti - ok
16:10:29.0406 2896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:10:29.0406 2896 Rdbss - ok
16:10:29.0421 2896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:10:29.0421 2896 RDPCDD - ok
16:10:29.0453 2896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:10:29.0453 2896 rdpdr - ok
16:10:29.0484 2896 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:10:29.0500 2896 RDPWD - ok
16:10:29.0515 2896 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
16:10:29.0515 2896 RDSessMgr - ok
16:10:29.0531 2896 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:10:29.0531 2896 redbook - ok
16:10:29.0562 2896 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
16:10:29.0562 2896 RemoteAccess - ok
16:10:29.0578 2896 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
16:10:29.0593 2896 RemoteRegistry - ok
16:10:29.0609 2896 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\System32\locator.exe
16:10:29.0609 2896 RpcLocator - ok
16:10:29.0625 2896 RpcSs (c868f3ae15cf71a93f2aa3a32856d839) C:\WINDOWS\system32\rpcss.dll
16:10:29.0625 2896 RpcSs - ok
16:10:29.0640 2896 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
16:10:29.0656 2896 RSVP - ok
16:10:29.0671 2896 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
16:10:29.0671 2896 SamSs - ok
16:10:29.0687 2896 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
16:10:29.0687 2896 SCardSvr - ok
16:10:29.0703 2896 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
16:10:29.0718 2896 Schedule - ok
16:10:29.0750 2896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:10:29.0750 2896 Secdrv - ok
16:10:29.0750 2896 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
16:10:29.0765 2896 seclogon - ok
16:10:29.0765 2896 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
16:10:29.0765 2896 SENS - ok
16:10:29.0781 2896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:10:29.0796 2896 serenum - ok
16:10:29.0796 2896 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
16:10:29.0796 2896 Serial - ok
16:10:29.0828 2896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:10:29.0828 2896 Sfloppy - ok
16:10:29.0859 2896 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
16:10:29.0859 2896 SharedAccess - ok
16:10:29.0890 2896 ShellHWDetection (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
16:10:29.0890 2896 ShellHWDetection - ok
16:10:29.0890 2896 Simbad - ok
16:10:29.0906 2896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:10:29.0906 2896 SLIP - ok
16:10:29.0906 2896 Sparrow - ok
16:10:29.0921 2896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:10:29.0937 2896 splitter - ok
16:10:29.0937 2896 Spooler (cb1090bca0e7b40d0b5b4e4d66531809) C:\WINDOWS\system32\spoolsv.exe
16:10:29.0937 2896 Spooler - ok
16:10:29.0953 2896 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
16:10:29.0953 2896 sr - ok
16:10:30.0000 2896 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\System32\srsvc.dll
16:10:30.0015 2896 srservice - ok
16:10:30.0031 2896 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
16:10:30.0046 2896 Srv - ok
16:10:30.0062 2896 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
16:10:30.0062 2896 SSDPSRV - ok
16:10:30.0078 2896 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:10:30.0078 2896 ssmdrv - ok
16:10:30.0109 2896 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
16:10:30.0109 2896 stisvc - ok
16:10:30.0140 2896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:10:30.0140 2896 streamip - ok
16:10:30.0156 2896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:10:30.0156 2896 swenum - ok
16:10:30.0156 2896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:10:30.0171 2896 swmidi - ok
16:10:30.0171 2896 SwPrv - ok
16:10:30.0171 2896 symc810 - ok
16:10:30.0171 2896 symc8xx - ok
16:10:30.0187 2896 sym_hi - ok
16:10:30.0187 2896 sym_u3 - ok
16:10:30.0187 2896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:10:30.0203 2896 sysaudio - ok
16:10:30.0218 2896 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
16:10:30.0218 2896 SysmonLog - ok
16:10:30.0234 2896 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
16:10:30.0250 2896 TapiSrv - ok
16:10:30.0265 2896 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:10:30.0281 2896 Tcpip - ok
16:10:30.0296 2896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:10:30.0296 2896 TDPIPE - ok
16:10:30.0312 2896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:10:30.0312 2896 TDTCP - ok
16:10:30.0328 2896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:10:30.0328 2896 TermDD - ok
16:10:30.0343 2896 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
16:10:30.0359 2896 TermService - ok
16:10:30.0375 2896 Themes (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
16:10:30.0375 2896 Themes - ok
16:10:30.0406 2896 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:10:30.0406 2896 tifsfilter - ok
16:10:30.0421 2896 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
16:10:30.0437 2896 timounter - ok
16:10:30.0468 2896 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\System32\tlntsvr.exe
16:10:30.0468 2896 TlntSvr - ok
16:10:30.0468 2896 TosIde - ok
16:10:30.0500 2896 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
16:10:30.0500 2896 TrkWks - ok
16:10:30.0531 2896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:10:30.0531 2896 Udfs - ok
16:10:30.0531 2896 ultra - ok
16:10:30.0578 2896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:10:30.0593 2896 Update - ok
16:10:30.0625 2896 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
16:10:30.0640 2896 upnphost - ok
16:10:30.0656 2896 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
16:10:30.0671 2896 UPS - ok
16:10:30.0687 2896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:10:30.0687 2896 usbccgp - ok
16:10:30.0703 2896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:10:30.0703 2896 usbehci - ok
16:10:30.0718 2896 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\WINDOWS\system32\DRIVERS\usbfilter.sys
16:10:30.0734 2896 usbfilter - ok
16:10:30.0750 2896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:10:30.0750 2896 usbhub - ok
16:10:30.0781 2896 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:10:30.0781 2896 usbohci - ok
16:10:30.0781 2896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:10:30.0781 2896 usbprint - ok
16:10:30.0796 2896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:10:30.0796 2896 USBSTOR - ok
16:10:30.0828 2896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:10:30.0828 2896 usbuhci - ok
16:10:30.0843 2896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:10:30.0843 2896 VgaSave - ok
16:10:30.0843 2896 ViaIde - ok
16:10:30.0875 2896 vidsflt53 (e31e9cd40677b84b3adaa7a0d80dc439) C:\WINDOWS\system32\DRIVERS\vsflt53.sys
16:10:30.0890 2896 vidsflt53 - ok
16:10:30.0890 2896 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
16:10:30.0890 2896 VolSnap - ok
16:10:30.0937 2896 Vsdatant (265c7cb9611e8ce0e9115cda45f109b2) C:\WINDOWS\system32\vsdatant.sys
16:10:30.0953 2896 Vsdatant - ok
16:10:31.0000 2896 vsmon - ok
16:10:31.0062 2896 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
16:10:31.0078 2896 VSS - ok
16:10:31.0093 2896 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\System32\w32time.dll
16:10:31.0093 2896 W32Time - ok
16:10:31.0125 2896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:10:31.0125 2896 Wanarp - ok
16:10:31.0171 2896 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:10:31.0187 2896 Wdf01000 - ok
16:10:31.0187 2896 WDICA - ok
16:10:31.0203 2896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:10:31.0203 2896 wdmaud - ok
16:10:31.0218 2896 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
16:10:31.0218 2896 WebClient - ok
16:10:31.0281 2896 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:10:31.0281 2896 winmgmt - ok
16:10:31.0328 2896 WmdmPmSN (6199b2ae3f9db9cb6db230471a1dc601) C:\WINDOWS\system32\mspmsnsv.dll
16:10:31.0328 2896 WmdmPmSN - ok
16:10:31.0375 2896 Wmi (6538d6bde04b56737fe743c24d4ce83d) C:\WINDOWS\System32\advapi32.dll
16:10:31.0375 2896 Wmi - ok
16:10:31.0390 2896 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:10:31.0406 2896 WmiAcpi - ok
16:10:31.0437 2896 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:10:31.0437 2896 WmiApSrv - ok
16:10:31.0468 2896 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
16:10:31.0468 2896 wscsvc - ok
16:10:31.0484 2896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:10:31.0484 2896 WSTCODEC - ok
16:10:31.0515 2896 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
16:10:31.0515 2896 wuauserv - ok
16:10:31.0546 2896 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
16:10:31.0562 2896 WZCSVC - ok
16:10:31.0593 2896 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
16:10:31.0640 2896 xmlprov - ok
16:10:31.0656 2896 zgwhsmdm (cd986c20e6475a8fa81601da8ebadaac) C:\WINDOWS\system32\DRIVERS\zgwhsmdm.sys
16:10:31.0656 2896 zgwhsmdm - ok
16:10:31.0687 2896 MBR (0x1B8) (41ef8618353d073cc2ca9050b025e436) \Device\Harddisk0\DR0
16:10:31.0937 2896 \Device\Harddisk0\DR0 - ok
16:10:31.0953 2896 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
16:10:31.0953 2896 \Device\Harddisk1\DR1 - ok
16:10:31.0953 2896 Boot (0x1200) (1b6d36b4dc36fb518ada9e244d895ba5) \Device\Harddisk0\DR0\Partition0
16:10:31.0953 2896 \Device\Harddisk0\DR0\Partition0 - ok
16:10:31.0968 2896 Boot (0x1200) (3a359f6732ff0e53214614e4d90e63a9) \Device\Harddisk0\DR0\Partition1
16:10:31.0984 2896 \Device\Harddisk0\DR0\Partition1 - ok
16:10:31.0984 2896 Boot (0x1200) (b42b96553e262db6fe086658088f2fe4) \Device\Harddisk1\DR1\Partition0
16:10:31.0984 2896 \Device\Harddisk1\DR1\Partition0 - ok
16:10:32.0000 2896 ============================================================
16:10:32.0000 2896 Scan finished
16:10:32.0000 2896 ============================================================
16:10:32.0000 4064 Detected object count: 0
16:10:32.0000 4064 Actual detected object count: 0

Ještě udělám ten CF

LaB · Příspěvekod **LaB** » 08 čer 2012 16:33

ComboFix 12-06-08.01 - Bisovi 08.06.2012 16:21:56.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2813.2162 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bisovi\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-08 do 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-06 18:00 . 2012-06-06 17:22 388608 ----a-w- c:\program files\HijackThis.exe
2012-06-06 17:11 . 2012-06-06 17:11 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\602XML
2012-06-06 17:11 . 2012-06-06 17:11 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\602Installer
2012-06-06 17:11 . 2012-06-06 17:18 -------- d-----w- c:\program files\Common Files\soft602
2012-06-06 17:11 . 2012-06-06 17:11 -------- d-----w- c:\program files\Software602
2012-06-05 15:14 . 2012-06-05 15:14 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\AskToolbar
2012-06-04 17:51 . 2012-06-04 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2012-06-04 16:39 . 2010-04-30 13:28 911800 ----a-w- c:\windows\system32\drivers\etc\amtlib.dll
2012-06-04 14:28 . 2012-06-04 15:02 -------- d-----w- c:\program files\YourFileDownloader
2012-06-04 14:28 . 2012-06-04 14:30 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\YourFileDownloader
2012-06-03 09:04 . 2012-06-03 09:04 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\CRE
2012-06-03 09:04 . 2012-06-03 09:04 -------- d-----w- c:\program files\Conduit
2012-06-03 09:04 . 2012-06-06 17:20 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Conduit
2012-06-03 09:04 . 2012-06-03 09:04 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Temp
2012-06-03 08:49 . 2012-06-03 08:49 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-06-02 06:55 . 2012-06-05 16:10 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\AskToolbar
2012-06-02 06:52 . 2012-06-02 06:52 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Avira
2012-06-02 06:46 . 2012-06-06 17:25 -------- d-----w- c:\program files\Ask.com
2012-06-02 06:46 . 2012-06-02 06:47 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\AskToolbar
2012-06-02 06:46 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-02 06:46 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-02 06:46 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-02 06:46 . 2012-06-02 06:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-06-02 06:46 . 2012-06-02 06:46 -------- d-----w- c:\program files\Avira
2012-05-30 17:14 . 2012-05-30 17:14 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-05-30 17:13 . 2012-05-30 17:13 -------- d-----w- c:\program files\Microsoft.NET
2012-05-30 17:13 . 2012-05-30 17:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-05-30 17:13 . 2012-05-30 17:13 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-05-30 17:08 . 2012-05-30 17:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-05-30 16:54 . 2008-04-14 06:53 299520 -c----w- c:\windows\system32\dllcache\drmclien.dll
2012-05-30 16:52 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-05-30 16:52 . 2006-12-28 22:31 19569 ----a-w- c:\windows\005537_.tmp
2012-05-25 17:42 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-25 17:42 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-05-24 17:32 . 2001-08-17 19:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-05-24 17:32 . 2001-08-17 19:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2012-05-24 17:32 . 2001-10-24 09:43 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-05-24 17:32 . 2001-10-24 09:43 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2012-05-24 17:32 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\dot4.sys
2012-05-20 17:47 . 2012-05-20 17:47 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\OpenCandy
2012-05-18 11:25 . 2012-05-18 11:25 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-05-18 09:36 . 2012-06-05 16:47 -------- d-----w- c:\windows\system32\NtmsData
2012-05-16 16:26 . 2008-04-13 22:15 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-14 16:30 . 2010-01-05 01:31 1714176 ----a-r- c:\windows\system32\drivers\athuw.sys
2012-05-14 16:30 . 2012-05-14 16:30 -------- d-----w- c:\windows\Options
2012-05-14 16:30 . 2010-01-05 01:31 1714176 ----a-r- c:\windows\system32\athuw.sys
2012-05-14 16:29 . 2012-05-14 16:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TP-LINK
2012-05-13 09:36 . 2012-05-13 09:36 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Publish Providers
2012-05-13 09:36 . 2012-05-18 08:46 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-05-13 09:36 . 2012-05-13 09:36 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Sony
2012-05-13 09:36 . 2012-05-13 09:36 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Sony
2012-05-13 09:31 . 2012-05-13 09:31 -------- d-----w- c:\program files\Vstplugins
2012-05-13 09:31 . 2012-05-13 09:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-05-13 09:29 . 2012-05-17 16:35 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Ahead
2012-05-13 09:14 . 2012-05-13 09:31 -------- d-----w- c:\program files\Sony
2012-05-13 09:11 . 2012-05-13 09:11 -------- d-----w- c:\program files\Sony Setup
2012-05-13 09:07 . 2012-05-13 09:07 -------- d-----w- c:\program files\Terminal Reality
2012-05-13 09:01 . 2012-05-18 11:27 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Ahead
2012-05-13 09:00 . 2012-05-13 09:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2012-05-13 09:00 . 2012-05-13 09:01 -------- d-----w- c:\program files\Common Files\Ahead
2012-05-13 09:00 . 2012-05-13 09:00 -------- d-----w- c:\program files\Nero
2012-05-12 17:44 . 2012-05-12 17:44 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\WMTools Downloaded Files
2012-05-12 17:29 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-05-12 17:29 . 2008-04-13 22:16 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2012-05-12 17:29 . 2008-04-13 22:16 48128 ----a-w- c:\windows\system32\drivers\61883.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 17:26 . 2012-04-02 15:32 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-04-14 17:26 . 2012-04-02 16:54 17488 ----a-w- c:\windows\gdrv.sys
2012-04-14 14:59 . 2012-04-02 16:54 17488 ----a-w- c:\windows\etdrv.sys
2012-04-11 15:35 . 2012-04-11 15:35 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-11 15:35 . 2012-04-10 13:56 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-04-11 15:35 . 2012-04-11 15:35 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-11 15:35 . 2012-04-10 13:56 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-04-11 13:33 . 2012-04-10 15:39 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-04-11 13:33 . 2012-04-11 13:33 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-04-10 16:41 . 2012-04-10 15:39 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-04-08 17:32 . 2012-04-02 17:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 17:32 . 2012-04-02 17:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 13:56 . 2012-04-03 16:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 19:20 . 2012-04-02 19:20 65536 ----a-r- c:\documents and settings\Bisovi\Data aplikací\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-28 09:07 . 2012-04-02 17:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-19 73360]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-06-07 17:54 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 15:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8140:TCP"= 8140:TCP:kzxwzctn
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [10.4.2012 17:39 76768]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [11.4.2012 15:33 83392]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2.4.2012 17:29 18544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2.6.2012 8:46 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.6.2012 8:46 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2.6.2012 8:46 465360]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [25.4.2012 19:33 24328]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [16.3.2012 18:06 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [16.3.2012 18:07 497280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.4.2012 18:32 654408]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2.4.2012 17:39 75504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.4.2012 18:32 22344]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.4.2012 18:18 30392]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.4.2012 18:44 1691480]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [11.4.2012 18:23 25728]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [14.5.2012 18:30 1714176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10.4.2012 16:04 8704]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2.4.2012 18:54 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10.4.2012 16:04 3072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28.4.2012 11:07 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [11.4.2012 18:23 106752]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 19:55 253600]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 31383218
*Deregistered* - 31383218
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yyivvkmo
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:32]
.
2012-06-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-04-18 09:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{D25446CA-C0F1-4978-AAFA-8BE11186FF5B}: NameServer = 89.111.106.2,89.111.107.249
FF - ProfilePath - c:\documents and settings\Bisovi\Data aplikací\Mozilla\Firefox\Profiles\okm78hap.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Sour ... 9d5f8cf&q=
FF - user.js: extensions.zonealarm.id - e84947ba00000000000050e549d5f8cf
FF - user.js: extensions.zonealarm.instlDay - 15433
FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.318:10
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1600
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112440021084549-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-10 - (no file)
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ISW - (no file)
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-08 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yyivvkmo]
"ServiceDll"="c:\windows\system32\zizoka.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Celkový čas: 2012-06-08 16:25:34
ComboFix-quarantined-files.txt 2012-06-08 14:25
.
Před spuštěním: Volných bajtů: 47 174 283 264
Po spuštění: Volných bajtů: 47 162 138 624
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D2A29250758FA221EBB12DF661CEAEE8

Příspěvekod **memphisto** » 08 čer 2012 19:34

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\documents and settings\Bisovi\Data aplikací\AskToolbar
c:\program files\Conduit
c:\documents and settings\Bisovi\Local Settings\Data aplikací\Conduit
c:\documents and settings\Bisovi\Local Settings\Data aplikací\AskToolbar
c:\program files\Ask.com
c:\documents and settings\Default User\Local Settings\Data aplikací\AskToolbar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8140:TCP"=-

NetSvcs:
yyivvkmo

File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\005537_.tmp

Firefox::
FF - ProfilePath - c:\documents and settings\Bisovi\Data aplikací\Mozilla\Firefox\Profiles\okm78hap.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Sour ... 9d5f8cf&q=
FF - user.js: extensions.zonealarm.id - e84947ba00000000000050e549d5f8cf
FF - user.js: extensions.zonealarm.instlDay - 15433
FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.318:10
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1600
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112440021084549-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

LaB · Příspěvekod **LaB** » 09 čer 2012 08:10

ComboFix 12-06-08.02 - Bisovi 09.06.2012 8:01.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2813.2181 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bisovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bisovi\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\005537_.tmp"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\AviraBrowserSecurity.exe
c:\program files\Ask.com\cb_26.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_25.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\windows\005537_.tmp
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-09 do 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-06 18:00 . 2012-06-06 17:22 388608 ----a-w- c:\program files\HijackThis.exe
2012-06-06 17:11 . 2012-06-06 17:11 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\602XML
2012-06-06 17:11 . 2012-06-06 17:11 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\602Installer
2012-06-06 17:11 . 2012-06-06 17:18 -------- d-----w- c:\program files\Common Files\soft602
2012-06-06 17:11 . 2012-06-06 17:11 -------- d-----w- c:\program files\Software602
2012-06-05 15:14 . 2012-06-05 15:14 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\AskToolbar
2012-06-04 17:51 . 2012-06-04 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2012-06-04 16:39 . 2010-04-30 13:28 911800 ----a-w- c:\windows\system32\drivers\etc\amtlib.dll
2012-06-04 14:28 . 2012-06-04 15:02 -------- d-----w- c:\program files\YourFileDownloader
2012-06-04 14:28 . 2012-06-04 14:30 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\YourFileDownloader
2012-06-03 09:04 . 2012-06-03 09:04 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\CRE
2012-06-03 09:04 . 2012-06-06 17:20 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Conduit
2012-06-03 09:04 . 2012-06-03 09:04 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Temp
2012-06-03 08:49 . 2012-06-03 08:49 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-06-02 06:55 . 2012-06-05 16:10 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\AskToolbar
2012-06-02 06:52 . 2012-06-02 06:52 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Avira
2012-06-02 06:46 . 2012-06-02 06:47 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\AskToolbar
2012-06-02 06:46 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-02 06:46 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-02 06:46 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-02 06:46 . 2012-06-02 06:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-06-02 06:46 . 2012-06-02 06:46 -------- d-----w- c:\program files\Avira
2012-05-30 17:14 . 2012-05-30 17:14 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-05-30 17:13 . 2012-05-30 17:13 -------- d-----w- c:\program files\Microsoft.NET
2012-05-30 17:13 . 2012-05-30 17:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-05-30 17:13 . 2012-05-30 17:13 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-05-30 17:08 . 2012-05-30 17:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-05-30 16:54 . 2008-04-14 06:53 299520 -c----w- c:\windows\system32\dllcache\drmclien.dll
2012-05-30 16:52 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-05-25 17:42 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-25 17:42 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-05-24 17:32 . 2001-08-17 19:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-05-24 17:32 . 2001-08-17 19:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2012-05-24 17:32 . 2001-10-24 09:43 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-05-24 17:32 . 2001-10-24 09:43 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2012-05-24 17:32 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\dot4.sys
2012-05-20 17:47 . 2012-05-20 17:47 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\OpenCandy
2012-05-18 11:25 . 2012-05-18 11:25 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-05-18 09:36 . 2012-06-08 14:36 -------- d-----w- c:\windows\system32\NtmsData
2012-05-16 16:26 . 2008-04-13 22:15 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-14 16:30 . 2010-01-05 01:31 1714176 ----a-r- c:\windows\system32\drivers\athuw.sys
2012-05-14 16:30 . 2012-05-14 16:30 -------- d-----w- c:\windows\Options
2012-05-14 16:30 . 2010-01-05 01:31 1714176 ----a-r- c:\windows\system32\athuw.sys
2012-05-14 16:29 . 2012-05-14 16:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TP-LINK
2012-05-13 09:36 . 2012-05-13 09:36 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Publish Providers
2012-05-13 09:36 . 2012-05-18 08:46 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-05-13 09:36 . 2012-05-13 09:36 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Sony
2012-05-13 09:36 . 2012-05-13 09:36 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Sony
2012-05-13 09:31 . 2012-05-13 09:31 -------- d-----w- c:\program files\Vstplugins
2012-05-13 09:31 . 2012-05-13 09:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-05-13 09:29 . 2012-05-17 16:35 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\Ahead
2012-05-13 09:14 . 2012-05-13 09:31 -------- d-----w- c:\program files\Sony
2012-05-13 09:11 . 2012-05-13 09:11 -------- d-----w- c:\program files\Sony Setup
2012-05-13 09:07 . 2012-05-13 09:07 -------- d-----w- c:\program files\Terminal Reality
2012-05-13 09:01 . 2012-05-18 11:27 -------- d-----w- c:\documents and settings\Bisovi\Data aplikací\Ahead
2012-05-13 09:00 . 2012-05-13 09:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2012-05-13 09:00 . 2012-05-13 09:01 -------- d-----w- c:\program files\Common Files\Ahead
2012-05-13 09:00 . 2012-05-13 09:00 -------- d-----w- c:\program files\Nero
2012-05-12 17:44 . 2012-05-12 17:44 -------- d-----w- c:\documents and settings\Bisovi\Local Settings\Data aplikací\WMTools Downloaded Files
2012-05-12 17:29 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-05-12 17:29 . 2008-04-13 22:16 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2012-05-12 17:29 . 2008-04-13 22:16 48128 ----a-w- c:\windows\system32\drivers\61883.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 17:26 . 2012-04-02 15:32 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-04-14 17:26 . 2012-04-02 16:54 17488 ----a-w- c:\windows\gdrv.sys
2012-04-14 14:59 . 2012-04-02 16:54 17488 ----a-w- c:\windows\etdrv.sys
2012-04-11 15:35 . 2012-04-11 15:35 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-11 15:35 . 2012-04-10 13:56 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-04-11 15:35 . 2012-04-11 15:35 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-11 15:35 . 2012-04-10 13:56 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-04-11 13:33 . 2012-04-10 15:39 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-04-11 13:33 . 2012-04-11 13:33 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-04-10 16:41 . 2012-04-10 15:39 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-04-08 17:32 . 2012-04-02 17:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 17:32 . 2012-04-02 17:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 13:56 . 2012-04-03 16:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 19:20 . 2012-04-02 19:20 65536 ----a-r- c:\documents and settings\Bisovi\Data aplikací\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-28 09:07 . 2012-04-02 17:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-19 73360]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-03-16 738944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-06-07 17:54 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 15:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [10.4.2012 17:39 76768]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [11.4.2012 15:33 83392]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2.4.2012 17:29 18544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2.6.2012 8:46 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.6.2012 8:46 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2.6.2012 8:46 465360]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [25.4.2012 19:33 24328]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [16.3.2012 18:06 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [16.3.2012 18:07 497280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.4.2012 18:32 654408]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [14.5.2012 18:30 1714176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.4.2012 18:32 22344]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.4.2012 18:18 30392]
S2 yyivvkmo;Helper Image;c:\windows\system32\svchost.exe -k netsvcs [25.10.2001 14:00 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.4.2012 18:44 1691480]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [11.4.2012 18:23 25728]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10.4.2012 16:04 8704]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2.4.2012 18:54 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10.4.2012 16:04 3072]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2.4.2012 17:39 75504]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28.4.2012 11:07 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [11.4.2012 18:23 106752]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 19:55 253600]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yyivvkmo
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 109.108.107.106 109.108.109.108
TCP: Interfaces\{D25446CA-C0F1-4978-AAFA-8BE11186FF5B}: NameServer = 89.111.106.2,89.111.107.249
FF - ProfilePath - c:\documents and settings\Bisovi\Data aplikací\Mozilla\Firefox\Profiles\okm78hap.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-09 08:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yyivvkmo]
"ServiceDll"="c:\windows\system32\zizoka.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1356)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-06-09 08:08:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-09 06:08
.
Před spuštěním: Volných bajtů: 46 755 553 280
Po spuštění: Volných bajtů: 46 708 973 568
.
- - End Of File - - 621ABF4BCA6BBC6A4831E7964441FA18

Příspěvekod **memphisto** » 09 čer 2012 08:36

Toto otestuj na Virustotal
c:\windows\system32\zizoka.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online