Prosím o kontrolu logu - problém

ovo · Příspěvekod **ovo** » 28 črc 2012 13:16

Dobrý deň,prosím o kontrolu logu,zničoho nič mi antivírus ohlásil trojana,a následne sa mi nainštaloval neznámy program "Live security platinum" ktorý nejde odinštalovať a zblbol mi celý PC

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:59, on 28. 7. 2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HitmanPro 3.6 Crusader (HitmanPro36Crusader) - SurfRight B.V. - C:\Program Files\HitmanPro\HitmanPro.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\32788R22FWJFW\pev.3XE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7307 bytes

Reklama

Příspěvekod **memphisto** » 28 črc 2012 14:48

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

ovo · Příspěvekod **ovo** » 28 črc 2012 14:56

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verzia databázy: v2012.07.28.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Milan Č. :: MILAN-13270BF98 [administrátor]

28. 7. 2012 14:54:48
mbam-log-2012-07-28 (14-55-32).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 353609
Uplynutý čas: 34 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

Příspěvekod **memphisto** » 28 črc 2012 15:00

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

ovo · Příspěvekod **ovo** » 28 črc 2012 15:59

Malwarebytes Anti-Malware 1.62.0.1300
http://www.malwarebytes.org

Verzia databázy: v2012.07.28.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Milan Č :: MILAN-13270BF98 [administrátor]

28. 7. 2012 15:11:48
mbam-log-2012-07-28 (15-11-48).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 353608
Uplynutý čas: 19 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Pridanie do karantény a zmazanie úspešné.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

Combofix

ComboFix 12-07-27.03 - Milan Č . 07. 2012 15:39:15.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.447 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan Č \Plocha\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Kerio WinRoute Firewall *Enabled* {916dafda-8250-4a1d-9095-000da68ac4da}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\a\05052011068.jpg
c:\a\11tmngy.jpg
c:\a\16122010(013).jpg
c:\a\25k35u0.jpg
c:\a\33jh8ao.jpg
c:\a\Thumbs.db
c:\documents and settings\All Users\Data aplikací\036E1913B2567F95DD897EC4E56C3425\036E1913B2567F95DD897EC4E56C3425.exe
c:\windows\Installer\{ee70972c-6be7-df29-2f55-00b726c9d4af}
c:\windows\Installer\{ee70972c-6be7-df29-2f55-00b726c9d4af}\@
c:\windows\Installer\{ee70972c-6be7-df29-2f55-00b726c9d4af}\n
c:\windows\Installer\{ee70972c-6be7-df29-2f55-00b726c9d4af}\U\00000001.@
c:\windows\Installer\{ee70972c-6be7-df29-2f55-00b726c9d4af}\U\80000000.@
c:\windows\Installer\{ee70972c-6be7-df29-2f55-00b726c9d4af}\U\800000cb.@
c:\windows\iun6002.exe
c:\windows\system32\closeapp.exe
c:\windows\system32\tmp495.tmp
c:\windows\system32\tmp496.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 12:53 . 2012-07-28 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 12:53 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 11:04 . 2012-07-28 11:04 -------- d-----w- c:\program files\ESET
2012-07-28 02:14 . 2012-07-28 02:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-07-28 02:07 . 2012-07-28 02:07 -------- d-----w- c:\program files\HitmanPro
2012-07-28 02:06 . 2012-07-28 02:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-07-28 01:23 . 2012-07-28 01:23 -------- d-----w- c:\documents and settings\admin.MILAN-13270BF98.005
2012-07-28 01:21 . 2012-07-28 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 00:39 . 2012-07-28 13:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\036E1913B2567F95DD897EC4E56C3425
2012-07-23 16:52 . 2012-07-23 16:56 -------- d-----w- c:\program files\Hooligans
2012-07-02 10:41 . 2012-07-02 10:41 -------- d-----w- c:\program files\Common Files\DirectX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 21:57 . 2009-02-19 18:07 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-19 08:29 . 2012-06-08 18:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-20 77824]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [19. 2. 2009 20:34 269736]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [1. 2. 2002 22:08 68865]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27. 6. 2012 12:29 1385896]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [19. 2. 2009 20:34 65576]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19. 2. 2009 20:07 5376]
S0 52308321;52308321;c:\windows\system32\drivers\58476115.sys --> c:\windows\system32\drivers\58476115.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29. 9. 2003 9:30 110592]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [19. 4. 2012 17:33 2560]
S3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\program files\HitmanPro\HitmanPro.exe [28. 7. 2012 4:07 7750160]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [24. 6. 2008 10:36 65024]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8. 6. 2012 20:47 113120]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\documents and settings\Milan Červenák\Data aplikací\Mozilla\Firefox\Profiles\0y292mti.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-52308321.sys
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 15:51
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1078081533-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6e,ca,e3,9e,ad,55,80,09,31,bc,ac,51,1f,c1,1b,65,78,1c,3d,86,03,
4c,da,1f,c1,7f,e5,f7,49,87,8d,02,85,c4,8f,15,71,59,f7,3f,62,f2,90,51,36,a6,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(280)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-07-28 15:56:10
ComboFix-quarantined-files.txt 2012-07-28 13:56
.
Před spuštěním: 5 453 651 968
Po spuštění: 5 500 375 040
.
- - End Of File - - 17059430536A11ED5211FFD24C536B27

Příspěvekod **memphisto** » 29 črc 2012 08:32

Máš strašně málo místa na disku. Nějaké uvolni jinak budeš mít problémy...

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\ESET

Driver::
52308321
sptd

File::
c:\windows\system32\drivers\58476115.sys

Firefox::
FF - ProfilePath - c:\documents and settings\Milan Červenák\Data aplikací\Mozilla\Firefox\Profiles\0y292mti.default\
FF - prefs.js: network.proxy.type - 0

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

na www.virustotal.com zkontroluj:
c:\windows\system32\drivers\aStandard.bin

ovo · Příspěvekod **ovo** » 29 črc 2012 11:49

neviem podla čoho zistím na tom virustotal.com či je súbor závadný,ale ukázalo to Detection ratio: 0 / 41

ComboFix 12-07-27.03 - Milan Červenák . 07. 2012 11:24:38.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.521 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan Červenák\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan Červenák\Plocha\CFScript.txt
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Kerio WinRoute Firewall *Enabled* {916dafda-8250-4a1d-9095-000da68ac4da}
.
FILE ::
"c:\windows\system32\drivers\58476115.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET
c:\program files\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files\ESET\ESET Online Scanner\log.txt
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod02EB.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0332.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod03E0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod05D0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0E06.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod148B.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod240F.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod26F8.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod31F6.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod47D9.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4843.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod48C0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4A63.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5684.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6209.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6888.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6B63.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6B88.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6BFB.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7498.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em023_32.dat
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files\ESET\ESET Online Scanner\unicows.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_52308321
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-28 15:43 . 2012-07-28 15:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-28 15:42 . 2012-07-28 15:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-28 12:53 . 2012-07-28 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 12:53 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 02:14 . 2012-07-28 02:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-07-28 02:07 . 2012-07-28 02:07 -------- d-----w- c:\program files\HitmanPro
2012-07-28 02:06 . 2012-07-28 02:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-07-28 01:23 . 2012-07-28 01:23 -------- d-----w- c:\documents and settings\admin.MILAN-13270BF98.005
2012-07-28 01:21 . 2012-07-28 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 00:39 . 2012-07-28 13:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\036E1913B2567F95DD897EC4E56C3425
2012-07-23 16:52 . 2012-07-23 16:56 -------- d-----w- c:\program files\Hooligans
2012-07-02 10:41 . 2012-07-02 10:41 -------- d-----w- c:\program files\Common Files\DirectX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 21:57 . 2009-02-19 18:07 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-19 08:29 . 2012-06-08 18:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_13.51.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2012-07-26 20:07 75326 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-07-29 00:37 75326 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 87108 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-07-29 00:37 87108 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-07-29 00:37 472232 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 472232 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 467392 c:\windows\system32\perfh005.dat
+ 2001-10-25 12:00 . 2012-07-29 00:37 467392 c:\windows\system32\perfh005.dat
+ 2012-07-28 15:43 . 2012-07-28 15:43 242240 c:\windows\system32\DRVSTORE\dtsoftbus0_1A473D97776CED18AAEC993F083B876DFF5EBAC4\dtsoftbus01.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-20 77824]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28. 7. 2012 17:43 242240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [19. 2. 2009 20:34 269736]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29. 9. 2003 9:30 110592]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [1. 2. 2002 22:08 68865]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27. 6. 2012 12:29 1385896]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [19. 4. 2012 17:33 2560]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [19. 2. 2009 20:34 65576]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19. 2. 2009 20:07 5376]
S3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\program files\HitmanPro\HitmanPro.exe [28. 7. 2012 4:07 7750160]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [24. 6. 2008 10:36 65024]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8. 6. 2012 20:47 113120]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\documents and settings\Milan Červenák\Data aplikací\Mozilla\Firefox\Profiles\0y292mti.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 11:41
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1078081533-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6e,ca,e3,9e,ad,55,80,09,31,bc,ac,51,1f,c1,1b,65,78,1c,3d,86,03,
4c,da,1f,c1,7f,e5,f7,49,87,8d,02,85,c4,8f,15,71,59,f7,3f,62,f2,90,51,36,a6,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(128)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\AMD\RAIDXpert\_jvm\bin\java.exe
c:\windows\ATKKBService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-07-29 11:44:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-29 09:44
ComboFix2.txt 2012-07-28 13:56
.
Před spuštěním: Volných bajtů: 23 410 946 048
Po spuštění: Volných bajtů: 23 291 191 296
.
- - End Of File - - 12BB8DEF281B17716C2A3F851AD8293D

Příspěvekod **jaro3** » 30 črc 2012 10:17

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

RegLock::
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
 fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
 78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
 70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
 42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
 42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
 63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\atidgllk.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

ovo · Příspěvekod **ovo** » 30 črc 2012 13:11

ComboFix

ComboFix 12-07-30.01 - Milan Červenák . 07. 2012 12:46:36.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.465 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan Červenák\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan Červenák\Plocha\CFScript.txt
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Kerio WinRoute Firewall *Enabled* {916dafda-8250-4a1d-9095-000da68ac4da}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 09:43 . 2012-07-30 09:43 1409 ----a-w- c:\windows\QTFont.for
2012-07-28 15:43 . 2012-07-28 15:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-28 15:42 . 2012-07-28 15:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-28 12:53 . 2012-07-28 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 12:53 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 02:14 . 2012-07-28 02:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-07-28 02:07 . 2012-07-28 02:07 -------- d-----w- c:\program files\HitmanPro
2012-07-28 02:06 . 2012-07-28 02:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-07-28 01:23 . 2012-07-28 01:23 -------- d-----w- c:\documents and settings\admin.MILAN-13270BF98.005
2012-07-28 01:21 . 2012-07-28 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 00:39 . 2012-07-28 13:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\036E1913B2567F95DD897EC4E56C3425
2012-07-23 16:52 . 2012-07-23 16:56 -------- d-----w- c:\program files\Hooligans
2012-07-02 10:41 . 2012-07-02 10:41 -------- d-----w- c:\program files\Common Files\DirectX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 21:57 . 2009-02-19 18:07 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-19 08:29 . 2012-06-08 18:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_13.51.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-30 07:53 . 2012-07-30 07:53 16384 c:\windows\temp\Perflib_Perfdata_6c8.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 75326 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-07-30 07:57 75326 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 87108 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-07-30 07:57 87108 c:\windows\system32\perfc005.dat
+ 2009-02-21 17:16 . 2012-07-30 10:21 65536 c:\windows\OLE2VBDB.DAT
- 2009-02-21 17:16 . 2012-07-18 10:37 65536 c:\windows\OLE2VBDB.DAT
- 2001-10-25 12:00 . 2012-07-26 20:07 472232 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-07-30 07:57 472232 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-07-30 07:57 467392 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 467392 c:\windows\system32\perfh005.dat
+ 2012-07-28 15:43 . 2012-07-28 15:43 242240 c:\windows\system32\DRVSTORE\dtsoftbus0_1A473D97776CED18AAEC993F083B876DFF5EBAC4\dtsoftbus01.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-20 77824]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28. 7. 2012 17:43 242240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [19. 2. 2009 20:34 269736]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [1. 2. 2002 22:08 68865]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27. 6. 2012 12:29 1385896]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [19. 2. 2009 20:34 65576]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19. 2. 2009 20:07 5376]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29. 9. 2003 9:30 110592]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [19. 4. 2012 17:33 2560]
S3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\program files\HitmanPro\HitmanPro.exe [28. 7. 2012 4:07 7750160]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [24. 6. 2008 10:36 65024]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8. 6. 2012 20:47 113120]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\documents and settings\Milan Červenák\Data aplikací\Mozilla\Firefox\Profiles\0y292mti.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 12:57
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
c:\windows\system32\zshp1018.exe [2348] 0x87014598
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1078081533-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6e,ca,e3,9e,ad,55,80,09,31,bc,ac,51,1f,c1,1b,65,78,1c,3d,86,03,
4c,da,1f,c1,7f,e5,f7,49,87,8d,02,85,c4,8f,15,71,59,f7,3f,62,f2,90,51,36,a6,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1968)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-07-30 13:00:56
ComboFix-quarantined-files.txt 2012-07-30 11:00
ComboFix2.txt 2012-07-30 10:20

Před spuštěním: Volných bajtů: 23 563 259 904
Po spuštění: Volných bajtů: 23 540 105 216
.
- - End Of File - - B79E34D60EF9496C3E30C3F92E6BAABB

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:34, on 30. 7. 2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HitmanPro 3.6 Crusader (HitmanPro36Crusader) - SurfRight B.V. - C:\Program Files\HitmanPro\HitmanPro.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6529 bytes

a virscan ukazal toto
http://r.virscan.org/report/afa537732d3 ... 5f51e.html

Příspěvekod **jaro3** » 30 črc 2012 15:59

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
RegNull::
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
 fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
 78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
 70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
 42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
 42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
 63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

RegLock::
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
 fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
 78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
 70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
 42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
 42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
 63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\OLE2VBDB.DAT
c:\windows\OLE2VBDB.DAT

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

ovo · Příspěvekod **ovo** » 30 črc 2012 19:35

ComboFix
ComboFix 12-07-30.01 - Milan Červenák . 07. 2012 18:53:42.11.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.473 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan Červenák\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan Červenák\Plocha\CFScript.txt
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Kerio WinRoute Firewall *Enabled* {916dafda-8250-4a1d-9095-000da68ac4da}
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-30 )))))))))))))))))))))))))))))))
.
2012-07-30 09:43 . 2012-07-30 09:43 1409 ----a-w- c:\windows\QTFont.for
2012-07-28 15:43 . 2012-07-28 15:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-28 15:42 . 2012-07-28 15:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-28 12:53 . 2012-07-28 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 12:53 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 02:14 . 2012-07-28 02:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-07-28 02:07 . 2012-07-28 02:07 -------- d-----w- c:\program files\HitmanPro
2012-07-28 02:06 . 2012-07-28 02:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-07-28 01:23 . 2012-07-28 01:23 -------- d-----w- c:\documents and settings\admin.MILAN-13270BF98.005
2012-07-28 01:21 . 2012-07-28 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 00:39 . 2012-07-28 13:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\036E1913B2567F95DD897EC4E56C3425
2012-07-23 16:52 . 2012-07-23 16:56 -------- d-----w- c:\program files\Hooligans
2012-07-02 10:41 . 2012-07-02 10:41 -------- d-----w- c:\program files\Common Files\DirectX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 21:57 . 2009-02-19 18:07 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-19 08:29 . 2012-06-08 18:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_13.51.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2012-07-26 20:07 75326 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-07-30 11:27 75326 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 87108 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-07-30 11:27 87108 c:\windows\system32\perfc005.dat
- 2009-02-21 17:16 . 2012-07-18 10:37 65536 c:\windows\OLE2VBDB.DAT
+ 2009-02-21 17:16 . 2012-07-30 10:21 65536 c:\windows\OLE2VBDB.DAT
+ 2001-10-25 12:00 . 2012-07-30 11:27 472232 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 472232 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2012-07-26 20:07 467392 c:\windows\system32\perfh005.dat
+ 2001-10-25 12:00 . 2012-07-30 11:27 467392 c:\windows\system32\perfh005.dat
+ 2012-07-28 15:43 . 2012-07-28 15:43 242240 c:\windows\system32\DRVSTORE\dtsoftbus0_1A473D97776CED18AAEC993F083B876DFF5EBAC4\dtsoftbus01.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28. 7. 2012 17:43 242240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [19. 2. 2009 20:34 269736]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29. 9. 2003 9:30 110592]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [1. 2. 2002 22:08 68865]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27. 6. 2012 12:29 1385896]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [19. 4. 2012 17:33 2560]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [19. 2. 2009 20:34 65576]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19. 2. 2009 20:07 5376]
S3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\program files\HitmanPro\HitmanPro.exe [28. 7. 2012 4:07 7750160]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [24. 6. 2008 10:36 65024]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8. 6. 2012 20:47 113120]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\documents and settings\Milan Červenák\Data aplikací\Mozilla\Firefox\Profiles\0y292mti.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 19:09
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1078081533-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6e,ca,e3,9e,ad,55,80,09,31,bc,ac,51,1f,c1,1b,65,78,1c,3d,86,03,
4c,da,1f,c1,7f,e5,f7,49,87,8d,02,85,c4,8f,15,71,59,f7,3f,62,f2,90,51,36,a6,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1892)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\AMD\RAIDXpert\_jvm\bin\java.exe
c:\windows\ATKKBService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-07-30 19:12:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-30 17:12
ComboFix2.txt 2012-07-30 11:00
ComboFix3.txt 2012-07-30 10:20
ComboFix4.txt 2012-07-29 09:44
ComboFix5.txt 2012-07-30 16:51
.
Před spuštěním: Volných bajtů: 23 400 120 320
Po spuštění: Volných bajtů: 23 368 470 528
.
- - End Of File - - F96873CE9480EE39723D28BF644208A1

HJT

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:36, on 30. 7. 2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HitmanPro 3.6 Crusader (HitmanPro36Crusader) - SurfRight B.V. - C:\Program Files\HitmanPro\HitmanPro.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6480 bytes

TDSSkiller

Kód: Vybrat vše

19:15:58.0093 0500   TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:15:58.0218 0500   ============================================================
19:15:58.0218 0500   Current date / time: 2012/07/30 19:15:58.0218
19:15:58.0218 0500   SystemInfo:
19:15:58.0218 0500   
19:15:58.0218 0500   OS Version: 5.1.2600 ServicePack: 2.0
19:15:58.0218 0500   Product type: Workstation
19:15:58.0218 0500   ComputerName: MILAN-13270BF98
19:15:58.0218 0500   UserName: Milan Červenák
19:15:58.0218 0500   Windows directory: C:\WINDOWS
19:15:58.0218 0500   System windows directory: C:\WINDOWS
19:15:58.0218 0500   Processor architecture: Intel x86
19:15:58.0218 0500   Number of processors: 2
19:15:58.0218 0500   Page size: 0x1000
19:15:58.0218 0500   Boot type: Normal boot
19:15:58.0218 0500   ============================================================
19:16:00.0234 0500   Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:16:00.0234 0500   ============================================================
19:16:00.0234 0500   \Device\Harddisk0\DR0:
19:16:00.0234 0500   MBR partitions:
19:16:00.0234 0500   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D37F873
19:16:00.0234 0500   ============================================================
19:16:00.0265 0500   C: <-> \Device\Harddisk0\DR0\Partition0
19:16:00.0265 0500   ============================================================
19:16:00.0265 0500   Initialize success
19:16:00.0265 0500   ============================================================
19:16:21.0593 2512   ============================================================
19:16:21.0593 2512   Scan started
19:16:21.0593 2512   Mode: Manual; 
19:16:21.0593 2512   ============================================================
19:16:21.0937 2512   Abiosdsk - ok
19:16:21.0937 2512   abp480n5 - ok
19:16:21.0984 2512   ACPI            (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:16:21.0984 2512   ACPI - ok
19:16:22.0015 2512   ACPIEC          (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:16:22.0015 2512   ACPIEC - ok
19:16:22.0078 2512   Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:16:22.0093 2512   Adobe LM Service - ok
19:16:22.0093 2512   adpu160m - ok
19:16:22.0140 2512   aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
19:16:22.0156 2512   aec - ok
19:16:22.0187 2512   AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
19:16:22.0203 2512   AFD - ok
19:16:22.0203 2512   Aha154x - ok
19:16:22.0203 2512   aic78u2 - ok
19:16:22.0218 2512   aic78xx - ok
19:16:22.0250 2512   Alerter         (026ddaa7e6f8d49df82c7a98bae5d0d1) C:\WINDOWS\system32\alrsvc.dll
19:16:22.0265 2512   Alerter - ok
19:16:22.0281 2512   ALG             (b3f690bf43f93a012a52f28f234faa1b) C:\WINDOWS\System32\alg.exe
19:16:22.0281 2512   ALG - ok
19:16:22.0281 2512   AliIde - ok
19:16:22.0359 2512   AMDRAIDXpert    (afe7733a20bc394d34713440af680b63) C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
19:16:22.0359 2512   AMDRAIDXpert - ok
19:16:22.0359 2512   amsint - ok
19:16:22.0406 2512   AntiVirScheduler (d6c8942bea3698a2e7559bd423bfa5d7) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
19:16:22.0406 2512   AntiVirScheduler - ok
19:16:22.0437 2512   AntiVirService  (335a142923fe7f97e8c8388acd067568) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
19:16:22.0437 2512   AntiVirService - ok
19:16:22.0468 2512   AppMgmt         (421184f91eae5c6e78e653c6b32aae84) C:\WINDOWS\System32\appmgmts.dll
19:16:22.0468 2512   AppMgmt - ok
19:16:22.0500 2512   Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:16:22.0500 2512   Arp1394 - ok
19:16:22.0500 2512   asc - ok
19:16:22.0500 2512   asc3350p - ok
19:16:22.0515 2512   asc3550 - ok
19:16:22.0593 2512   aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:16:22.0625 2512   aspnet_state - ok
19:16:22.0640 2512   asuskbnt        (5f82ef81858852bbfbe7d13efee2f281) C:\WINDOWS\system32\drivers\atkkbnt.sys
19:16:22.0640 2512   asuskbnt - ok
19:16:22.0656 2512   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:16:22.0656 2512   AsyncMac - ok
19:16:22.0687 2512   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:16:22.0687 2512   atapi - ok
19:16:22.0687 2512   Atdisk - ok
19:16:22.0734 2512   Ati HotKey Poller (e1bbd6b359718b4171c3ab05aa33c2b7) C:\WINDOWS\system32\Ati2evxx.exe
19:16:22.0734 2512   Ati HotKey Poller - ok
19:16:22.0796 2512   ATI Smart       (ad1865c5e1842c8ba06be3b1799315aa) C:\WINDOWS\system32\ati2sgag.exe
19:16:22.0828 2512   ATI Smart - ok
19:16:22.0968 2512   ati2mtag        (640fc50e6acd1e2f834b9e4db0391ffa) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:16:23.0046 2512   ati2mtag - ok
19:16:23.0109 2512   atidgllk        (033598d326d1b538b1d0e3f532216af0) C:\WINDOWS\atidgllk.sys
19:16:23.0109 2512   atidgllk - ok
19:16:23.0125 2512   ATKKeyboardService (ff5b32c1237c855556413fb34b98a4e1) C:\WINDOWS\ATKKBService.exe
19:16:23.0140 2512   ATKKeyboardService - ok
19:16:23.0203 2512   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:16:23.0218 2512   Atmarpc - ok
19:16:23.0250 2512   AudioSrv        (40d78f514c8588ef12ec718d2af0fc4e) C:\WINDOWS\System32\audiosrv.dll
19:16:23.0250 2512   AudioSrv - ok
19:16:23.0265 2512   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:16:23.0281 2512   audstub - ok
19:16:23.0359 2512   avgio           (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
19:16:23.0375 2512   avgio - ok
19:16:23.0406 2512   avgntflt        (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
19:16:23.0406 2512   avgntflt - ok
19:16:23.0437 2512   avipbb          (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:16:23.0453 2512   avipbb - ok
19:16:23.0484 2512   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:16:23.0484 2512   Beep - ok
19:16:23.0531 2512   bgsvcgen        (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe
19:16:23.0531 2512   bgsvcgen - ok
19:16:23.0546 2512   Browser         (f219e27e88107a50544153898dd8178e) C:\WINDOWS\System32\browser.dll
19:16:23.0546 2512   Browser - ok
19:16:23.0546 2512   catchme - ok
19:16:23.0578 2512   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:16:23.0593 2512   cbidf2k - ok
19:16:23.0593 2512   cd20xrnt - ok
19:16:23.0625 2512   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:16:23.0625 2512   Cdaudio - ok
19:16:23.0656 2512   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:16:23.0671 2512   Cdfs - ok
19:16:23.0703 2512   cdrbsdrv        (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
19:16:23.0703 2512   cdrbsdrv - ok
19:16:23.0734 2512   Cdrom           (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:16:23.0734 2512   Cdrom - ok
19:16:23.0734 2512   Changer - ok
19:16:23.0750 2512   CiSvc           (9e21229e04e1d301bb40222fe4641cb2) C:\WINDOWS\system32\cisvc.exe
19:16:23.0750 2512   CiSvc - ok
19:16:23.0765 2512   ClipSrv         (d3dc45553c8025338e08a60e95b1b91d) C:\WINDOWS\system32\clipsrv.exe
19:16:23.0765 2512   ClipSrv - ok
19:16:23.0828 2512   clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:23.0875 2512   clr_optimization_v2.0.50727_32 - ok
19:16:23.0906 2512   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:23.0921 2512   clr_optimization_v4.0.30319_32 - ok
19:16:23.0921 2512   CmdIde - ok
19:16:23.0921 2512   COMSysApp - ok
19:16:23.0937 2512   Cpqarray - ok
19:16:23.0953 2512   CryptSvc        (70d2a1756f4b2067658a186c963fcabd) C:\WINDOWS\System32\cryptsvc.dll
19:16:23.0953 2512   CryptSvc - ok
19:16:24.0015 2512   CrystalSysInfo  (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
19:16:24.0015 2512   CrystalSysInfo - ok
19:16:24.0015 2512   dac2w2k - ok
19:16:24.0031 2512   dac960nt - ok
19:16:24.0062 2512   DcomLaunch      (c72c15ee57e248c66e57c76cab086cf2) C:\WINDOWS\system32\rpcss.dll
19:16:24.0093 2512   DcomLaunch - ok
19:16:24.0109 2512   Dhcp            (562830efb7cf367fb773fea5256e67c8) C:\WINDOWS\System32\dhcpcsvc.dll
19:16:24.0109 2512   Dhcp - ok
19:16:24.0125 2512   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:16:24.0140 2512   Disk - ok
19:16:24.0140 2512   dmadmin - ok
19:16:24.0218 2512   dmboot          (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
19:16:24.0250 2512   dmboot - ok
19:16:24.0250 2512   dmio            (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
19:16:24.0265 2512   dmio - ok
19:16:24.0296 2512   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:16:24.0296 2512   dmload - ok
19:16:24.0312 2512   dmserver        (7b3ca72885923eb947221f17f3e3ac59) C:\WINDOWS\System32\dmserver.dll
19:16:24.0312 2512   dmserver - ok
19:16:24.0343 2512   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:16:24.0359 2512   DMusic - ok
19:16:24.0359 2512   Dnscache        (f605b3f5674d67587c4b6c9e92a3e025) C:\WINDOWS\System32\dnsrslvr.dll
19:16:24.0375 2512   Dnscache - ok
19:16:24.0375 2512   dpti2o - ok
19:16:24.0406 2512   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:16:24.0468 2512   drmkaud - ok
19:16:24.0812 2512   dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:16:24.0812 2512   dtsoftbus01 - ok
19:16:24.0843 2512   EIO             (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
19:16:24.0843 2512   EIO - ok
19:16:24.0859 2512   ERSvc           (d6f7428b201e33bc80066b47144cb568) C:\WINDOWS\System32\ersvc.dll
19:16:24.0859 2512   ERSvc - ok
19:16:24.0875 2512   Eventlog        (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
19:16:24.0875 2512   Eventlog - ok
19:16:24.0906 2512   EventSystem     (972378b907070f64932a87c90a035487) C:\WINDOWS\system32\es.dll
19:16:24.0906 2512   EventSystem - ok
19:16:24.0921 2512   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:16:24.0937 2512   Fastfat - ok
19:16:24.0953 2512   FastUserSwitchingCompatibility (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
19:16:24.0953 2512   FastUserSwitchingCompatibility - ok
19:16:24.0953 2512   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:16:24.0968 2512   Fdc - ok
19:16:24.0984 2512   Fips            (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
19:16:25.0000 2512   Fips - ok
19:16:25.0000 2512   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:16:25.0015 2512   Flpydisk - ok
19:16:25.0031 2512   FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:16:25.0031 2512   FltMgr - ok
19:16:25.0125 2512   FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:16:25.0140 2512   FontCache3.0.0.0 - ok
19:16:25.0156 2512   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:16:25.0156 2512   Fs_Rec - ok
19:16:25.0171 2512   Ftdisk          (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:16:25.0171 2512   Ftdisk - ok
19:16:25.0203 2512   giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:16:25.0203 2512   giveio - ok
19:16:25.0203 2512   GMSIPCI - ok
19:16:25.0218 2512   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:16:25.0234 2512   Gpc - ok
19:16:25.0312 2512   gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:16:25.0312 2512   gusvc - ok
19:16:25.0328 2512   hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
19:16:25.0343 2512   hamachi - ok
19:16:25.0453 2512   Hamachi2Svc     (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
19:16:25.0484 2512   Hamachi2Svc - ok
19:16:25.0515 2512   HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:16:25.0515 2512   HDAudBus - ok
19:16:25.0562 2512   helpsvc         (f59152272782fed8a8197fa788287f68) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:16:25.0562 2512   helpsvc - ok
19:16:25.0562 2512   HidServ - ok
19:16:25.0609 2512   hidusb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:16:25.0609 2512   hidusb - ok
19:16:25.0937 2512   HitmanPro36Crusader (9f0b128e73fcf64d19d4d8508e45650f) C:\Program Files\HitmanPro\HitmanPro.exe
19:16:26.0109 2512   HitmanPro36Crusader - ok
19:16:26.0187 2512   hpn - ok
19:16:26.0234 2512   HTTP            (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
19:16:26.0250 2512   HTTP - ok
19:16:26.0296 2512   HTTPFilter      (da826826c5c9116f47e0cd0ca8cc7c11) C:\WINDOWS\System32\w3ssl.dll
19:16:26.0296 2512   HTTPFilter - ok
19:16:26.0296 2512   i2omgmt - ok
19:16:26.0312 2512   i2omp - ok
19:16:26.0343 2512   i8042prt        (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:16:26.0343 2512   i8042prt - ok
19:16:26.0406 2512   IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:16:26.0406 2512   IDriverT - ok
19:16:26.0531 2512   idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:16:26.0578 2512   idsvc - ok
19:16:26.0593 2512   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:16:26.0593 2512   Imapi - ok
19:16:26.0625 2512   ImapiService    (cf9d286b34cb4912f3b28b4972d5cb33) C:\WINDOWS\system32\imapi.exe
19:16:26.0625 2512   ImapiService - ok
19:16:26.0625 2512   ini910u - ok
19:16:26.0859 2512   IntcAzAudAddService (47f27af890da3e51c633fdd510910115) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:16:26.0968 2512   IntcAzAudAddService - ok
19:16:27.0000 2512   IntelIde - ok
19:16:27.0015 2512   intelppm        (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:16:27.0015 2512   intelppm - ok
19:16:27.0046 2512   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:16:27.0046 2512   Ip6Fw - ok
19:16:27.0093 2512   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:16:27.0093 2512   IpFilterDriver - ok
19:16:27.0109 2512   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:16:27.0109 2512   IpInIp - ok
19:16:27.0140 2512   IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:16:27.0140 2512   IpNat - ok
19:16:27.0156 2512   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:16:27.0156 2512   IPSec - ok
19:16:27.0187 2512   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:16:27.0187 2512   IRENUM - ok
19:16:27.0218 2512   isapnp          (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:16:27.0234 2512   isapnp - ok
19:16:27.0359 2512   JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
19:16:27.0359 2512   JavaQuickStarterService - ok
19:16:27.0390 2512   Kbdclass        (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:16:27.0390 2512   Kbdclass - ok
19:16:27.0421 2512   kbdhid          (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:16:27.0437 2512   kbdhid - ok
19:16:27.0484 2512   kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
19:16:27.0484 2512   kmixer - ok
19:16:27.0500 2512   KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
19:16:27.0500 2512   KSecDD - ok
19:16:27.0546 2512   kvpndev         (63118bc5be5b9b34e30997614f86a549) C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
19:16:27.0546 2512   kvpndev - ok
19:16:27.0578 2512   lanmanserver    (6d6bdd68b775986577c48a8df961a05c) C:\WINDOWS\System32\srvsvc.dll
19:16:27.0578 2512   lanmanserver - ok
19:16:27.0593 2512   lanmanworkstation (69b0569aae33f0d5057ca0e8577aaf07) C:\WINDOWS\System32\wkssvc.dll
19:16:27.0593 2512   lanmanworkstation - ok
19:16:27.0593 2512   lbrtfdc - ok
19:16:27.0640 2512   LicCtrlService  (29fab5363138f6e322f4cd780ed9d337) C:\WINDOWS\runservice.exe
19:16:27.0640 2512   LicCtrlService - ok
19:16:27.0640 2512   LmHosts         (f9ee6d2aab0690b34ae35ba9921a1414) C:\WINDOWS\System32\lmhsvc.dll
19:16:27.0640 2512   LmHosts - ok
19:16:27.0640 2512   mcdbus - ok
19:16:27.0671 2512   Messenger       (8b2fcbd881879b55be40b41f12ffc431) C:\WINDOWS\System32\msgsvc.dll
19:16:27.0671 2512   Messenger - ok
19:16:27.0703 2512   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:16:27.0703 2512   mnmdd - ok
19:16:27.0734 2512   mnmsrvc         (7d137132d6a9b41ef800e59a771ed48c) C:\WINDOWS\system32\mnmsrvc.exe
19:16:27.0750 2512   mnmsrvc - ok
19:16:27.0765 2512   Modem           (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
19:16:27.0765 2512   Modem - ok
19:16:27.0781 2512   Mouclass        (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:16:27.0781 2512   Mouclass - ok
19:16:27.0812 2512   mouhid          (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:16:27.0812 2512   mouhid - ok
19:16:27.0828 2512   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:16:27.0828 2512   MountMgr - ok
19:16:27.0890 2512   MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:16:27.0906 2512   MozillaMaintenance - ok
19:16:27.0906 2512   mraid35x - ok
19:16:27.0921 2512   MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:16:27.0937 2512   MRxDAV - ok
19:16:27.0968 2512   MRxSmb          (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:16:28.0000 2512   MRxSmb - ok
19:16:28.0031 2512   MSDTC           (944a24032aed84c59455b981f6ca1c1a) C:\WINDOWS\system32\msdtc.exe
19:16:28.0031 2512   MSDTC - ok
19:16:28.0031 2512   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:16:28.0046 2512   Msfs - ok
19:16:28.0046 2512   MSICPL - ok
19:16:28.0046 2512   MSIServer - ok
19:16:28.0046 2512   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:16:28.0062 2512   MSKSSRV - ok
19:16:28.0062 2512   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:16:28.0078 2512   MSPCLOCK - ok
19:16:28.0078 2512   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:16:28.0078 2512   MSPQM - ok
19:16:28.0109 2512   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:16:28.0109 2512   mssmbios - ok
19:16:28.0109 2512   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:16:28.0125 2512   Mup - ok
19:16:28.0140 2512   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:16:28.0140 2512   NDIS - ok
19:16:28.0171 2512   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:16:28.0171 2512   NdisTapi - ok
19:16:28.0187 2512   Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:16:28.0187 2512   Ndisuio - ok
19:16:28.0203 2512   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:16:28.0203 2512   NdisWan - ok
19:16:28.0203 2512   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:16:28.0218 2512   NDProxy - ok
19:16:28.0343 2512   Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:16:28.0375 2512   Nero BackItUp Scheduler 4.0 - ok
19:16:28.0375 2512   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:16:28.0375 2512   NetBIOS - ok
19:16:28.0390 2512   NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:16:28.0406 2512   NetBT - ok
19:16:28.0421 2512   NetDDE          (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
19:16:28.0437 2512   NetDDE - ok
19:16:28.0437 2512   NetDDEdsdm      (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
19:16:28.0453 2512   NetDDEdsdm - ok
19:16:28.0453 2512   Netlogon        (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
19:16:28.0468 2512   Netlogon - ok
19:16:28.0484 2512   Netman          (af342d2781225a8769686e0d47e3123e) C:\WINDOWS\System32\netman.dll
19:16:28.0484 2512   Netman - ok
19:16:28.0562 2512   NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:16:28.0578 2512   NetTcpPortSharing - ok
19:16:28.0609 2512   NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:16:28.0609 2512   NIC1394 - ok
19:16:28.0625 2512   Nla             (64c078bd4efd441c3f159edc5ea4420a) C:\WINDOWS\System32\mswsock.dll
19:16:28.0640 2512   Nla - ok
19:16:28.0656 2512   nm              (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
19:16:28.0656 2512   nm - ok
19:16:28.0703 2512   nmwcd           (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:16:28.0703 2512   nmwcd - ok
19:16:28.0734 2512   nmwcdc          (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:16:28.0734 2512   nmwcdc - ok
19:16:28.0750 2512   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:16:28.0750 2512   Npfs - ok
19:16:28.0750 2512   NTACCESS - ok
19:16:28.0781 2512   Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
19:16:28.0812 2512   Ntfs - ok
19:16:28.0812 2512   NtLmSsp         (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
19:16:28.0812 2512   NtLmSsp - ok
19:16:28.0859 2512   NtmsSvc         (d8d2b13ba93ae830b1a637df571d1195) C:\WINDOWS\system32\ntmssvc.dll
19:16:28.0875 2512   NtmsSvc - ok
19:16:28.0875 2512   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:16:28.0890 2512   Null - ok
19:16:28.0906 2512   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:16:28.0906 2512   NwlnkFlt - ok
19:16:28.0921 2512   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:16:28.0921 2512   NwlnkFwd - ok
19:16:28.0937 2512   NwlnkIpx        (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:16:28.0937 2512   NwlnkIpx - ok
19:16:28.0953 2512   NwlnkNb         (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:16:28.0953 2512   NwlnkNb - ok
19:16:28.0968 2512   NwlnkSpx        (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:16:28.0984 2512   NwlnkSpx - ok
19:16:29.0015 2512   NwSapAgent      (85d8c6514bd48df2cc61debe3f879dc0) C:\WINDOWS\System32\ipxsap.dll
19:16:29.0015 2512   NwSapAgent - ok
19:16:29.0125 2512   odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:16:29.0140 2512   odserv - ok
19:16:29.0156 2512   ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:16:29.0156 2512   ohci1394 - ok
19:16:29.0187 2512   ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:16:29.0187 2512   ose - ok
19:16:29.0203 2512   Parport         (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
19:16:29.0218 2512   Parport - ok
19:16:29.0218 2512   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:16:29.0218 2512   PartMgr - ok
19:16:29.0265 2512   ParVdm          (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
19:16:29.0265 2512   ParVdm - ok
19:16:29.0296 2512   pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:16:29.0296 2512   pccsmcfd - ok
19:16:29.0328 2512   PCI             (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
19:16:29.0328 2512   PCI - ok
19:16:29.0328 2512   PCIDump - ok
19:16:29.0343 2512   PCIIde          (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:16:29.0343 2512   PCIIde - ok
19:16:29.0375 2512   Pcmcia          (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:16:29.0390 2512   Pcmcia - ok
19:16:29.0390 2512   PDCOMP - ok
19:16:29.0390 2512   PDFRAME - ok
19:16:29.0406 2512   PDRELI - ok
19:16:29.0406 2512   PDRFRAME - ok
19:16:29.0406 2512   perc2 - ok
19:16:29.0421 2512   perc2hib - ok
19:16:29.0453 2512   PlugPlay        (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
19:16:29.0453 2512   PlugPlay - ok
19:16:29.0453 2512   PolicyAgent     (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
19:16:29.0453 2512   PolicyAgent - ok
19:16:29.0468 2512   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:16:29.0484 2512   PptpMiniport - ok
19:16:29.0484 2512   ProtectedStorage (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
19:16:29.0484 2512   ProtectedStorage - ok
19:16:29.0500 2512   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:16:29.0500 2512   PSched - ok
19:16:29.0500 2512   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:16:29.0515 2512   Ptilink - ok
19:16:29.0531 2512   PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:16:29.0546 2512   PxHelp20 - ok
19:16:29.0546 2512   ql1080 - ok
19:16:29.0546 2512   Ql10wnt - ok
19:16:29.0562 2512   ql12160 - ok
19:16:29.0562 2512   ql1240 - ok
19:16:29.0562 2512   ql1280 - ok
19:16:29.0578 2512   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:16:29.0593 2512   RasAcd - ok
19:16:29.0609 2512   RasAuto         (e68b6f9a726a444059705ab43b5656d1) C:\WINDOWS\System32\rasauto.dll
19:16:29.0625 2512   RasAuto - ok
19:16:29.0625 2512   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:16:29.0625 2512   Rasl2tp - ok
19:16:29.0656 2512   RasMan          (6e519d777c91e90592403c9f981fdf03) C:\WINDOWS\System32\rasmans.dll
19:16:29.0656 2512   RasMan - ok
19:16:29.0656 2512   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:16:29.0671 2512   RasPppoe - ok
19:16:29.0671 2512   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:16:29.0671 2512   Raspti - ok
19:16:29.0703 2512   Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:16:29.0718 2512   Rdbss - ok
19:16:29.0718 2512   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:16:29.0718 2512   RDPCDD - ok
19:16:29.0750 2512   rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:16:29.0750 2512   rdpdr - ok
19:16:29.0796 2512   RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
19:16:29.0796 2512   RDPWD - ok
19:16:29.0828 2512   RDSessMgr       (125acf258da9633f748131a0e0185af3) C:\WINDOWS\system32\sessmgr.exe
19:16:29.0843 2512   RDSessMgr - ok
19:16:29.0875 2512   redbook         (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:16:29.0890 2512   redbook - ok
19:16:29.0921 2512   RemoteAccess    (eb5e1a601e5a1908a87e4d5a41803d98) C:\WINDOWS\System32\mprdim.dll
19:16:29.0921 2512   RemoteAccess - ok
19:16:29.0937 2512   RemoteRegistry  (5b21208fcf8970bb61fe98e19d828714) C:\WINDOWS\system32\regsvc.dll
19:16:29.0953 2512   RemoteRegistry - ok
19:16:29.0984 2512   RpcLocator      (c8a3b668985d61249f2dc71716c58de8) C:\WINDOWS\system32\locator.exe
19:16:29.0984 2512   RpcLocator - ok
19:16:30.0015 2512   RpcSs           (c72c15ee57e248c66e57c76cab086cf2) C:\WINDOWS\System32\rpcss.dll
19:16:30.0031 2512   RpcSs - ok
19:16:30.0062 2512   RSVP            (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
19:16:30.0078 2512   RSVP - ok
19:16:30.0093 2512   RTL8023xp       (6dbd011d47ebd394a5ea7843b8afa7ea) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:16:30.0109 2512   RTL8023xp - ok
19:16:30.0125 2512   SamSs           (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
19:16:30.0125 2512   SamSs - ok
19:16:30.0171 2512   SbFw            (b9c52b09ede3a4a78a9f3d66e7b7268e) C:\WINDOWS\system32\drivers\SbFw.sys
19:16:30.0187 2512   SbFw - ok
19:16:30.0187 2512   SBFWIMCL        (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
19:16:30.0203 2512   SBFWIMCL - ok
19:16:30.0234 2512   SCardSvr        (c177354e995cc1aa1f767bcd9980434a) C:\WINDOWS\System32\SCardSvr.exe
19:16:30.0250 2512   SCardSvr - ok
19:16:30.0281 2512   Schedule        (29ac93307c6182dbe336bca314947f28) C:\WINDOWS\system32\schedsvc.dll
19:16:30.0281 2512   Schedule - ok
19:16:30.0296 2512   Secdrv          (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:16:30.0312 2512   Secdrv - ok
19:16:30.0328 2512   seclogon        (c76cb8a133374fac6805f83ff7b7da03) C:\WINDOWS\System32\seclogon.dll
19:16:30.0328 2512   seclogon - ok
19:16:30.0343 2512   SENS            (220ad85ba9c5b3011296354011b901cc) C:\WINDOWS\system32\sens.dll
19:16:30.0359 2512   SENS - ok
19:16:30.0359 2512   serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:16:30.0375 2512   serenum - ok
19:16:30.0375 2512   Serial          (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\DRIVERS\serial.sys
19:16:30.0375 2512   Serial - ok
19:16:30.0531 2512   ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
19:16:30.0562 2512   ServiceLayer - ok
19:16:30.0593 2512   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:16:30.0593 2512   Sfloppy - ok
19:16:30.0640 2512   SharedAccess    (6a93501bcdebf159109429b022c0ff83) C:\WINDOWS\System32\ipnathlp.dll
19:16:30.0640 2512   SharedAccess - ok
19:16:30.0656 2512   ShellHWDetection (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
19:16:30.0656 2512   ShellHWDetection - ok
19:16:30.0671 2512   Simbad - ok
19:16:30.0671 2512   Sparrow - ok
19:16:30.0703 2512   speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
19:16:30.0703 2512   speedfan - ok
19:16:30.0734 2512   splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
19:16:30.0734 2512   splitter - ok
19:16:30.0750 2512   Spooler         (21b6faa88044a41640e03ebb68be93e8) C:\WINDOWS\system32\spoolsv.exe
19:16:30.0750 2512   Spooler - ok
19:16:30.0765 2512   sr              (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
19:16:30.0781 2512   sr - ok
19:16:30.0796 2512   srservice       (3cd57f31a64d32fdb28918b16d1e6aac) C:\WINDOWS\system32\srsvc.dll
19:16:30.0796 2512   srservice - ok
19:16:30.0812 2512   Srv             (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
19:16:30.0828 2512   Srv - ok
19:16:30.0859 2512   SSDPSRV         (88c28f53f53438dafcd95e99c837c61e) C:\WINDOWS\System32\ssdpsrv.dll
19:16:30.0875 2512   SSDPSRV - ok
19:16:30.0906 2512   ssmdrv          (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:16:30.0906 2512   ssmdrv - ok
19:16:30.0968 2512   StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
19:16:30.0968 2512   StarWindServiceAE - ok
19:16:31.0031 2512   stisvc          (0645ccdddd27f96eea3534c1def736d9) C:\WINDOWS\system32\wiaservc.dll
19:16:31.0046 2512   stisvc - ok
19:16:31.0046 2512   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:16:31.0046 2512   swenum - ok
19:16:31.0078 2512   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:16:31.0093 2512   swmidi - ok
19:16:31.0093 2512   SwPrv - ok
19:16:31.0093 2512   symc810 - ok
19:16:31.0109 2512   symc8xx - ok
19:16:31.0109 2512   sym_hi - ok
19:16:31.0109 2512   sym_u3 - ok
19:16:31.0140 2512   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:16:31.0156 2512   sysaudio - ok
19:16:31.0187 2512   SysmonLog       (d9c9ecff4904e6151525c533aeedf8f4) C:\WINDOWS\system32\smlogsvc.exe
19:16:31.0203 2512   SysmonLog - ok
19:16:31.0234 2512   TapiSrv         (37162d29cd61519e6f5ea0de99786ff6) C:\WINDOWS\System32\tapisrv.dll
19:16:31.0234 2512   TapiSrv - ok
19:16:31.0265 2512   Tcpip           (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:16:31.0281 2512   Tcpip - ok
19:16:31.0312 2512   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:16:31.0312 2512   TDPIPE - ok
19:16:31.0328 2512   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:16:31.0343 2512   TDTCP - ok
19:16:31.0375 2512   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:16:31.0390 2512   TermDD - ok
19:16:31.0437 2512   TermService     (2f5919f2f6ee7a845893d9c3aa2bc56a) C:\WINDOWS\System32\termsrv.dll
19:16:31.0437 2512   TermService - ok
19:16:31.0453 2512   Themes          (8ba76bd2a943f642f267a296a15776d2) C:\WINDOWS\System32\shsvcs.dll
19:16:31.0468 2512   Themes - ok
19:16:31.0484 2512   TlntSvr         (535c2fb97336bafa509f4783dd1e5746) C:\WINDOWS\system32\tlntsvr.exe
19:16:31.0500 2512   TlntSvr - ok
19:16:31.0500 2512   TosIde - ok
19:16:31.0515 2512   TrkWks          (4dce17221b1a87fb47e36842f3e38753) C:\WINDOWS\system32\trkwks.dll
19:16:31.0531 2512   TrkWks - ok
19:16:31.0578 2512   TuneUp.Defrag   (4196d7bc21786883201747dcc0dc84a0) C:\WINDOWS\System32\TuneUpDefragService.exe
19:16:31.0593 2512   TuneUp.Defrag - ok
19:16:31.0656 2512   TuneUp.ProgramStatisticsSvc (02e5f68a55cd413c5bfb9f2df677dd01) C:\WINDOWS\System32\TUProgSt.exe
19:16:31.0671 2512   TuneUp.ProgramStatisticsSvc - ok
19:16:31.0718 2512   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:16:31.0718 2512   Udfs - ok
19:16:31.0734 2512   ultra - ok
19:16:31.0734 2512   UNDPX2A - ok
19:16:31.0765 2512   Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
19:16:31.0781 2512   Update - ok
19:16:31.0796 2512   upnphost        (984fc1518b0d5b31d76f0e63608e0500) C:\WINDOWS\System32\upnphost.dll
19:16:31.0828 2512   upnphost - ok
19:16:31.0859 2512   upperdev        (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:16:31.0859 2512   upperdev - ok
19:16:31.0890 2512   UPS             (6148a3ba4d9cc628357fc92014fea30e) C:\WINDOWS\System32\ups.exe
19:16:31.0890 2512   UPS - ok
19:16:31.0906 2512   USBCM           (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
19:16:31.0921 2512   USBCM - ok
19:16:31.0953 2512   usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:16:31.0953 2512   usbehci - ok
19:16:31.0953 2512   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:16:31.0968 2512   usbhub - ok
19:16:32.0000 2512   usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:16:32.0000 2512   usbprint - ok
19:16:32.0031 2512   usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:16:32.0031 2512   usbscan - ok
19:16:32.0062 2512   usbser          (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
19:16:32.0062 2512   usbser - ok
19:16:32.0093 2512   UsbserFilt      (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:16:32.0093 2512   UsbserFilt - ok
19:16:32.0140 2512   USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:16:32.0140 2512   USBSTOR - ok
19:16:32.0171 2512   usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:16:32.0187 2512   usbuhci - ok
19:16:32.0203 2512   UxTuneUp        (4360d5653e885479fed75c378e9faab3) C:\WINDOWS\System32\uxtuneup.dll
19:16:32.0203 2512   UxTuneUp - ok
19:16:32.0218 2512   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:16:32.0218 2512   VgaSave - ok
19:16:32.0234 2512   ViaIde - ok
19:16:32.0265 2512   Video3D         (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
19:16:32.0265 2512   Video3D - ok
19:16:32.0281 2512   VolSnap         (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
19:16:32.0281 2512   VolSnap - ok
19:16:32.0312 2512   VSS             (043539881667bb37b07524032d6ffc3e) C:\WINDOWS\System32\vssvc.exe
19:16:32.0328 2512   VSS - ok
19:16:32.0359 2512   W32Time         (2ceebb402187ae56b585701f3d191fb3) C:\WINDOWS\system32\w32time.dll
19:16:32.0359 2512   W32Time - ok
19:16:32.0375 2512   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:16:32.0375 2512   Wanarp - ok
19:16:32.0421 2512   Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:16:32.0437 2512   Wdf01000 - ok
19:16:32.0453 2512   WDICA - ok
19:16:32.0484 2512   wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
19:16:32.0484 2512   wdmaud - ok
19:16:32.0500 2512   WebClient       (3791adf1d3466ac6b4b662d3f79cbfec) C:\WINDOWS\System32\webclnt.dll
19:16:32.0500 2512   WebClient - ok
19:16:32.0578 2512   winmgmt         (e12084ea622bdf2262c637bef15dd85c) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:16:32.0578 2512   winmgmt - ok
19:16:32.0625 2512   WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:16:32.0625 2512   WmdmPmSN - ok
19:16:32.0671 2512   Wmi             (0cdc4a0c6b820fad99fb4ca74cd0c476) C:\WINDOWS\System32\advapi32.dll
19:16:32.0687 2512   Wmi - ok
19:16:32.0734 2512   WmiApSrv        (bcd21b989f0fd4ace78287fc01b4693d) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:16:32.0750 2512   WmiApSrv - ok
19:16:32.0750 2512   WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:16:32.0765 2512   WpdUsb - ok
19:16:32.0906 2512   WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:16:32.0937 2512   WPFFontCache_v0400 - ok
19:16:32.0968 2512   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:16:32.0968 2512   WS2IFSL - ok
19:16:33.0015 2512   wscsvc          (4aded1adef25041d9827f9a79c0fda13) C:\WINDOWS\system32\wscsvc.dll
19:16:33.0015 2512   wscsvc - ok
19:16:33.0046 2512   wuauserv        (21f5169ca14e0b25c757644456f637df) C:\WINDOWS\system32\wuauserv.dll
19:16:33.0062 2512   wuauserv - ok
19:16:33.0078 2512   WudfPf          (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:16:33.0078 2512   WudfPf - ok
19:16:33.0109 2512   WudfRd          (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:16:33.0125 2512   WudfRd - ok
19:16:33.0156 2512   WudfSvc         (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
19:16:33.0156 2512   WudfSvc - ok
19:16:33.0187 2512   WZCSVC          (325cedef696ef4b649ddcd3968d085c9) C:\WINDOWS\System32\wzcsvc.dll
19:16:33.0187 2512   WZCSVC - ok
19:16:33.0218 2512   xmlprov         (9b835d4c64860b155a1701d5092ec9e4) C:\WINDOWS\System32\xmlprov.dll
19:16:33.0234 2512   xmlprov - ok
19:16:33.0250 2512   MBR (0x1B8)     (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
19:16:33.0640 2512   \Device\Harddisk0\DR0 - ok
19:16:33.0640 2512   Boot (0x1200)   (4bb65af7f8b41c340ec5cd066fad41f0) \Device\Harddisk0\DR0\Partition0
19:16:33.0640 2512   \Device\Harddisk0\DR0\Partition0 - ok
19:16:33.0640 2512   ============================================================
19:16:33.0640 2512   Scan finished
19:16:33.0640 2512   ============================================================
19:16:33.0656 2484   Detected object count: 0
19:16:33.0656 2484   Actual detected object count: 0
19:17:26.0093 1548   Deinitialize success

aswMBR

Kód: Vybrat vše

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 19:23:27
-----------------------------
19:23:27.484    OS Version: Windows 5.1.2600 Service Pack 2
19:23:27.484    Number of processors: 2 586 0x40A
19:23:27.484    ComputerName: MILAN-13270BF98  UserName: Milan Červenák
19:23:29.046    Initialize success
19:24:02.546    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12
19:24:02.546    Disk 0 Vendor: WDC_WD2500YS-01SHB1 20.06C06 Size: 239372MB BusType: 3
19:24:02.578    Disk 0 MBR read successfully
19:24:02.578    Disk 0 MBR scan
19:24:02.578    Disk 0 Windows XP default MBR code
19:24:02.578    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       239359 MB offset 63
19:24:02.578    Disk 0 scanning sectors +490207410
19:24:02.656    Disk 0 scanning C:\WINDOWS\system32\drivers
19:24:08.828    Service scanning
19:24:11.062    Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
19:24:12.578    Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
19:24:13.093    Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
19:24:16.562    Modules scanning
19:24:45.656    Disk 0 trace - called modules:
19:24:45.671    TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
19:24:45.671    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872feab8]
19:24:45.671    3 CLASSPNP.SYS[f751005b] -> nt!IofCallDriver -> \Device\00000083[0x8731d9e8]
19:24:45.671    5 ACPI.sys[f7466620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-12[0x87300b00]
19:24:45.671    Scan finished successfully
19:24:56.609    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Milan Červenák\Plocha\MBR.dat"
19:24:56.609    The log file has been saved successfully to "C:\Documents and Settings\Milan Červenák\Plocha\aswMBR.txt"

a súbor OLE2VBDB.DAT je čistý

Příspěvekod **jaro3** » 30 črc 2012 23:23

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Co problémy?

Prosím o kontrolu logu - problém

Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Re: Prosím o kontrolu logu - problém

Kdo je online