prosím o kontrolu vir worm/delf.ff

mafian · Příspěvekod **mafian** » 19 srp 2012 16:26

prosím o kontrolu avg mi hlásí neustále vir wrom/delf.FF v tisících souborech

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:20, on 19.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\PCSafeDoctor\pcsafedoctor.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [pcsafedoctor.exe] C:\Program Files\PCSafeDoctor\pcsafedoctor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 8067 bytes

Reklama

Příspěvekod **Žbeky** » 19 srp 2012 19:54

Jaké to jsou soubory a kde jsou?

Odinstaluj PC safe doctor

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [pcsafedoctor.exe] C:\Program Files\PCSafeDoctor\pcsafedoctor.exe

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

mafian · Příspěvekod **mafian** » 20 srp 2012 09:12

tak v hj fixnuto

Malwarebytes' Anti-Malware když dam rychlý tak je to ok ale když dám standartní tak to najde 30 objektů a pak se kousne.

Příspěvekod **memphisto** » 20 srp 2012 09:32

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

mafian · Příspěvekod **mafian** » 20 srp 2012 10:42

ComboFix 12-08-20.01 - uživatel 20.08.2012 10:32:56.11.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2625 [GMT 2:00]
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\directx.sys
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-20 do 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 07:16 . 2012-08-20 07:17 -------- d-----w- c:\program files\Unlocker
2012-08-19 14:37 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-08-19 14:37 . 2012-08-19 14:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2012-08-19 14:37 . 2012-08-19 14:37 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Spyware Terminator
2012-08-19 14:36 . 2012-08-19 14:37 -------- d-----w- c:\program files\Spyware Terminator
2012-08-19 14:04 . 2012-08-20 07:02 -------- d-----w- C:\!KillBox
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\rundll16.exe
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\logo1_.exe
2012-08-17 10:26 . 2012-08-17 10:33 -------- d-----w- c:\program files\WinUtilities
2012-08-17 10:26 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2012-08-17 10:26 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2012-08-17 10:26 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll
2012-08-17 10:26 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll
2012-08-17 10:26 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-17 10:26 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2012-08-17 10:26 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2012-08-16 16:32 . 2012-08-20 08:31 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-02 12:51 . 2012-08-02 12:51 -------- d-----w- C:\HostsXpert
2012-07-30 13:41 . 2012-07-30 13:41 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-23 19:40 . 2012-07-23 19:41 -------- d-----w- C:\janka
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 12:51 . 2012-08-02 12:51 357766 ----a-w- C:\HostsXpert.zip
2012-07-27 11:34 . 2012-07-02 11:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 11:34 . 2012-07-02 11:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 18:03 . 2012-07-06 18:03 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-07-06 18:03 . 2012-07-06 18:03 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-07-06 13:58 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-12-28 09:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2001-10-25 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2012-02-02 13:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:38 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2012-06-29 17:49 . 2012-06-29 17:49 3584 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 15:49 . 2011-12-28 11:22 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-10-25 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-12-28 10:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-12-28 10:55 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-12-28 10:55 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-12-28 10:55 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-12-28 09:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2001-10-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2011-12-28 10:55 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-12-28 09:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-06-21 2786512]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-06-21 3669712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]
2011-08-30 21:43 925960 ----a-w- c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2010-06-21 13:56 1763840 ----a-w- c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-19 13:24 158120 ----atw- c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 17:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 17:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-11-17 16:18 2773328 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2011-10-04 08:28 220992 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2012-02-16 13:29 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
2012-02-26 14:01 295728 ----a-w- c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 6:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 18:21 239168]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [19.8.2012 16:37 32768]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 12:55 85344]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files\ABBYY FineReader 11\NetworkLicenseServer.exe [18.8.2011 15:47 819976]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 22:03 660768]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 17:07 759048]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [23.1.2012 20:52 793048]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 20:31 2156952]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [19.8.2012 16:37 483024]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [9.7.2012 15:19 935008]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 17:18 103040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24.4.2012 10:11 250056]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 18:17 2489680]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-HijackThis - c:\documents and settings\uživatel\Dokumenty\HijackThis.exe
AddRemove-Traktor 2_is1 - c:\topcd\Traktor 2\unins000.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\DATAAP~1\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
AddRemove-Google Chrome - c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-08-20 10:40:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-20 08:40
ComboFix2.txt 2012-07-28 16:28
ComboFix3.txt 2012-07-07 17:30
.
Před spuštěním: Volných bajtů: 27 216 273 408
Po spuštění: Volných bajtů: 28 075 216 896
.
- - End Of File - - 11ECE267AD2E8A5CFD664FEAD2EC6176

Příspěvekod **jaro3** » 20 srp 2012 11:00

Odinstaluj:
Spyware Terminator

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\drivers\sp_rsdrv2.sys
c:\windows\system32\runouce.exe
c:\windows\ativpsrm.bin
c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe"
c:\program files\Spyware Terminator\st_rsser.exe

Folder::
c:\documents and settings\All Users\Data aplikací\Spyware Terminator
c:\documents and settings\uživatel\Data aplikací\Spyware Terminator
c:\program files\Spyware Terminator
C:\!KillBox

Driver::
sp_rsdrv2
ST2012_Svc

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"=-
"SpywareTerminatorUpdater"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=-
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

mafian · Příspěvekod **mafian** » 20 srp 2012 14:09

ComboFix 12-08-20.01 - uživatel 20.08.2012 14:00:02.12.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2537 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe"
"c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe"
"c:\program files\Spyware Terminator\st_rsser.exe"
"c:\windows\ativpsrm.bin"
"c:\windows\system32\drivers\sp_rsdrv2.sys"
"c:\windows\system32\runouce.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\!KillBox
c:\!killbox\Logs\kb.log
c:\!killbox\Mafia 1 CZ\Mafia.iso
c:\!killbox\Mafia.iso
c:\!killbox\Mafia.iso( 1)
c:\program files\Spyware Terminator
c:\program files\Spyware Terminator\Driver\driver.cab
c:\program files\Spyware Terminator\Driver\sp_rsdrv2.sys
c:\program files\Spyware Terminator\SpywareTerminator.exe
c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\Spyware Terminator\STShell.dll
c:\program files\Spyware Terminator\Tools\analyze.xml
c:\program files\Spyware Terminator\Tools\analyzefile.exe
c:\program files\Spyware Terminator\Tools\bloatware.xml
c:\program files\Spyware Terminator\Tools\defsyssettings.exe
c:\program files\Spyware Terminator\Tools\hardfileremover.exe
c:\program files\Spyware Terminator\Tools\optimizer.xml
c:\program files\Spyware Terminator\Tools\ov.xml
c:\program files\Spyware Terminator\Tools\remover.xml
c:\program files\Spyware Terminator\Tools\restore.xml
c:\program files\Spyware Terminator\Tools\startup.xml
c:\program files\Spyware Terminator\Tools\systemrestore.exe
c:\program files\Spyware Terminator\Tools\systemsettings.xml
c:\program files\Spyware Terminator\Tools\unstableaddons.xml
c:\program files\Spyware Terminator\Tools\virtualkeyboard.xml
c:\program files\Spyware Terminator\TorrentDll.dll
c:\program files\Spyware Terminator\unins000.dat
c:\program files\Spyware Terminator\unins000.exe
c:\program files\Spyware Terminator\unins000.msg
c:\windows\ativpsrm.bin
c:\windows\system32\drivers\sp_rsdrv2.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SP_RSDRV2
-------\Legacy_ST2012_SVC
-------\Service_sp_rsdrv2
-------\Service_ST2012_Svc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-20 do 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 07:16 . 2012-08-20 07:17 -------- d-----w- c:\program files\Unlocker
2012-08-19 14:37 . 2012-08-19 14:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2012-08-19 14:37 . 2012-08-19 14:37 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Spyware Terminator
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\rundll16.exe
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\logo1_.exe
2012-08-17 10:26 . 2012-08-17 10:33 -------- d-----w- c:\program files\WinUtilities
2012-08-17 10:26 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2012-08-17 10:26 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2012-08-17 10:26 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll
2012-08-17 10:26 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll
2012-08-17 10:26 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-17 10:26 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2012-08-17 10:26 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2012-08-16 16:32 . 2012-08-20 11:57 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-02 12:51 . 2012-08-02 12:51 -------- d-----w- C:\HostsXpert
2012-07-23 19:40 . 2012-07-23 19:41 -------- d-----w- C:\janka
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 12:51 . 2012-08-02 12:51 357766 ----a-w- C:\HostsXpert.zip
2012-07-27 11:34 . 2012-07-02 11:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 11:34 . 2012-07-02 11:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 18:03 . 2012-07-06 18:03 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-07-06 18:03 . 2012-07-06 18:03 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-07-06 13:58 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-12-28 09:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2001-10-25 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2012-02-02 13:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:38 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2012-06-29 17:49 . 2012-06-29 17:49 3584 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 15:49 . 2011-12-28 11:22 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-10-25 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-12-28 10:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-12-28 10:55 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-12-28 10:55 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-12-28 10:55 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-12-28 09:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2001-10-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2011-12-28 10:55 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-12-28 09:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_08.37.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-20 12:04 . 2012-08-20 12:04 16384 c:\windows\temp\Perflib_Perfdata_96c.dat
+ 2012-08-20 12:04 . 2012-08-20 12:04 16384 c:\windows\temp\Perflib_Perfdata_8f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]
2011-08-30 21:43 925960 ----a-w- c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2010-06-21 13:56 1763840 ----a-w- c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-19 13:24 158120 ----atw- c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 17:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 17:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-11-17 16:18 2773328 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2011-10-04 08:28 220992 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2012-02-16 13:29 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
2012-02-26 14:01 295728 ----a-w- c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 6:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 18:21 239168]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 12:55 85344]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files\ABBYY FineReader 11\NetworkLicenseServer.exe [18.8.2011 15:47 819976]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 22:03 660768]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 17:07 759048]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [23.1.2012 20:52 793048]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 20:31 2156952]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [9.7.2012 15:19 935008]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 17:18 103040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24.4.2012 10:11 250056]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 18:17 2489680]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{56736259-613E-4A3B-B428-6235F2E76F44}_is1 - c:\program files\Spyware Terminator\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-08-20 14:07:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-20 12:06
ComboFix2.txt 2012-08-20 08:40
ComboFix3.txt 2012-07-28 16:28
ComboFix4.txt 2012-07-07 17:30
.
Před spuštěním: Volných bajtů: 28 096 720 896
Po spuštění: Volných bajtů: 28 045 983 744
.
- - End Of File - - 4E02C4ECF3F5D07C5B7D7CF6FC0B926D

mafian · Příspěvekod **mafian** » 20 srp 2012 14:11

14:10:13.0906 0428 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:10:14.0078 0428 ============================================================
14:10:14.0078 0428 Current date / time: 2012/08/20 14:10:14.0078
14:10:14.0078 0428 SystemInfo:
14:10:14.0078 0428
14:10:14.0078 0428 OS Version: 5.1.2600 ServicePack: 3.0
14:10:14.0078 0428 Product type: Workstation
14:10:14.0078 0428 ComputerName: ADMIN
14:10:14.0078 0428 UserName: uživatel
14:10:14.0078 0428 Windows directory: C:\WINDOWS
14:10:14.0078 0428 System windows directory: C:\WINDOWS
14:10:14.0078 0428 Processor architecture: Intel x86
14:10:14.0078 0428 Number of processors: 4
14:10:14.0078 0428 Page size: 0x1000
14:10:14.0078 0428 Boot type: Normal boot
14:10:14.0078 0428 ============================================================
14:10:15.0437 0428 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:10:15.0437 0428 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:10:15.0437 0428 ============================================================
14:10:15.0437 0428 \Device\Harddisk0\DR0:
14:10:15.0437 0428 MBR partitions:
14:10:15.0437 0428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
14:10:15.0453 0428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x7741C29
14:10:15.0453 0428 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x2A389FFD
14:10:15.0453 0428 \Device\Harddisk1\DR1:
14:10:15.0453 0428 MBR partitions:
14:10:15.0453 0428 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41
14:10:15.0453 0428 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFFF9D80, BlocksNum 0x15788100
14:10:15.0453 0428 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x25781EBF, BlocksNum 0x88B6351
14:10:15.0453 0428 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x2E038210, BlocksNum 0xC34C680
14:10:15.0453 0428 ============================================================
14:10:15.0468 0428 C: <-> \Device\Harddisk0\DR0\Partition1
14:10:15.0500 0428 D: <-> \Device\Harddisk0\DR0\Partition2
14:10:15.0562 0428 F: <-> \Device\Harddisk0\DR0\Partition3
14:10:15.0593 0428 G: <-> \Device\Harddisk1\DR1\Partition1
14:10:15.0609 0428 I: <-> \Device\Harddisk1\DR1\Partition3
14:10:15.0640 0428 K: <-> \Device\Harddisk1\DR1\Partition2
14:10:15.0656 0428 L: <-> \Device\Harddisk1\DR1\Partition4
14:10:15.0656 0428 ============================================================
14:10:15.0656 0428 Initialize success
14:10:15.0656 0428 ============================================================
14:10:40.0375 2960 ============================================================
14:10:40.0375 2960 Scan started
14:10:40.0375 2960 Mode: Manual;
14:10:40.0375 2960 ============================================================
14:10:41.0500 2960 ================ Scan services =============================
14:10:41.0546 2960 [ f11d68e40ed62fdb7c460c445f1ec4e5 ] 602XML Updater C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
14:10:41.0562 2960 602XML Updater - ok
14:10:41.0609 2960 [ 656f06850d02baed19f0e2e72b047ce2 ] ABBYY.Licensing.FineReader.Professional.11.0 C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
14:10:41.0625 2960 ABBYY.Licensing.FineReader.Professional.11.0 - ok
14:10:41.0656 2960 [ 2a5e5246f22530e351c9f3f2c1cd63b9 ] ABBYY.Licensing.FineReader.Professional.9.0 C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
14:10:41.0671 2960 ABBYY.Licensing.FineReader.Professional.9.0 - ok
14:10:41.0718 2960 [ b33cf4de909a5b30f526d82053a63c8e ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:10:41.0718 2960 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:10:41.0765 2960 Abiosdsk - ok
14:10:41.0765 2960 abp480n5 - ok
14:10:41.0828 2960 [ 4fe34f1f3126b61fcc6b2043aa8112c9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:10:41.0828 2960 ACPI - ok
14:10:41.0859 2960 [ afdff022a01f0b11c776f0860c3b282f ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:10:41.0859 2960 ACPIEC - ok
14:10:41.0890 2960 [ 6c40d5ed8951ab7b90d08af655224ee4 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:41.0906 2960 AdobeFlashPlayerUpdateSvc - ok
14:10:41.0906 2960 adpu160m - ok
14:10:41.0937 2960 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:10:41.0937 2960 aec - ok
14:10:41.0968 2960 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:10:41.0968 2960 AFD - ok
14:10:41.0968 2960 Aha154x - ok
14:10:41.0968 2960 aic78u2 - ok
14:10:41.0968 2960 aic78xx - ok
14:10:41.0984 2960 [ e0a6fa244b8624d78fe5ff6f56a33bae ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:10:41.0984 2960 Alerter - ok
14:10:42.0000 2960 [ 88842de939a827577bf24243699ac80a ] ALG C:\WINDOWS\System32\alg.exe
14:10:42.0000 2960 ALG - ok
14:10:42.0000 2960 AliIde - ok
14:10:42.0015 2960 [ 6e58654cb25730b2579e45e1fd116a47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
14:10:42.0015 2960 amdide - ok
14:10:42.0015 2960 [ 033448d435e65c4bd72e70521fd05c76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
14:10:42.0015 2960 AmdPPM - ok
14:10:42.0031 2960 amsint - ok
14:10:42.0062 2960 [ 6b8e7a90e576d4fe308f97c69060a171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:10:42.0062 2960 AppMgmt - ok
14:10:42.0078 2960 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:10:42.0078 2960 Arp1394 - ok
14:10:42.0078 2960 asc - ok
14:10:42.0078 2960 asc3350p - ok
14:10:42.0078 2960 asc3550 - ok
14:10:42.0125 2960 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:10:42.0140 2960 aspnet_state - ok
14:10:42.0140 2960 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:10:42.0140 2960 AsyncMac - ok
14:10:42.0140 2960 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:10:42.0140 2960 atapi - ok
14:10:42.0140 2960 Atdisk - ok
14:10:42.0171 2960 [ 809b0eb83c75061c9de2e528c65a1575 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:10:42.0187 2960 Ati HotKey Poller - ok
14:10:42.0203 2960 [ ad1865c5e1842c8ba06be3b1799315aa ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
14:10:42.0218 2960 ATI Smart - ok
14:10:42.0343 2960 [ 032f23b133b680b06861329c5a176ee0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:10:42.0390 2960 ati2mtag - ok
14:10:42.0437 2960 [ 924971a182e07463765ef9fa8876f24f ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
14:10:42.0437 2960 AtiHDAudioService - ok
14:10:42.0437 2960 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:10:42.0453 2960 Atmarpc - ok
14:10:42.0468 2960 [ de31b88962a8645dba5a37b993e7b0f1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:10:42.0468 2960 AudioSrv - ok
14:10:42.0468 2960 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:10:42.0468 2960 audstub - ok
14:10:42.0500 2960 [ 69578bc9d43d614c6b3455db4af19762 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
14:10:42.0500 2960 AVGIDSEH - ok
14:10:42.0531 2960 [ bf8118cd5e2255387b715b534d64acd1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:10:42.0531 2960 Avgldx86 - ok
14:10:42.0531 2960 [ 1c77ef67f196466adc9924cb288afe87 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:10:42.0531 2960 Avgmfx86 - ok
14:10:42.0546 2960 [ f2038ed7284b79dcef581468121192a9 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:10:42.0546 2960 Avgrkx86 - ok
14:10:42.0562 2960 [ a6d562b612216d8d02a35ebeb92366bd ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:10:42.0562 2960 Avgtdix - ok
14:10:42.0625 2960 [ 6699ece24fe4b3f752a66c66a602ee86 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:10:42.0640 2960 avgwd - ok
14:10:42.0656 2960 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:10:42.0656 2960 Beep - ok
14:10:42.0656 2960 [ 19395d092fd85ddc2d9c7729cf5a2ac8 ] BITS C:\WINDOWS\system32\qmgr.dll
14:10:42.0671 2960 BITS - ok
14:10:42.0703 2960 [ 89e739bba5f636297ea5b5f811189e06 ] Browser C:\WINDOWS\System32\browser.dll
14:10:42.0703 2960 Browser - ok
14:10:42.0703 2960 catchme - ok
14:10:42.0734 2960 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:10:42.0734 2960 cbidf2k - ok
14:10:42.0734 2960 cd20xrnt - ok
14:10:42.0750 2960 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:10:42.0750 2960 Cdaudio - ok
14:10:42.0750 2960 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:10:42.0750 2960 Cdfs - ok
14:10:42.0765 2960 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:10:42.0765 2960 Cdrom - ok
14:10:42.0781 2960 [ e390dc1d7c461d7d56ec53402f329928 ] cisvc C:\WINDOWS\system32\cisvc.exe
14:10:42.0781 2960 cisvc - ok
14:10:42.0796 2960 [ 064507a8dfa8c5c7e2ffddd3e6f424fa ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:10:42.0796 2960 ClipSrv - ok
14:10:42.0812 2960 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:42.0812 2960 clr_optimization_v2.0.50727_32 - ok
14:10:42.0843 2960 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:10:42.0843 2960 clr_optimization_v4.0.30319_32 - ok
14:10:42.0843 2960 CmdIde - ok
14:10:42.0859 2960 COMSysApp - ok
14:10:42.0859 2960 Cpqarray - ok
14:10:42.0875 2960 [ f3ab0933cbd166d271992f411c27ccaf ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:10:42.0875 2960 CryptSvc - ok
14:10:42.0875 2960 dac2w2k - ok
14:10:42.0875 2960 dac960nt - ok
14:10:42.0906 2960 [ be27674d1cbc3214aec84b4336a38bbf ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:10:42.0906 2960 DcomLaunch - ok
14:10:42.0921 2960 [ 8c9a53e285ac5e6704844d0459ec85be ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:10:42.0921 2960 Dhcp - ok
14:10:42.0937 2960 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:10:42.0937 2960 Disk - ok
14:10:42.0937 2960 dmadmin - ok
14:10:42.0984 2960 [ db5fd2bf5b07dc54bfcb3664ff05bd7c ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:10:42.0984 2960 dmboot - ok
14:10:43.0015 2960 [ fff1720af51171f32f1ead5cf71f2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:10:43.0015 2960 dmio - ok
14:10:43.0031 2960 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:10:43.0031 2960 dmload - ok
14:10:43.0031 2960 [ 2bfefe9e865655a76982f050450b9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:10:43.0031 2960 dmserver - ok
14:10:43.0046 2960 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:10:43.0046 2960 DMusic - ok
14:10:43.0046 2960 [ dfaa406bf19f4ee806a6f8d4342137f7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:10:43.0046 2960 Dnscache - ok
14:10:43.0078 2960 [ 4a3e2bd20157a0946751229e92eb8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:10:43.0078 2960 Dot3svc - ok
14:10:43.0078 2960 dpti2o - ok
14:10:43.0093 2960 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:10:43.0093 2960 drmkaud - ok
14:10:43.0109 2960 [ fb38473835476a6fb272215a1d972af9 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
14:10:43.0109 2960 dtsoftbus01 - ok
14:10:43.0109 2960 [ 0887d9c2be8d940778cad1e3b85f2a41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:10:43.0109 2960 EapHost - ok
14:10:43.0125 2960 [ a2a4912798f2be706abadd3d30800d16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:10:43.0125 2960 ERSvc - ok
14:10:43.0140 2960 [ 9ef697af07bb8dd82c3b02ca953a95b7 ] Eventlog C:\WINDOWS\system32\services.exe
14:10:43.0140 2960 Eventlog - ok
14:10:43.0156 2960 [ a371f11ef07653591c8de26afb13ce7f ] EventSystem C:\WINDOWS\System32\es.dll
14:10:43.0156 2960 EventSystem - ok
14:10:43.0156 2960 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:10:43.0156 2960 Fastfat - ok
14:10:43.0187 2960 [ ee9a2b9ea968a792a053c9d1a86bf870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:10:43.0187 2960 FastUserSwitchingCompatibility - ok
14:10:43.0187 2960 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:10:43.0187 2960 Fdc - ok
14:10:43.0203 2960 [ ac366695a0796560aa37215ad5762aaf ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:10:43.0203 2960 Fips - ok
14:10:43.0203 2960 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:10:43.0203 2960 Flpydisk - ok
14:10:43.0203 2960 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:10:43.0203 2960 FltMgr - ok
14:10:43.0250 2960 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:10:43.0250 2960 FontCache3.0.0.0 - ok
14:10:43.0265 2960 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:10:43.0265 2960 Fs_Rec - ok
14:10:43.0281 2960 [ 4e664d8541db4a66b73a24257e322e1f ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:10:43.0281 2960 Ftdisk - ok
14:10:43.0312 2960 [ 5c230948dd6652228f88ca7ae6cb276c ] gdrv C:\WINDOWS\gdrv.sys
14:10:43.0312 2960 gdrv - ok
14:10:43.0328 2960 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:10:43.0328 2960 Gpc - ok
14:10:43.0328 2960 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:10:43.0328 2960 HDAudBus - ok
14:10:43.0375 2960 [ fcfe31fb75f8a6295b6b0af87a626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:10:43.0375 2960 helpsvc - ok
14:10:43.0375 2960 [ 00e25ee90166b3e1be6e74aebf858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:10:43.0375 2960 HidServ - ok
14:10:43.0375 2960 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:10:43.0375 2960 hidusb - ok
14:10:43.0390 2960 [ 7a6b320928f86bc851530d63c82965d9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:10:43.0390 2960 hkmsvc - ok
14:10:43.0390 2960 hpn - ok
14:10:43.0406 2960 hpt3xx - ok
14:10:43.0437 2960 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:10:43.0437 2960 HTTP - ok
14:10:43.0468 2960 [ 58fe2f2da3bc5573f4a35b3760d3125f ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:10:43.0468 2960 HTTPFilter - ok
14:10:43.0468 2960 i2omp - ok
14:10:43.0484 2960 [ c528e27945367191e7bae364930b6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:10:43.0484 2960 i8042prt - ok
14:10:43.0531 2960 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:10:43.0531 2960 idsvc - ok
14:10:43.0531 2960 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:10:43.0546 2960 Imapi - ok
14:10:43.0562 2960 [ f7b93aafad33b2320954c17e26c8d361 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:10:43.0562 2960 ImapiService - ok
14:10:43.0562 2960 ini910u - ok
14:10:43.0671 2960 [ 927cf2be4e57ff55e23759ac0ca57aa3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:10:43.0687 2960 IntcAzAudAddService - ok
14:10:43.0687 2960 IntelIde - ok
14:10:43.0703 2960 [ 3bb22519a194418d5fec05d800a19ad0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:10:43.0703 2960 ip6fw - ok
14:10:43.0718 2960 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:10:43.0718 2960 IpFilterDriver - ok
14:10:43.0718 2960 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:10:43.0718 2960 IpInIp - ok
14:10:43.0734 2960 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:10:43.0734 2960 IpNat - ok
14:10:43.0750 2960 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:10:43.0750 2960 IPSec - ok
14:10:43.0765 2960 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:10:43.0765 2960 IRENUM - ok
14:10:43.0781 2960 [ cc9f8a2d60aed1a51a3ac34c59b987ae ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:10:43.0781 2960 isapnp - ok
14:10:43.0875 2960 [ 973db7ac74c554c546f8b0b7b98fb855 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:10:43.0875 2960 JavaQuickStarterService - ok
14:10:43.0921 2960 [ 1b6162fe7f66b1a71a4b70f941c4aa9b ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:10:43.0921 2960 Kbdclass - ok
14:10:43.0968 2960 [ 86c8f23616c6c6e5b2776901c17b945b ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:10:43.0984 2960 kbdhid - ok
14:10:44.0031 2960 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:10:44.0031 2960 kmixer - ok
14:10:44.0046 2960 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:10:44.0093 2960 KSecDD - ok
14:10:44.0125 2960 [ 3428e8f86f8add36b42fb23542c7b3e4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:10:44.0125 2960 lanmanserver - ok
14:10:44.0156 2960 [ 936c1d110232d23b621cb0196e4f80f0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:10:44.0156 2960 lanmanworkstation - ok
14:10:44.0171 2960 [ 0ab159f536e3e8f7f07113702a07cca5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:10:44.0187 2960 LmHosts - ok
14:10:44.0187 2960 [ 221cd1c815b8a6b79389c3f5d1018de8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:10:44.0187 2960 Messenger - ok
14:10:44.0203 2960 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:10:44.0203 2960 mnmdd - ok
14:10:44.0203 2960 [ 9a57d046f88f4b69751b11fd40088a61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:10:44.0218 2960 mnmsrvc - ok
14:10:44.0218 2960 [ 44032b0c6d9954d3fd26438330b99ee7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:10:44.0218 2960 Modem - ok
14:10:44.0234 2960 [ 4cb582831dbde63ce43b45d771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:10:44.0234 2960 Mouclass - ok
14:10:44.0250 2960 [ bb269eba740737ab749b214d568b6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:10:44.0250 2960 mouhid - ok
14:10:44.0250 2960 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:10:44.0265 2960 MountMgr - ok
14:10:44.0265 2960 mraid35x - ok
14:10:44.0265 2960 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:10:44.0265 2960 MRxDAV - ok
14:10:44.0296 2960 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:10:44.0296 2960 MRxSmb - ok
14:10:44.0312 2960 [ 6db4d1521caba9a5ffab54ade0ae867d ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:10:44.0312 2960 MSDTC - ok
14:10:44.0312 2960 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:10:44.0312 2960 Msfs - ok
14:10:44.0312 2960 MSIServer - ok
14:10:44.0328 2960 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:10:44.0328 2960 MSKSSRV - ok
14:10:44.0328 2960 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:10:44.0328 2960 MSPCLOCK - ok
14:10:44.0328 2960 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:10:44.0343 2960 MSPQM - ok
14:10:44.0343 2960 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:10:44.0343 2960 mssmbios - ok
14:10:44.0375 2960 MSSQLSERVER - ok
14:10:44.0390 2960 [ adaf062116b4e6d96e44d26486a87af6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:10:44.0390 2960 MSSQLServerADHelper - ok
14:10:44.0406 2960 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:10:44.0406 2960 Mup - ok
14:10:44.0437 2960 [ 6ea362e9db03d44f6b996f4d8be237e9 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:10:44.0437 2960 napagent - ok
14:10:44.0468 2960 [ b498a14133bd09ad0817590ace4470ad ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
14:10:44.0468 2960 NBService - ok
14:10:44.0484 2960 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:10:44.0484 2960 NDIS - ok
14:10:44.0484 2960 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:10:44.0484 2960 NdisTapi - ok
14:10:44.0531 2960 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:10:44.0531 2960 Ndisuio - ok
14:10:44.0531 2960 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:10:44.0531 2960 NdisWan - ok
14:10:44.0562 2960 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:10:44.0562 2960 NDProxy - ok
14:10:44.0562 2960 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:10:44.0562 2960 NetBIOS - ok
14:10:44.0578 2960 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:10:44.0578 2960 NetBT - ok
14:10:44.0593 2960 [ 933de774986ec85e48210c44ab431de6 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:10:44.0593 2960 NetDDE - ok
14:10:44.0593 2960 [ 933de774986ec85e48210c44ab431de6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:10:44.0593 2960 NetDDEdsdm - ok
14:10:44.0609 2960 [ ed0a176354487ceed65b80a7148ab739 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:10:44.0609 2960 Netlogon - ok
14:10:44.0625 2960 [ 72e1e9e2977be08bdeedb6d8fd9d4d40 ] Netman C:\WINDOWS\System32\netman.dll
14:10:44.0625 2960 Netman - ok
14:10:44.0640 2960 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:10:44.0640 2960 NetTcpPortSharing - ok
14:10:44.0656 2960 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:10:44.0656 2960 NIC1394 - ok
14:10:44.0687 2960 [ 39ee7c3bfbc64ba87cc8cf67386e814c ] Nla C:\WINDOWS\System32\mswsock.dll
14:10:44.0687 2960 Nla - ok
14:10:44.0734 2960 [ a328a46d87bb92ce4d8a4528e9d84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:10:44.0734 2960 NMIndexingService - ok
14:10:44.0734 2960 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:10:44.0734 2960 Npfs - ok
14:10:44.0750 2960 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:10:44.0750 2960 Ntfs - ok
14:10:44.0750 2960 [ ed0a176354487ceed65b80a7148ab739 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:10:44.0750 2960 NtLmSsp - ok
14:10:44.0781 2960 [ 023dd70573d644f3d9c8b1258a7bfd08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:10:44.0781 2960 NtmsSvc - ok
14:10:44.0796 2960 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
14:10:44.0796 2960 Null - ok
14:10:44.0812 2960 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:10:44.0812 2960 NwlnkFlt - ok
14:10:44.0812 2960 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:10:44.0812 2960 NwlnkFwd - ok
14:10:44.0812 2960 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:10:44.0812 2960 ohci1394 - ok
14:10:44.0890 2960 [ 98a418cff837df4954006bd8f23ec903 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
14:10:44.0937 2960 OODefragAgent - ok
14:10:44.0953 2960 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:10:44.0953 2960 ose - ok
14:10:44.0984 2960 [ f43e58dfc53dd59377e212894ad57330 ] PAR1284 C:\WINDOWS\system32\PAR1284.sys
14:10:44.0984 2960 PAR1284 - ok
14:10:45.0000 2960 [ 46f8db73b4a53e543f8e371dc7c75bae ] Parport C:\WINDOWS\system32\drivers\Parport.sys
14:10:45.0000 2960 Parport - ok
14:10:45.0000 2960 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:10:45.0000 2960 PartMgr - ok
14:10:45.0015 2960 [ 1fae19d0457176318bba4a8795656ebc ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:10:45.0015 2960 ParVdm - ok
14:10:45.0031 2960 [ 6ce351d149cb4befc702951e471e1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:10:45.0031 2960 PCI - ok
14:10:45.0031 2960 PCIDump - ok
14:10:45.0046 2960 [ 2da4ec85e0ea7a45c6b2a05820492d5a ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:10:45.0046 2960 PCIIde - ok
14:10:45.0046 2960 [ 4fc31e6c19a5ce5198b1abff94cae758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:10:45.0046 2960 Pcmcia - ok
14:10:45.0093 2960 [ a0937771070bf59468b4939dd0ae59fd ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
14:10:45.0093 2960 PCToolsSSDMonitorSvc - ok
14:10:45.0093 2960 perc2 - ok
14:10:45.0109 2960 perc2hib - ok
14:10:45.0125 2960 [ 9ef697af07bb8dd82c3b02ca953a95b7 ] PlugPlay C:\WINDOWS\system32\services.exe
14:10:45.0125 2960 PlugPlay - ok
14:10:45.0125 2960 [ ed0a176354487ceed65b80a7148ab739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:10:45.0125 2960 PolicyAgent - ok
14:10:45.0140 2960 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:10:45.0140 2960 PptpMiniport - ok
14:10:45.0156 2960 [ 7eb15dce4ec3a0220bd796a15c18186e ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:10:45.0156 2960 Processor - ok
14:10:45.0156 2960 [ ed0a176354487ceed65b80a7148ab739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:10:45.0156 2960 ProtectedStorage - ok
14:10:45.0156 2960 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:10:45.0156 2960 PSched - ok
14:10:45.0171 2960 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:10:45.0171 2960 Ptilink - ok
14:10:45.0171 2960 ql1080 - ok
14:10:45.0187 2960 Ql10wnt - ok
14:10:45.0187 2960 ql12160 - ok
14:10:45.0187 2960 ql1240 - ok
14:10:45.0187 2960 ql1280 - ok
14:10:45.0203 2960 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:10:45.0203 2960 RasAcd - ok
14:10:45.0218 2960 [ 2b5e44ea009f2f374b980e1e9a70635d ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:10:45.0218 2960 RasAuto - ok
14:10:45.0218 2960 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:10:45.0234 2960 Rasl2tp - ok
14:10:45.0250 2960 [ d57554c664b64604bd1ee13ea2c07e77 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:10:45.0265 2960 RasMan - ok
14:10:45.0265 2960 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:10:45.0265 2960 RasPppoe - ok
14:10:45.0265 2960 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:10:45.0265 2960 Raspti - ok
14:10:45.0281 2960 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:10:45.0296 2960 Rdbss - ok
14:10:45.0296 2960 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:10:45.0296 2960 RDPCDD - ok
14:10:45.0296 2960 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:10:45.0296 2960 rdpdr - ok
14:10:45.0343 2960 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:10:45.0343 2960 RDPWD - ok
14:10:45.0375 2960 [ c0d9d9711cb74ee9bc66353d8cbdab0e ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:10:45.0375 2960 RDSessMgr - ok
14:10:45.0406 2960 [ 611bfd220305be3a85ae876ea47d4aa5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:10:45.0406 2960 redbook - ok
14:10:45.0437 2960 [ 127c26b5371651043450e52542099aba ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:10:45.0437 2960 RemoteAccess - ok
14:10:45.0468 2960 [ 8f31505484a190d5b22274708799f4ec ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:10:45.0468 2960 RemoteRegistry - ok
14:10:45.0468 2960 [ 718b3bdc0bc3c2f7d065a53d26202af9 ] RpcLocator C:\WINDOWS\System32\locator.exe
14:10:45.0468 2960 RpcLocator - ok
14:10:45.0500 2960 [ be27674d1cbc3214aec84b4336a38bbf ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:10:45.0500 2960 RpcSs - ok
14:10:45.0515 2960 [ 09ab2e71e58b078038e3bfdba7ffc984 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:10:45.0515 2960 RSVP - ok
14:10:45.0593 2960 [ ee76248ca187bb50ff964a287d420fee ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMI.sys
14:10:45.0656 2960 RTHDMIAzAudService - ok
14:10:45.0671 2960 [ f0a21c62b9b835e1c96268eaae31d239 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:10:45.0671 2960 RTLE8023xp - ok
14:10:45.0671 2960 [ ed0a176354487ceed65b80a7148ab739 ] SamSs C:\WINDOWS\system32\lsass.exe
14:10:45.0671 2960 SamSs - ok
14:10:45.0687 2960 [ 410046e401eb11e1e6749e9deea41d4a ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:10:45.0687 2960 SCardSvr - ok
14:10:45.0718 2960 [ 3ff232a7731621b8902d81d42418c93c ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:10:45.0718 2960 Schedule - ok
14:10:45.0734 2960 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:10:45.0734 2960 Secdrv - ok
14:10:45.0750 2960 [ 477e2c3cc5e4a0d635bcb0ea8dcac3c6 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:10:45.0750 2960 seclogon - ok
14:10:45.0765 2960 [ a530b75c10c23c9ab28fdb6ce719e21f ] SENS C:\WINDOWS\system32\sens.dll
14:10:45.0765 2960 SENS - ok
14:10:45.0781 2960 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:10:45.0781 2960 serenum - ok
14:10:45.0781 2960 [ b842729337c9b921615c40d3c1a1af96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:10:45.0781 2960 Serial - ok
14:10:45.0828 2960 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:10:45.0828 2960 Sfloppy - ok
14:10:45.0843 2960 [ f58faca9621d2db01bd0927d9a0a208e ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:10:45.0859 2960 SharedAccess - ok
14:10:45.0875 2960 [ ee9a2b9ea968a792a053c9d1a86bf870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:10:45.0875 2960 ShellHWDetection - ok
14:10:45.0875 2960 Simbad - ok
14:10:45.0906 2960 [ bd3863c139f3380a9f44fb188feefc6e ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
14:10:45.0906 2960 snapman - ok
14:10:45.0906 2960 Sparrow - ok
14:10:45.0937 2960 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:10:45.0937 2960 splitter - ok
14:10:45.0953 2960 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:10:45.0953 2960 Spooler - ok
14:10:45.0953 2960 ================ Scan global ===============================
14:10:45.0953 2960 (f36278e42c8c5df03ce17dac8231c91c) C:\WINDOWS\system32\basesrv.dll
14:10:45.0984 2960 (f3fa14a297bc687d0b51289d034033c9) C:\WINDOWS\system32\winsrv.dll
14:10:46.0000 2960 (f3fa14a297bc687d0b51289d034033c9) C:\WINDOWS\system32\winsrv.dll
14:10:46.0000 2960 (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
14:10:46.0000 2960 [Global] - ok
14:10:46.0000 2960 ================ Scan MBR ==================================
14:10:46.0015 2960 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
14:10:46.0187 2960 \Device\Harddisk0\DR0 - ok
14:10:46.0187 2960 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:10:46.0234 2960 \Device\Harddisk1\DR1 - ok
14:10:46.0234 2960 ================ Scan VBR ==================================
14:10:46.0234 2960 Boot (0x1200) (0c9cf58b039381786757d6e4c9d53e2c) \Device\Harddisk0\DR0\Partition1
14:10:46.0234 2960 \Device\Harddisk0\DR0\Partition1 - ok
14:10:46.0250 2960 Boot (0x1200) (525d1c54fadba2bd8357fbea485ea750) \Device\Harddisk0\DR0\Partition2
14:10:46.0250 2960 \Device\Harddisk0\DR0\Partition2 - ok
14:10:46.0265 2960 Boot (0x1200) (3be5de4c7cdc8c1bebf89fca350c8470) \Device\Harddisk0\DR0\Partition3
14:10:46.0265 2960 \Device\Harddisk0\DR0\Partition3 - ok
14:10:46.0281 2960 Boot (0x1200) (10e5b0fa4180dfce2e773f55fd7eb1c8) \Device\Harddisk1\DR1\Partition1
14:10:46.0281 2960 \Device\Harddisk1\DR1\Partition1 - ok
14:10:46.0281 2960 Boot (0x1200) (b1090bbb02921e91373529a4b1b88d55) \Device\Harddisk1\DR1\Partition2
14:10:46.0281 2960 \Device\Harddisk1\DR1\Partition2 - ok
14:10:46.0281 2960 Boot (0x1200) (1b3738f720e6605c8af85dc74bf3f6f3) \Device\Harddisk1\DR1\Partition3
14:10:46.0296 2960 \Device\Harddisk1\DR1\Partition3 - ok
14:10:46.0296 2960 Boot (0x1200) (7d6a2078d6c2a4c67bf5ceba6f2aa2f2) \Device\Harddisk1\DR1\Partition4
14:10:46.0296 2960 \Device\Harddisk1\DR1\Partition4 - ok
14:10:46.0296 2960 ============================================================
14:10:46.0296 2960 Scan finished
14:10:46.0296 2960 ============================================================
14:10:46.0312 2496 Detected object count: 0
14:10:46.0312 2496 Actual detected object count: 0
14:10:58.0156 2612 Deinitialize success

mafian · Příspěvekod **mafian** » 20 srp 2012 14:14

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 14:12:52
-----------------------------
14:12:52.078 OS Version: Windows 5.1.2600 Service Pack 3
14:12:52.078 Number of processors: 4 586 0x402
14:12:52.078 ComputerName: ADMIN UserName:
14:12:53.453 Initialize success
14:13:00.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:13:00.546 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476938MB BusType: 3
14:13:00.546 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
14:13:00.546 Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476938MB BusType: 3
14:13:00.578 Disk 0 MBR read successfully
14:13:00.578 Disk 0 MBR scan
14:13:00.578 Disk 0 Windows XP default MBR code
14:13:00.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70001 MB offset 63
14:13:00.578 Disk 0 Partition - 00 0F Extended LBA 61059 MB offset 143364060
14:13:00.593 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 345875 MB offset 268414020
14:13:00.609 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 61059 MB offset 143364123
14:13:00.609 Disk 0 scanning sectors +976768065
14:13:00.703 Disk 0 scanning C:\WINDOWS\system32\drivers
14:13:04.453 Service scanning
14:13:11.593 Modules scanning
14:13:14.500 Disk 0 trace - called modules:
14:13:14.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
14:13:14.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aff1ab8]
14:13:14.515 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8b0b97c8]
14:13:14.515 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b0969f8]
14:13:14.515 Scan finished successfully
14:13:20.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\uživatel\Plocha\MBR.dat"
14:13:20.375 The log file has been saved successfully to "C:\Documents and Settings\uživatel\Plocha\aswMBR.txt"

díky za rady co mam dělat dál avg už hlásí vir v jedné hře tak ji smažu a nainstaluji znova.

Příspěvekod **jaro3** » 21 srp 2012 00:06

Pokud není hra ledální , tak ji hned smaž..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

ESET OnlineScan

Poznámka:
Je doporučeno mít během skenu vypnutý antivirový a antispywarový program .Zároveň se doporučuje mít zavřeny všechny ostatní okna , programy a nesurfovat po netu. Po skončení skenu si nezapomeň zase ochrany antiviru a antispywaru zapnout.Je doporučeno použít pro kontrolu prohlížeč Internet Explorer , jinak je nutno nainstalovat ESET Smart Installer a po skončení skenu vše zase řádně odinstalovat.

1. Klikni na ESET OnlineScan
2. Klikni na tlačítko Run ESET Online Scanner
3. Jen pro jiné prohlížeče než je Internet Explorer ( Ti , co mají spuštěn IE mohou toto přeskočit)
3.1. Klikni na esetsmartinstaller_enu.exe ke stáhnutí ESET Smart Installeru , ulož si soubor na svojí plochu.
3.2. Poklepej na ploše na ikonu esetsmartinstaller_enu

4. Dej zatržítko do čtverečku YES , I accept the Terms of Use. ( k potvrzení podmínek užití)
5. Klikni na tlačítko Start
6. Akceptuj další bezpečnostní varování ze svého prohlížeče. Nainstaluj si ovl.prvek ActiveX
7. Dej zatržítko do čtverečku Scan archives
8. Ujisti se , že volba "Remove found threats" je nezaškrtnuta
9. Když se objeví display nastavení skenu počítače , klikni na Advanced settings , a dej zatržítko na :
Enable Anti-Stealth technology (pokud není již zatržena)
10. Klikni na tlačítko Start
11. ESET si pak stáhne svojí aktualizaci , nainstaluje jí a poté začne skenovat Tvůj počítač
12. Když bude sken hotov , klikni na šipku List of found threads
13. Klikni na tlačítko Export to text file , a soubor si ulož pod nějakým jménem na svojí plochu
14. Klikni na tlačítko Back
15. Klikni na tlačítko Finish

Celý obsah textového souboru , který sis uložil na plochu sem prosím vlož.

mafian · Příspěvekod **mafian** » 21 srp 2012 10:16

ComboFix 12-08-20.02 - uživatel 21.08.2012 10:08:12.13.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2672 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-21 do 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 06:46 . 2012-08-21 07:09 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-08-20 12:36 . 2012-08-20 12:36 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-20 07:16 . 2012-08-20 07:17 -------- d-----w- c:\program files\Unlocker
2012-08-19 14:37 . 2012-08-19 14:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2012-08-19 14:37 . 2012-08-19 14:37 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Spyware Terminator
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\rundll16.exe
2012-08-19 13:59 . 2012-08-19 13:59 -------- d---a-w- c:\windows\logo1_.exe
2012-08-17 10:26 . 2012-08-17 10:33 -------- d-----w- c:\program files\WinUtilities
2012-08-17 10:26 . 2010-07-25 20:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2012-08-17 10:26 . 2010-07-25 20:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2012-08-17 10:26 . 2010-07-25 20:23 33968 ----a-w- c:\windows\system32\anim.dll
2012-08-17 10:26 . 2010-07-25 20:23 258352 ----a-w- c:\windows\system32\unicows.dll
2012-08-17 10:26 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-17 10:26 . 2010-07-25 20:23 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2012-08-17 10:26 . 2010-07-25 20:23 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2012-08-16 16:32 . 2012-08-21 06:21 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-02 12:51 . 2012-08-02 12:51 -------- d-----w- C:\HostsXpert
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-07-23 19:40 . 2012-07-23 19:41 -------- d-----w- C:\janka
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 12:51 . 2012-08-02 12:51 357766 ----a-w- C:\HostsXpert.zip
2012-07-27 11:34 . 2012-07-02 11:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 11:34 . 2012-07-02 11:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 18:03 . 2012-07-06 18:03 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-07-06 18:03 . 2012-07-06 18:03 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-07-06 13:58 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-12-28 09:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2001-10-25 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2012-02-02 13:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:38 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2012-06-29 17:49 . 2012-06-29 17:49 3584 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 15:49 . 2011-12-28 11:22 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-10-25 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-12-28 10:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-12-28 10:55 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-12-28 10:55 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-12-28 10:55 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2011-12-28 09:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2001-10-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2011-12-28 10:55 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-12-28 09:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_08.37.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-21 08:12 . 2012-08-21 08:12 16384 c:\windows\temp\Perflib_Perfdata_8cc.dat
+ 2012-08-21 08:12 . 2012-08-21 08:12 16384 c:\windows\temp\Perflib_Perfdata_83c.dat
+ 2011-06-06 11:55 . 2011-06-06 11:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\JP2KLib.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0100000010\10.1.0\AGM.dll
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\3169c9.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]
2011-08-30 21:43 925960 ----a-w- c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2010-06-21 13:56 1763840 ----a-w- c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-19 13:24 158120 ----atw- c:\documents and settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 17:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 17:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-11-17 16:18 2773328 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2011-10-04 08:28 220992 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2012-02-16 13:29 114992 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
2012-02-26 14:01 295728 ----a-w- c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 1:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 6:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 6:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 18:21 239168]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 12:55 85344]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files\ABBYY FineReader 11\NetworkLicenseServer.exe [18.8.2011 15:47 819976]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 22:03 660768]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 17:07 759048]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [23.1.2012 20:52 793048]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 20:31 2156952]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [9.7.2012 15:19 935008]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 17:18 103040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24.4.2012 10:11 250056]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 18:17 2489680]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-21 10:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-08-21 10:14:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-21 08:14
ComboFix2.txt 2012-08-20 12:07
ComboFix3.txt 2012-08-20 08:40
ComboFix4.txt 2012-07-28 16:28
ComboFix5.txt 2012-08-21 08:07
.
Před spuštěním: Volných bajtů: 27 982 131 200
Po spuštění: Volných bajtů: 27 952 095 232
.
- - End Of File - - 108C42921F7B5B5289FFAEB878735495

mafian · Příspěvekod **mafian** » 21 srp 2012 10:18

tak ten program nejde spustiti i když ho přejmenuji vždy hodí ops crashed a restart a vypne se.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:07, on 21.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Documents and Settings\uživatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 7887 bytes

prosím o kontrolu vir worm/delf.ff Vyřešeno

prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Re: prosím o kontrolu vir worm/delf.ff

Kdo je online