prosím o kontrolu logu Vyřešeno

[sitmin]

2 část logu
14:50:25.0460 1156 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:50:25.0506 1156 PptpMiniport - ok
14:50:25.0538 1156 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:50:25.0569 1156 Processor - ok
14:50:25.0631 1156 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:50:25.0647 1156 ProfSvc - ok
14:50:25.0662 1156 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:50:25.0678 1156 ProtectedStorage - ok
14:50:25.0725 1156 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:50:25.0756 1156 Psched - ok
14:50:25.0772 1156 [ a6a7ad767bf5141665f5c675f671b3e1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:50:25.0787 1156 PSI_SVC_2 - ok
14:50:25.0834 1156 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:50:25.0850 1156 ql2300 - ok
14:50:25.0881 1156 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:50:25.0881 1156 ql40xx - ok
14:50:25.0912 1156 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
14:50:25.0928 1156 QWAVE - ok
14:50:25.0943 1156 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:50:25.0959 1156 QWAVEdrv - ok
14:50:25.0974 1156 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:50:26.0006 1156 RasAcd - ok
14:50:26.0021 1156 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:50:26.0052 1156 RasAgileVpn - ok
14:50:26.0068 1156 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
14:50:26.0099 1156 RasAuto - ok
14:50:26.0130 1156 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:50:26.0162 1156 Rasl2tp - ok
14:50:26.0208 1156 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
14:50:26.0255 1156 RasMan - ok
14:50:26.0333 1156 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:50:26.0380 1156 RasPppoe - ok
14:50:26.0396 1156 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:50:26.0411 1156 RasSstp - ok
14:50:26.0427 1156 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:50:26.0458 1156 rdbss - ok
14:50:26.0474 1156 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:50:26.0489 1156 rdpbus - ok
14:50:26.0505 1156 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:50:26.0520 1156 RDPCDD - ok
14:50:26.0567 1156 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:50:26.0583 1156 RDPDR - ok
14:50:26.0598 1156 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:50:26.0630 1156 RDPENCDD - ok
14:50:26.0645 1156 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:50:26.0676 1156 RDPREFMP - ok
14:50:26.0723 1156 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:50:26.0754 1156 RDPWD - ok
14:50:26.0801 1156 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:50:26.0817 1156 rdyboost - ok
14:50:26.0864 1156 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:50:26.0910 1156 RemoteAccess - ok
14:50:26.0926 1156 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:50:26.0973 1156 RemoteRegistry - ok
14:50:27.0004 1156 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:50:27.0020 1156 RpcEptMapper - ok
14:50:27.0051 1156 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
14:50:27.0066 1156 RpcLocator - ok
14:50:27.0129 1156 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
14:50:27.0176 1156 RpcSs - ok
14:50:27.0191 1156 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:50:27.0222 1156 rspndr - ok
14:50:27.0254 1156 [ fd978b2bf8a9b2390dcbef435e9c1f9f ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:50:27.0254 1156 RTL8167 - ok
14:50:27.0316 1156 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:50:27.0332 1156 s3cap - ok
14:50:27.0347 1156 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
14:50:27.0363 1156 SamSs - ok
14:50:27.0410 1156 [ d641337b75b9a9d5ae10687aa1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
14:50:27.0441 1156 Samsung UPD Service - ok
14:50:27.0503 1156 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:50:27.0534 1156 sbp2port - ok
14:50:27.0612 1156 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:50:27.0831 1156 SBSDWSCService - ok
14:50:27.0862 1156 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:50:27.0878 1156 SCardSvr - ok
14:50:27.0924 1156 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:50:27.0987 1156 scfilter - ok
14:50:28.0065 1156 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
14:50:28.0112 1156 Schedule - ok
14:50:28.0158 1156 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
14:50:28.0190 1156 SCPolicySvc - ok
14:50:28.0252 1156 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:50:28.0283 1156 SDRSVC - ok
14:50:28.0346 1156 [ 16a252022535b680046f6e34e136d378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:50:28.0408 1156 SeaPort - ok
14:50:28.0424 1156 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:50:28.0455 1156 secdrv - ok
14:50:28.0470 1156 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
14:50:28.0502 1156 seclogon - ok
14:50:28.0517 1156 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
14:50:28.0548 1156 SENS - ok
14:50:28.0564 1156 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:50:28.0580 1156 SensrSvc - ok
14:50:28.0595 1156 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:50:28.0611 1156 Serenum - ok
14:50:28.0626 1156 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:50:28.0642 1156 Serial - ok
14:50:28.0689 1156 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:50:28.0720 1156 sermouse - ok
14:50:28.0814 1156 [ 8c1f87f5fdd92229d1754b98f073913f ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:50:28.0860 1156 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:50:28.0860 1156 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:50:28.0907 1156 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:50:28.0938 1156 SessionEnv - ok
14:50:28.0985 1156 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:50:29.0016 1156 sffdisk - ok
14:50:29.0032 1156 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:50:29.0048 1156 sffp_mmc - ok
14:50:29.0063 1156 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:50:29.0079 1156 sffp_sd - ok
14:50:29.0094 1156 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:50:29.0110 1156 sfloppy - ok
14:50:29.0141 1156 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:50:29.0172 1156 SharedAccess - ok
14:50:29.0250 1156 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:50:29.0313 1156 ShellHWDetection - ok
14:50:29.0328 1156 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:50:29.0344 1156 SiSRaid2 - ok
14:50:29.0375 1156 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:50:29.0375 1156 SiSRaid4 - ok
14:50:29.0422 1156 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:50:29.0453 1156 Smb - ok
14:50:29.0500 1156 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:50:29.0516 1156 SNMPTRAP - ok
14:50:29.0750 1156 [ 2991256ae2669897978a7112b10d452d ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
14:50:29.0843 1156 SNPSTD3 - ok
14:50:29.0874 1156 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:50:29.0874 1156 spldr - ok
14:50:29.0937 1156 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:50:29.0952 1156 Spooler - ok
14:50:30.0077 1156 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
14:50:30.0140 1156 sppsvc - ok
14:50:30.0155 1156 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:50:30.0186 1156 sppuinotify - ok
14:50:30.0249 1156 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
14:50:30.0280 1156 srv - ok
14:50:30.0311 1156 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:50:30.0327 1156 srv2 - ok
14:50:30.0342 1156 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:50:30.0358 1156 srvnet - ok
14:50:30.0389 1156 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:50:30.0405 1156 SSDPSRV - ok
14:50:30.0436 1156 [ 0211ab46b73a2623b86c1cfcb30579ab ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
14:50:30.0452 1156 SSPORT - ok
14:50:30.0467 1156 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:50:30.0483 1156 SstpSvc - ok
14:50:30.0530 1156 [ 8c37c35fb2d9692dda0eddbca58bfe18 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:50:30.0561 1156 Stereo Service - ok
14:50:30.0592 1156 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:50:30.0592 1156 stexstor - ok
14:50:30.0654 1156 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
14:50:30.0701 1156 stisvc - ok
14:50:30.0764 1156 [ b6baf8151060f07386c72bc5641290b3 ] StkTMini C:\Windows\system32\Drivers\StkTMini.sys
14:50:30.0779 1156 StkTMini ( UnsignedFile.Multi.Generic ) - warning
14:50:30.0779 1156 StkTMini - detected UnsignedFile.Multi.Generic (1)
14:50:30.0842 1156 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:50:30.0873 1156 storflt - ok
14:50:30.0920 1156 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll
14:50:30.0935 1156 StorSvc - ok
14:50:30.0966 1156 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:50:30.0966 1156 storvsc - ok
14:50:31.0029 1156 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:50:31.0029 1156 swenum - ok
14:50:31.0154 1156 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:50:31.0200 1156 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:50:31.0200 1156 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:50:31.0232 1156 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
14:50:31.0263 1156 swprv - ok
14:50:31.0341 1156 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
14:50:31.0403 1156 SysMain - ok
14:50:31.0450 1156 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:50:31.0481 1156 TabletInputService - ok
14:50:31.0512 1156 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:50:31.0544 1156 TapiSrv - ok
14:50:31.0559 1156 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
14:50:31.0590 1156 TBS - ok
14:50:31.0668 1156 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:50:31.0715 1156 Tcpip - ok
14:50:31.0746 1156 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:50:31.0778 1156 TCPIP6 - ok
14:50:31.0840 1156 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:50:31.0856 1156 tcpipreg - ok
14:50:31.0902 1156 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:50:31.0918 1156 TDPIPE - ok
14:50:31.0965 1156 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:50:31.0980 1156 TDTCP - ok
14:50:32.0027 1156 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:50:32.0090 1156 tdx - ok
14:50:32.0199 1156 [ 641500967e5e87cf026df0193ab84ea7 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:50:32.0386 1156 TeamViewer7 - ok
14:50:32.0433 1156 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:50:32.0433 1156 TermDD - ok
14:50:32.0495 1156 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
14:50:32.0573 1156 TermService - ok
14:50:32.0604 1156 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
14:50:32.0620 1156 Themes - ok
14:50:32.0651 1156 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
14:50:32.0667 1156 THREADORDER - ok
14:50:32.0698 1156 [ 9f35d93667722fecb6d49c519492fdf0 ] TotRec7 C:\Windows\system32\drivers\TotRec7.sys
14:50:32.0714 1156 TotRec7 - ok
14:50:32.0745 1156 [ 214fbaf40262161893aa2728b437bb34 ] TotRec8 C:\Windows\system32\drivers\TotRec8.sys
14:50:32.0760 1156 TotRec8 - ok
14:50:32.0807 1156 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
14:50:32.0870 1156 TrkWks - ok
14:50:32.0948 1156 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:50:33.0026 1156 TrustedInstaller - ok
14:50:33.0088 1156 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:50:33.0135 1156 tssecsrv - ok
14:50:33.0182 1156 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:50:33.0197 1156 TsUsbFlt - ok
14:50:33.0244 1156 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:50:33.0291 1156 tunnel - ok
14:50:33.0338 1156 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:50:33.0353 1156 uagp35 - ok
14:50:33.0369 1156 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:50:33.0400 1156 udfs - ok
14:50:33.0431 1156 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:50:33.0447 1156 UI0Detect - ok
14:50:33.0462 1156 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:50:33.0478 1156 uliagpkx - ok
14:50:33.0540 1156 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:50:33.0556 1156 umbus - ok
14:50:33.0587 1156 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:50:33.0603 1156 UmPass - ok
14:50:33.0634 1156 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
14:50:33.0650 1156 UmRdpService - ok
14:50:33.0821 1156 [ 6796a8ee849de9efb76188c34b9999e2 ] Update Server C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
14:50:33.0852 1156 Update Server - ok
14:50:33.0930 1156 [ 4e3696d404b2d4d0c370d1faba2123ed ] Updatesrv C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
14:50:33.0946 1156 Updatesrv - ok
14:50:33.0993 1156 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
14:50:34.0055 1156 upnphost - ok
14:50:34.0149 1156 [ 4e93c8496359e97830c75ac36393654d ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
14:50:34.0180 1156 upperdev - ok
14:50:34.0242 1156 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:50:34.0274 1156 USBAAPL64 - ok
14:50:34.0336 1156 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:50:34.0367 1156 usbaudio - ok
14:50:34.0430 1156 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:50:34.0461 1156 usbccgp - ok
14:50:34.0476 1156 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:50:34.0492 1156 usbcir - ok
14:50:34.0523 1156 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:50:34.0539 1156 usbehci - ok
14:50:34.0554 1156 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:50:34.0570 1156 usbhub - ok
14:50:34.0601 1156 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:50:34.0617 1156 usbohci - ok
14:50:34.0664 1156 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:50:34.0710 1156 usbprint - ok
14:50:34.0742 1156 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:50:34.0757 1156 usbscan - ok
14:50:34.0804 1156 [ 4acee387fa8fd39f83564fcd2fc234f2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
14:50:34.0835 1156 usbser - ok
14:50:34.0898 1156 [ 8844cb19a37b65e27049d4a7786726a9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
14:50:34.0929 1156 UsbserFilt - ok
14:50:34.0944 1156 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:50:34.0976 1156 USBSTOR - ok
14:50:34.0991 1156 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:50:35.0007 1156 usbuhci - ok
14:50:35.0038 1156 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
14:50:35.0069 1156 UxSms - ok
14:50:35.0085 1156 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
14:50:35.0100 1156 VaultSvc - ok
14:50:35.0116 1156 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:50:35.0132 1156 vdrvroot - ok
14:50:35.0194 1156 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
14:50:35.0225 1156 vds - ok
14:50:35.0256 1156 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:50:35.0272 1156 vga - ok
14:50:35.0288 1156 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
14:50:35.0319 1156 VgaSave - ok
14:50:35.0366 1156 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:50:35.0397 1156 vhdmp - ok
14:50:35.0459 1156 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:50:35.0475 1156 viaide - ok
14:50:35.0506 1156 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:50:35.0522 1156 vmbus - ok
14:50:35.0537 1156 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:50:35.0553 1156 VMBusHID - ok
14:50:35.0584 1156 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:50:35.0600 1156 volmgr - ok
14:50:35.0646 1156 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:50:35.0662 1156 volmgrx - ok
14:50:35.0678 1156 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:50:35.0693 1156 volsnap - ok
14:50:35.0724 1156 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:50:35.0740 1156 vsmraid - ok
14:50:35.0818 1156 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
14:50:35.0865 1156 VSS - ok
14:50:35.0880 1156 VSSERV - ok
14:50:35.0896 1156 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:50:35.0912 1156 vwifibus - ok
14:50:35.0943 1156 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
14:50:35.0974 1156 W32Time - ok
14:50:35.0990 1156 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:50:36.0005 1156 WacomPen - ok
14:50:36.0036 1156 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:50:36.0052 1156 WANARP - ok
14:50:36.0068 1156 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:50:36.0099 1156 Wanarpv6 - ok
14:50:36.0146 1156 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:50:36.0192 1156 WatAdminSvc - ok
14:50:36.0270 1156 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
14:50:36.0302 1156 wbengine - ok
14:50:36.0317 1156 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:50:36.0333 1156 WbioSrvc - ok
14:50:36.0395 1156 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:50:36.0411 1156 wcncsvc - ok
14:50:36.0442 1156 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:50:36.0458 1156 WcsPlugInService - ok
14:50:36.0473 1156 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:50:36.0489 1156 Wd - ok
14:50:36.0520 1156 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:50:36.0536 1156 Wdf01000 - ok
14:50:36.0551 1156 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:50:36.0567 1156 WdiServiceHost - ok
14:50:36.0567 1156 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:50:36.0598 1156 WdiSystemHost - ok
14:50:36.0614 1156 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:50:36.0629 1156 WebClient - ok
14:50:36.0660 1156 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:50:36.0676 1156 Wecsvc - ok
14:50:36.0707 1156 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:50:36.0723 1156 wercplsupport - ok
14:50:36.0754 1156 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:50:36.0770 1156 WerSvc - ok
14:50:36.0785 1156 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:50:36.0816 1156 WfpLwf - ok
14:50:36.0832 1156 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:50:36.0832 1156 WIMMount - ok
14:50:36.0863 1156 WinDefend - ok
14:50:36.0879 1156 WinHttpAutoProxySvc - ok
14:50:36.0926 1156 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:50:36.0957 1156 Winmgmt - ok
14:50:37.0004 1156 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
14:50:37.0050 1156 WinRM - ok
14:50:37.0113 1156 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:50:37.0144 1156 WinUsb - ok
14:50:37.0191 1156 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
14:50:37.0206 1156 Wlansvc - ok
14:50:37.0316 1156 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:50:37.0362 1156 wlidsvc - ok
14:50:37.0409 1156 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:50:37.0425 1156 WmiAcpi - ok
14:50:37.0472 1156 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:50:37.0472 1156 wmiApSrv - ok
14:50:37.0503 1156 WMPNetworkSvc - ok
14:50:37.0534 1156 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:50:37.0550 1156 WPCSvc - ok
14:50:37.0612 1156 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:50:37.0628 1156 WPDBusEnum - ok
14:50:37.0643 1156 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:50:37.0659 1156 ws2ifsl - ok
14:50:37.0690 1156 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
14:50:37.0706 1156 wscsvc - ok
14:50:37.0706 1156 WSearch - ok
14:50:37.0815 1156 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:50:37.0862 1156 wuauserv - ok
14:50:37.0877 1156 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:50:37.0908 1156 WudfPf - ok
14:50:37.0940 1156 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:50:37.0971 1156 WUDFRd - ok
14:50:38.0002 1156 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:50:38.0033 1156 wudfsvc - ok
14:50:38.0064 1156 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
14:50:38.0080 1156 WwanSvc - ok
14:50:38.0096 1156 ================ Scan global ===============================
14:50:38.0142 1156 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
14:50:38.0189 1156 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:50:38.0205 1156 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:50:38.0220 1156 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
14:50:38.0252 1156 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
14:50:38.0252 1156 [Global] - ok
14:50:38.0252 1156 ================ Scan MBR ==================================
14:50:38.0267 1156 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:50:38.0486 1156 \Device\Harddisk0\DR0 - ok
14:50:38.0517 1156 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
14:50:38.0844 1156 \Device\Harddisk6\DR6 - ok
14:50:38.0844 1156 ================ Scan VBR ==================================
14:50:38.0844 1156 Boot (0x1200) (9314f02a5794931633b6d854547ffaab) \Device\Harddisk0\DR0\Partition1
14:50:38.0844 1156 \Device\Harddisk0\DR0\Partition1 - ok
14:50:38.0876 1156 Boot (0x1200) (99d0142e1e9eee0e2d7f067e0437b8ba) \Device\Harddisk0\DR0\Partition2
14:50:38.0876 1156 \Device\Harddisk0\DR0\Partition2 - ok
14:50:38.0907 1156 Boot (0x1200) (17ce425c407b2b4866cfdfdc6ee1814f) \Device\Harddisk0\DR0\Partition3
14:50:38.0907 1156 \Device\Harddisk0\DR0\Partition3 - ok
14:50:38.0907 1156 Boot (0x1200) (9022e6d9b47f3fd7b3db71f28049869d) \Device\Harddisk6\DR6\Partition1
14:50:38.0922 1156 \Device\Harddisk6\DR6\Partition1 - ok
14:50:38.0922 1156 ============================================================
14:50:38.0922 1156 Scan finished
14:50:38.0922 1156 ============================================================
14:50:38.0938 6804 Detected object count: 6
14:50:38.0938 6804 Actual detected object count: 6
14:50:46.0894 6804 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:46.0894 6804 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:46.0894 6804 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:46.0894 6804 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:46.0894 6804 MAGIX StartUp Analyze Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:46.0894 6804 MAGIX StartUp Analyze Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:46.0894 6804 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:46.0894 6804 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:46.0894 6804 StkTMini ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:46.0894 6804 StkTMini ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:46.0894 6804 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:46.0894 6804 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

[Reklama]

[jaro3]

Log z Combofixu nevidím...

+
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[sitmin]

děkuji, log z aswMBR
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-16 18:08:45
-----------------------------
18:08:45.487 OS Version: Windows x64 6.1.7601 Service Pack 1
18:08:45.487 Number of processors: 8 586 0x1E05
18:08:45.487 ComputerName: PETR-HP UserName: Petr
18:08:52.359 Initialize success
18:09:20.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:09:20.642 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 3
18:09:20.658 Disk 0 MBR read successfully
18:09:20.673 Disk 0 MBR scan
18:09:20.673 Disk 0 Windows 7 default MBR code
18:09:20.689 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048
18:09:20.704 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942703 MB offset 4194304
18:09:20.736 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9108 MB offset 1934850048
18:09:20.767 Disk 0 scanning C:\Windows\system32\drivers
18:09:30.423 Service scanning
18:09:49.143 Modules scanning
18:09:49.159 Disk 0 trace - called modules:
18:09:49.174 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
18:09:49.190 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b22790]
18:09:49.705 3 CLASSPNP.SYS[fffff88001b6943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007877050]
18:09:49.705 Scan finished successfully
18:10:15.055 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
18:10:15.117 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

+
Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[sitmin]

zde logo z combofixu, to druhé udělám v neděli
děkuji



ComboFix 12-08-17.03 - Petr 18.08.2012 1:06.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8151.5742 [GMT 2:00]
Spuštěný z: c:\users\Petr\Downloads\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\autorun.inf
c:\program files (x86)\Setup.exe
c:\programdata\F61C3C5866.sys
c:\users\Petr\AppData\Roaming\chrtmp
c:\users\Petr\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-17 do 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 12:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FA3ACAC-35D6-493A-980D-02011B13B59B}\mpengine.dll
2012-08-16 22:11 . 2012-08-16 22:12 -------- d-----w- c:\program files (x86)\Advanced PC Tweaker
2012-08-16 22:08 . 2012-08-16 22:08 304 ----a-w- C:\user.js
2012-08-16 22:08 . 2012-08-16 22:08 -------- d-----w- c:\users\Petr\AppData\Roaming\YourFileDownloader
2012-08-16 20:24 . 2012-08-16 20:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-16 19:59 . 2012-08-16 19:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-16 19:59 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 09:51 . 2012-08-16 09:51 -------- d-----w- c:\users\Petr\AppData\Roaming\QFX Software
2012-08-16 09:51 . 2012-08-16 09:51 -------- d-----w- c:\programdata\QFX Software
2012-08-16 09:10 . 2012-08-17 07:09 -------- d--h--w- c:\program files (x86)\iSafe AllInOne Keylogger
2012-08-14 22:59 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 22:59 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 22:59 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 22:59 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 19:42 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 19:42 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 19:42 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 19:42 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 19:42 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 19:42 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 19:42 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 19:42 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-07-24 08:27 . 2012-07-24 08:27 -------- d-----w- c:\users\Petr\AppData\Roaming\CyberLink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:13 . 2012-04-04 20:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 21:13 . 2011-05-18 09:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 02:27 . 2011-01-09 21:25 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-25 11:28 . 2011-01-23 11:40 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-09 05:43 . 2012-07-11 05:26 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 05:26 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:26 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:26 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:26 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:26 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:26 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 10:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 10:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:26 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 10:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 10:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 10:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:26 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:26 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:26 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:26 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:26 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:26 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:26 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2011-01-27 01:54 279656 ------w- c:\windows\system32\MpSigStub.exe
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2009-02-26 21:26 . 2009-02-26 21:26 151552 ----a-w- c:\program files (x86)\SetAlti.exe
2009-01-23 13:55 . 2009-01-23 13:55 184320 ----a-w- c:\program files (x86)\SecSNMP.dll
2007-04-25 03:55 . 2007-04-25 03:55 3207168 ----a-w- c:\program files (x86)\Ssres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-07-03 03:37 343296 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"E-MU USB Audio Control Panel"="c:\program files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe" [2010-09-03 319488]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-08-11 11258368]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-01 92352]
"Maple_S2P"="c:\program files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe" [2007-01-16 253952]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-06-30 339968]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-28 296056]
"SiteRanker"="c:\program files (x86)\SiteRanker\SiteRankTray.exe" [2012-07-03 320000]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files (x86)\MAGIX\PC_Check_Tuning_2011_Download_Version\MXSAS.exe [2010-11-18 196096]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-09 24208]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [2007-11-15 528256]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-16 467248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-06-28 692816]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-06-28 1040976]
S0 DiskSec;Magix Volume Filter Driver; [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2010-10-06 26624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-09-11 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-08-11 293376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-19 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-01 53224]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [2010-10-06 215000]
S3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 184400]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 122448]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:13]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 00:10]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 00:10]
.
2012-07-30 c:\windows\Tasks\HPCeeScheduleForPetr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-08-16 c:\windows\Tasks\PCCT - MAGIX AG.job
- c:\program files (x86)\MAGIX\PC_Check_Tuning_2011_Download_Version\MxTray.exe [2010-10-04 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 109344]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 2026680]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: business24.cz\www
Trusted Zone: servis24.cz\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5tskfh3c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112553 ... d93b344&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112553&tt=3312_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 46119c150000000000006c626d93b344
FF - user.js: extensions.BabylonToolbar.instlDay - 15568
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.60:08
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
WebBrowser-{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Dynasone_VST_2.02 - c:\windows\iun6002.exe
AddRemove-OrangeVocoder_VST_2.02 - c:\windows\iun6002.exe
AddRemove-PiWarp_VST_2.02 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vaaur8rPygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Celkový čas: 2012-08-18 01:49:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-17 23:49
.
Před spuštěním: Volných bajtů: 236 949 180 416
Po spuštění: Volných bajtů: 236 578 799 616
.
- - End Of File - - A11844446F7610970A393E16DCF4C658

[sitmin]

zde zpráva z roguekiller, děkuji


RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Petr [Práva správce]
Mód: Kontrola -- Datum: 08/18/2012 08:35:25

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++
--- User ---
[MBR] 69bdb106a6c5103ba5e0deeaa88b4401
[BSP] 5317ef19141d79d52b8b916fdb9bb003 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 2047 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 4194304 | Size: 942703 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1934850048 | Size: 9108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[jaro3]

Odinstaluj:
Spybot - Search & Destroy

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\programdata\KGyGaAvL.sys
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Google\Update

Driver::
gupdate
gupdatem
SBSDWSCService

DDS::
Trusted Zone: business24.cz\www
Trusted Zone: servis24.cz\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www

Firefox::
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5tskfh3c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112553 ... d93b344&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112553&tt=3312_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 46119c150000000000006c626d93b344
FF - user.js: extensions.BabylonToolbar.instlDay - 15568
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.60:08
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

RegLock::
[HKEY_USERS\.Default\Software\SetId\Internal]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\DRIVERS\avckf.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

iSafe AllInOne Keylogger---instaloval sis ho sám?


Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[sitmin]

děkuji, log z combofixu:
ComboFix 12-08-20.01 - Petr 20.08.2012 13:24:22.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8151.4867 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"c:\programdata\KGyGaAvL.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.115\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.115\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.115\psuser.dll
c:\program files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-6.2.2.6613.exe
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{F6604493-C19B-45CF-93CB-9B02BE2B0332}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy\advcheck.dll
c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\programdata\KGyGaAvL.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-20 do 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 11:52 . 2012-08-20 11:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 11:52 . 2012-08-20 11:52 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-08-17 23:06 . 2012-08-20 03:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FA3ACAC-35D6-493A-980D-02011B13B59B}\offreg.dll
2012-08-17 12:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FA3ACAC-35D6-493A-980D-02011B13B59B}\mpengine.dll
2012-08-16 22:11 . 2012-08-16 22:12 -------- d-----w- c:\program files (x86)\Advanced PC Tweaker
2012-08-16 22:08 . 2012-08-16 22:08 304 ----a-w- C:\user.js
2012-08-16 22:08 . 2012-08-16 22:08 -------- d-----w- c:\users\Petr\AppData\Roaming\YourFileDownloader
2012-08-16 19:59 . 2012-08-16 19:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-16 19:59 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 09:51 . 2012-08-16 09:51 -------- d-----w- c:\users\Petr\AppData\Roaming\QFX Software
2012-08-16 09:51 . 2012-08-16 09:51 -------- d-----w- c:\programdata\QFX Software
2012-08-16 09:10 . 2012-08-17 07:09 -------- d--h--w- c:\program files (x86)\iSafe AllInOne Keylogger
2012-08-14 22:59 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 22:59 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 22:59 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 22:59 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 19:42 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 19:42 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 19:42 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 19:42 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 19:42 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 19:42 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 19:42 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 19:42 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-07-24 08:27 . 2012-07-24 08:27 -------- d-----w- c:\users\Petr\AppData\Roaming\CyberLink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:13 . 2012-04-04 20:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 21:13 . 2011-05-18 09:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 02:27 . 2011-01-09 21:25 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-11 05:26 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 05:26 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:26 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:26 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:26 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:26 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:26 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 10:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 10:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:26 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 10:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 10:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 10:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:26 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:26 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:26 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:26 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:26 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:26 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:26 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2011-01-27 01:54 279656 ------w- c:\windows\system32\MpSigStub.exe
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2009-02-26 21:26 . 2009-02-26 21:26 151552 ----a-w- c:\program files (x86)\SetAlti.exe
2009-01-23 13:55 . 2009-01-23 13:55 184320 ----a-w- c:\program files (x86)\SecSNMP.dll
2007-04-25 03:55 . 2007-04-25 03:55 3207168 ----a-w- c:\program files (x86)\Ssres.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-17_23.36.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-01-08 15:50 . 2012-08-17 23:36 72748 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-01-08 15:50 . 2012-08-19 19:14 72748 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-20 11:56 32382 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-08 15:39 . 2012-08-20 11:56 19838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1592664645-3459413646-3474503020-1003_UserData.bin
- 2011-01-08 15:39 . 2012-08-17 23:36 19838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1592664645-3459413646-3474503020-1003_UserData.bin
- 2011-01-09 00:23 . 2012-08-17 23:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-09 00:23 . 2012-08-20 11:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-17 23:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-20 11:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-17 23:33 . 2012-08-17 23:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-20 11:54 . 2012-08-20 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-20 11:54 . 2012-08-20 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-17 23:33 . 2012-08-17 23:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:12 . 2012-08-20 11:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-08-17 23:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-09 00:23 . 2012-08-20 11:55 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-09 00:23 . 2012-08-17 23:35 376832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-18 00:37 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-08-20 11:53 493160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-17 23:33 493160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-08 15:47 . 2012-08-20 11:53 4468848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-01-08 15:47 . 2012-08-17 23:33 4468848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-02 13:01 . 2012-08-18 06:46 3363164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1592664645-3459413646-3474503020-1003-12288.dat
- 2011-05-02 13:01 . 2012-08-17 06:59 3363164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1592664645-3459413646-3474503020-1003-12288.dat
+ 2011-01-09 21:50 . 2012-08-20 11:53 66849444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1592664645-3459413646-3474503020-1003-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-07-03 03:37 343296 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"E-MU USB Audio Control Panel"="c:\program files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe" [2010-09-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-08-11 11258368]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-01 92352]
"Maple_S2P"="c:\program files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe" [2007-01-16 253952]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-06-30 339968]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-28 296056]
"SiteRanker"="c:\program files (x86)\SiteRanker\SiteRankTray.exe" [2012-07-03 320000]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files (x86)\MAGIX\PC_Check_Tuning_2011_Download_Version\MXSAS.exe [2010-11-18 196096]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-09 24208]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [2007-11-15 528256]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-02-16 467248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-06-28 692816]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-06-28 1040976]
S0 DiskSec;Magix Volume Filter Driver; [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2010-10-06 26624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-09-11 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-08-11 293376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-19 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-01 53224]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [2010-10-06 215000]
S3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 184400]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 122448]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:13]
.
2012-07-30 c:\windows\Tasks\HPCeeScheduleForPetr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-08-16 c:\windows\Tasks\PCCT - MAGIX AG.job
- c:\program files (x86)\MAGIX\PC_Check_Tuning_2011_Download_Version\MxTray.exe [2010-10-04 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 109344]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 2026680]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"combofix"="c:\combofix\CF6969.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5tskfh3c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
WebBrowser-{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Celkový čas: 2012-08-20 14:02:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-20 12:02
ComboFix2.txt 2012-08-17 23:49
.
Před spuštěním: Volných bajtů: 234 463 453 184
Po spuštění: Volných bajtů: 234 243 817 472
.
- - End Of File - - 48C92AE83B689DAD16246F5689DA3E7B

[sitmin]

c:\windows\system32\DRIVERS\avckf.sys jsem nenašel

[sitmin]

log z aswMBR:aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 14:13:10
-----------------------------
14:13:10.715 OS Version: Windows x64 6.1.7601 Service Pack 1
14:13:10.715 Number of processors: 8 586 0x1E05
14:13:10.715 ComputerName: PETR-HP UserName: Petr
14:13:14.366 Initialize success
14:13:18.749 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:13:18.749 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 3
14:13:18.765 Disk 0 MBR read successfully
14:13:18.780 Disk 0 MBR scan
14:13:18.780 Disk 0 Windows 7 default MBR code
14:13:18.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048
14:13:18.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942703 MB offset 4194304
14:13:18.843 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9108 MB offset 1934850048
14:13:18.843 Disk 0 scanning C:\Windows\system32\drivers
14:13:28.593 Service scanning
14:13:45.223 Modules scanning
14:13:45.238 Disk 0 trace - called modules:
14:13:45.269 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:13:45.269 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b4f790]
14:13:45.784 3 CLASSPNP.SYS[fffff88001b5e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007858050]
14:13:45.784 Scan finished successfully
14:13:59.543 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
14:13:59.559 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"

[Žbeky]

c:\windows\system32\DRIVERS\avckf.sys - Máš zobrazené i skryté a systémové soubory?

Co ten keylogger?

[sitmin]

c:\windows\system32\DRIVERS\avckf.sys - mám zobrazené skryté a systémové, v adresáři ten soubor vidím, ale když ho chci otevřít přes virustotal, není tam v adresáři vidět
keylogger jsem odinstaloval, protože mi bitdefender hlásil pořád nákazu
děkuji