Prosím o preventivní kontrolu logu Vyřešeno

[Nekac1]

Zdravím, poslední dobou mi PC připadá zasekané a zpomalené, třeba je způsobené i něčím jiným než stářím. Předem děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:06:28, on 25.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\rundll32.exe
D:\Program Files\BOINC\Core\boincmgr.exe
D:\Program Files\BOINC\Core\boinctray.exe
D:\Program Files\VMware Player\hqtray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\XAMPP\apache\bin\httpd.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\windows\System32\svchost.exe
D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\windows\system32\vmnat.exe
C:\windows\system32\vmnetdhcp.exe
D:\Program Files\VMware Player\vmware-authd.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
D:\Program Files\XAMPP\apache\bin\httpd.exe
D:\Program Files\BOINC\Core\boinc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\msiexec.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
D:\Program Files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_v3_3.36_windows_intelx86__nci.exe
D:\Program Files\BOINC\Data\projects\radioactiveathome.org_boinc\radac_1.61_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\www.freehal.net_freehal_at_home\freehalapp_1.1587_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\www.freehal.net_freehal_at_home\freehalapp_1.1587_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\boinc.ucd.ie_fmah\vina_3.0_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\boinc.ucd.ie_fmah\vina_3.0_windows_intelx86.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [boincmgr] "D:\Program Files\BOINC\Core\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "D:\Program Files\BOINC\Core\boinctray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VMware hqtray] "D:\Program Files\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ABBYY Screenshot Reader Retail] D:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe -autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
O4 - HKCU\..\Run: [JavaPlatformMan] C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\Software\..\Telephony: DomainName = kliber.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38E8514-5955-4DB2-A1CB-879DBBAE15E0}: NameServer = 212.71.150.2,212.71.146.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kliber.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY (BIT Software) - D:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\XAMPP\apache\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware Player\vmware-ufad.exe
O23 - Service: Ventrilo - Unknown owner - D:\Program Files\Ventrilo Server\ventrilo_svc.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe

--
End of file - 11641 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 - HKLM\..\Run: [ABBYY Screenshot Reader Retail] D:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Nekac1]

Log z TDSSKiller
15:40:23.0468 5916 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:40:23.0734 5916 ============================================================
15:40:23.0734 5916 Current date / time: 2012/08/26 15:40:23.0734
15:40:23.0734 5916 SystemInfo:
15:40:23.0734 5916
15:40:23.0734 5916 OS Version: 5.1.2600 ServicePack: 3.0
15:40:23.0734 5916 Product type: Workstation
15:40:23.0734 5916 ComputerName: FILIP
15:40:23.0734 5916 UserName: ADMIN
15:40:23.0734 5916 Windows directory: C:\windows
15:40:23.0734 5916 System windows directory: C:\windows
15:40:23.0734 5916 Processor architecture: Intel x86
15:40:23.0734 5916 Number of processors: 2
15:40:23.0734 5916 Page size: 0x1000
15:40:23.0734 5916 Boot type: Normal boot
15:40:23.0734 5916 ============================================================
15:40:25.0140 5916 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:40:25.0140 5916 ============================================================
15:40:25.0140 5916 \Device\Harddisk0\DR0:
15:40:25.0140 5916 MBR partitions:
15:40:25.0140 5916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
15:40:25.0140 5916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304A1, BlocksNum 0x2AC5D23D
15:40:25.0140 5916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3218D6DE, BlocksNum 0x186C97E3
15:40:25.0140 5916 ============================================================
15:40:25.0156 5916 C: <-> \Device\Harddisk0\DR0\Partition1
15:40:25.0234 5916 D: <-> \Device\Harddisk0\DR0\Partition2
15:40:25.0296 5916 E: <-> \Device\Harddisk0\DR0\Partition3
15:40:25.0296 5916 ============================================================
15:40:25.0296 5916 Initialize success
15:40:25.0296 5916 ============================================================
15:40:54.0578 2228 ============================================================
15:40:59.0562 2228 Scan started
15:40:59.0562 2228 Mode: Manual;
15:40:59.0562 2228 ============================================================
15:41:25.0140 2228 ================ Scan system memory ========================
15:41:25.0140 2228 System memory - ok
15:41:25.0140 2228 ================ Scan services =============================
15:41:25.0296 2228 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\windows\system32\drivers\Aavmker4.sys
15:41:25.0296 2228 Aavmker4 - ok
15:41:25.0687 2228 [ F9C202597DD9340260DF2482500DFCF9 ] ABBYY.Licensing.FineReader.ScreenshotReader.9.0 D:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
15:41:25.0718 2228 ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ok
15:41:25.0734 2228 Abiosdsk - ok
15:41:25.0750 2228 abp480n5 - ok
15:41:25.0796 2228 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
15:41:25.0812 2228 ACPI - ok
15:41:25.0843 2228 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
15:41:25.0843 2228 ACPIEC - ok
15:41:25.0843 2228 adpu160m - ok
15:41:25.0875 2228 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
15:41:25.0875 2228 aec - ok
15:41:25.0906 2228 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\windows\system32\drivers\Afc.sys
15:41:25.0906 2228 Afc - ok
15:41:25.0937 2228 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
15:41:25.0937 2228 AFD - ok
15:41:25.0953 2228 Aha154x - ok
15:41:25.0953 2228 aic78u2 - ok
15:41:25.0968 2228 aic78xx - ok
15:41:26.0000 2228 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\windows\system32\alrsvc.dll
15:41:26.0000 2228 Alerter - ok
15:41:26.0015 2228 [ 88842DE939A827577BF24243699AC80A ] ALG C:\windows\System32\alg.exe
15:41:26.0015 2228 ALG - ok
15:41:26.0031 2228 AliIde - ok
15:41:26.0031 2228 amsint - ok
15:41:26.0156 2228 [ F41E453A90EF19217CEE1675F5256EE7 ] Apache2.2 D:\Program Files\XAMPP\apache\bin\httpd.exe
15:41:26.0156 2228 Apache2.2 - ok
15:41:26.0187 2228 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\windows\System32\appmgmts.dll
15:41:26.0187 2228 AppMgmt - ok
15:41:26.0234 2228 [ 3CB8E72B7C9887B42B90000E8CB1E7BE ] AR5211 C:\windows\system32\DRIVERS\ar5211.sys
15:41:26.0234 2228 AR5211 - ok
15:41:26.0250 2228 asc - ok
15:41:26.0250 2228 asc3350p - ok
15:41:26.0265 2228 asc3550 - ok
15:41:26.0312 2228 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\windows\system32\drivers\aspi32.sys
15:41:26.0312 2228 Aspi32 - ok
15:41:26.0375 2228 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:41:26.0390 2228 aspnet_state - ok
15:41:26.0421 2228 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
15:41:26.0421 2228 aswFsBlk - ok
15:41:26.0437 2228 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\windows\system32\drivers\aswMon2.sys
15:41:26.0437 2228 aswMon2 - ok
15:41:26.0468 2228 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\windows\system32\drivers\aswRdr.sys
15:41:26.0468 2228 aswRdr - ok
15:41:26.0500 2228 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\windows\system32\drivers\aswSnx.sys
15:41:26.0515 2228 aswSnx - ok
15:41:26.0546 2228 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\windows\system32\drivers\aswSP.sys
15:41:26.0546 2228 aswSP - ok
15:41:26.0562 2228 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\windows\system32\drivers\aswTdi.sys
15:41:26.0562 2228 aswTdi - ok
15:41:26.0593 2228 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:41:26.0593 2228 AsyncMac - ok
15:41:26.0625 2228 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
15:41:26.0625 2228 atapi - ok
15:41:26.0640 2228 Atdisk - ok
15:41:26.0765 2228 [ 809B0EB83C75061C9DE2E528C65A1575 ] Ati HotKey Poller C:\windows\system32\Ati2evxx.exe
15:41:26.0781 2228 Ati HotKey Poller - ok
15:41:27.0125 2228 [ 032F23B133B680B06861329C5A176EE0 ] ati2mtag C:\windows\system32\DRIVERS\ati2mtag.sys
15:41:27.0187 2228 ati2mtag - ok
15:41:27.0218 2228 [ BD9CA8136738040D3257363ED12BE693 ] AtiHDAudioService C:\windows\system32\drivers\AtihdXP3.sys
15:41:27.0218 2228 AtiHDAudioService - ok
15:41:27.0250 2228 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
15:41:27.0250 2228 Atmarpc - ok
15:41:27.0281 2228 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\windows\System32\audiosrv.dll
15:41:27.0281 2228 AudioSrv - ok
15:41:27.0312 2228 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
15:41:27.0312 2228 audstub - ok
15:41:27.0375 2228 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:41:27.0390 2228 avast! Antivirus - ok
15:41:27.0406 2228 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
15:41:27.0421 2228 Beep - ok
15:41:27.0453 2228 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\windows\system32\qmgr.dll
15:41:27.0531 2228 BITS - ok
15:41:27.0562 2228 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\windows\System32\browser.dll
15:41:27.0562 2228 Browser - ok
15:41:27.0578 2228 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
15:41:27.0578 2228 BthEnum - ok
15:41:27.0609 2228 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:41:27.0609 2228 BTHMODEM - ok
15:41:27.0640 2228 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:41:27.0640 2228 BthPan - ok
15:41:27.0671 2228 [ F338662A6C1FC11DD9508F6DFF2C06A2 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
15:41:27.0687 2228 BTHPORT - ok
15:41:27.0703 2228 [ 70CA4B3F634C9DCA200832F8DA76E009 ] BthServ C:\windows\System32\bthserv.dll
15:41:27.0703 2228 BthServ - ok
15:41:27.0734 2228 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
15:41:27.0734 2228 BTHUSB - ok
15:41:27.0765 2228 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
15:41:27.0765 2228 cbidf2k - ok
15:41:27.0781 2228 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys
15:41:27.0796 2228 CCDECODE - ok
15:41:27.0796 2228 cd20xrnt - ok
15:41:27.0812 2228 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
15:41:27.0812 2228 Cdaudio - ok
15:41:27.0843 2228 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
15:41:27.0843 2228 Cdfs - ok
15:41:27.0859 2228 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:41:27.0859 2228 Cdrom - ok
15:41:27.0875 2228 Changer - ok
15:41:27.0906 2228 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\windows\system32\cisvc.exe
15:41:27.0906 2228 CiSvc - ok
15:41:27.0937 2228 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\windows\system32\clipsrv.exe
15:41:27.0937 2228 ClipSrv - ok
15:41:28.0000 2228 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:28.0000 2228 clr_optimization_v2.0.50727_32 - ok
15:41:28.0031 2228 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:41:28.0078 2228 clr_optimization_v4.0.30319_32 - ok
15:41:28.0093 2228 CmdIde - ok
15:41:28.0093 2228 COMSysApp - ok
15:41:28.0125 2228 Cpqarray - ok
15:41:28.0140 2228 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\windows\System32\cryptsvc.dll
15:41:28.0140 2228 CryptSvc - ok
15:41:28.0156 2228 dac2w2k - ok
15:41:28.0171 2228 dac960nt - ok
15:41:28.0203 2228 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\windows\system32\rpcss.dll
15:41:28.0234 2228 DcomLaunch - ok
15:41:28.0281 2228 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\windows\System32\dhcpcsvc.dll
15:41:28.0281 2228 Dhcp - ok
15:41:28.0296 2228 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
15:41:28.0312 2228 Disk - ok
15:41:28.0312 2228 dmadmin - ok
15:41:28.0343 2228 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\windows\system32\drivers\dmboot.sys
15:41:28.0375 2228 dmboot - ok
15:41:28.0390 2228 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\windows\system32\drivers\dmio.sys
15:41:28.0390 2228 dmio - ok
15:41:28.0390 2228 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
15:41:28.0406 2228 dmload - ok
15:41:28.0421 2228 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\windows\System32\dmserver.dll
15:41:28.0421 2228 dmserver - ok
15:41:28.0437 2228 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
15:41:28.0453 2228 DMusic - ok
15:41:28.0453 2228 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:41:28.0468 2228 Dnscache - ok
15:41:28.0500 2228 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\windows\System32\dot3svc.dll
15:41:28.0500 2228 Dot3svc - ok
15:41:28.0500 2228 dpti2o - ok
15:41:28.0515 2228 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:41:28.0515 2228 drmkaud - ok
15:41:28.0531 2228 EagleNT - ok
15:41:28.0546 2228 EagleXNt - ok
15:41:28.0562 2228 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\windows\System32\eapsvc.dll
15:41:28.0562 2228 EapHost - ok
15:41:28.0609 2228 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\windows\System32\ersvc.dll
15:41:28.0609 2228 ERSvc - ok
15:41:28.0640 2228 [ 6B93B103242C3C30F850F53DBE39ED88 ] EuMusDesignVirtualAudioCableWdm C:\windows\system32\DRIVERS\vrtaucbl.sys
15:41:28.0640 2228 EuMusDesignVirtualAudioCableWdm - ok
15:41:28.0656 2228 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\windows\system32\services.exe
15:41:28.0671 2228 Eventlog - ok
15:41:28.0718 2228 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\System32\es.dll
15:41:28.0718 2228 EventSystem - ok
15:41:28.0734 2228 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
15:41:28.0734 2228 Fastfat - ok
15:41:28.0765 2228 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
15:41:28.0796 2228 FastUserSwitchingCompatibility - ok
15:41:28.0812 2228 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
15:41:28.0812 2228 Fdc - ok
15:41:28.0921 2228 [ BF72C20B44B85FD030AEAA721E35D512 ] FileZilla Server D:\Program Files\xampp\filezillaftp\filezillaserver.exe
15:41:28.0937 2228 FileZilla Server - ok
15:41:28.0953 2228 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\windows\system32\drivers\Fips.sys
15:41:28.0953 2228 Fips - ok
15:41:29.0015 2228 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:41:29.0046 2228 FLEXnet Licensing Service - ok
15:41:29.0062 2228 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:41:29.0078 2228 Flpydisk - ok
15:41:29.0093 2228 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:41:29.0093 2228 FltMgr - ok
15:41:29.0140 2228 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:41:29.0140 2228 FontCache3.0.0.0 - ok
15:41:29.0156 2228 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:41:29.0156 2228 Fs_Rec - ok
15:41:29.0187 2228 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
15:41:29.0187 2228 Ftdisk - ok
15:41:29.0250 2228 GGSAFERDriver - ok
15:41:29.0265 2228 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\windows\system32\giveio.sys
15:41:29.0281 2228 giveio - ok
15:41:29.0296 2228 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
15:41:29.0296 2228 Gpc - ok
15:41:29.0343 2228 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:41:29.0343 2228 gupdate - ok
15:41:29.0375 2228 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:41:29.0375 2228 gupdatem - ok
15:41:29.0390 2228 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
15:41:29.0390 2228 hamachi - ok
15:41:29.0453 2228 [ F31D7F8A7699575DBB3B3A3AB4AA6216 ] Hamachi2Svc D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
15:41:29.0468 2228 Hamachi2Svc - ok
15:41:29.0500 2228 [ 1DB5002C16F4DF11FD062BD4A277AA24 ] hcmon C:\windows\system32\drivers\hcmon.sys
15:41:29.0515 2228 hcmon - ok
15:41:29.0531 2228 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
15:41:29.0531 2228 HDAudBus - ok
15:41:29.0593 2228 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:41:35.0109 2228 helpsvc - ok
15:41:35.0156 2228 [ 0D349DC78C6EE16E655557E325A67D9C ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:41:35.0156 2228 HidBth - ok
15:41:35.0187 2228 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\windows\System32\hidserv.dll
15:41:35.0187 2228 HidServ - ok
15:41:35.0218 2228 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:41:35.0218 2228 HidUsb - ok
15:41:35.0250 2228 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\windows\System32\kmsvc.dll
15:41:35.0250 2228 hkmsvc - ok
15:41:35.0265 2228 hpn - ok
15:41:35.0296 2228 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
15:41:35.0296 2228 HTTP - ok
15:41:35.0343 2228 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\windows\System32\w3ssl.dll
15:41:35.0359 2228 HTTPFilter - ok
15:41:35.0359 2228 i2omgmt - ok
15:41:35.0375 2228 i2omp - ok
15:41:35.0421 2228 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:41:35.0421 2228 i8042prt - ok
15:41:35.0484 2228 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:41:35.0484 2228 IDriverT - ok
15:41:35.0546 2228 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:41:35.0578 2228 idsvc - ok
15:41:35.0593 2228 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
15:41:35.0593 2228 Imapi - ok
15:41:35.0640 2228 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\windows\system32\imapi.exe
15:41:35.0640 2228 ImapiService - ok
15:41:35.0656 2228 ini910u - ok
15:41:35.0796 2228 [ 001AACA6ED0E6B00FC5B8FAF74977E81 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
15:41:35.0828 2228 IntcAzAudAddService - ok
15:41:35.0843 2228 IntelIde - ok
15:41:35.0859 2228 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:41:35.0859 2228 intelppm - ok
15:41:35.0890 2228 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\windows\system32\drivers\ip6fw.sys
15:41:35.0890 2228 ip6fw - ok
15:41:35.0906 2228 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:41:35.0906 2228 IpFilterDriver - ok
15:41:35.0937 2228 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
15:41:35.0937 2228 IpInIp - ok
15:41:35.0968 2228 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
15:41:35.0968 2228 IpNat - ok
15:41:35.0984 2228 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
15:41:35.0984 2228 IPSec - ok
15:41:36.0000 2228 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
15:41:36.0000 2228 IRENUM - ok
15:41:36.0031 2228 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
15:41:36.0031 2228 isapnp - ok
15:41:36.0046 2228 [ 39A2F7EBCB6817C4A016B544921C7982 ] iteatapi C:\windows\system32\DRIVERS\iteatapi.sys
15:41:36.0046 2228 iteatapi - ok
15:41:36.0140 2228 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:41:36.0140 2228 JavaQuickStarterService - ok
15:41:36.0156 2228 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:41:36.0156 2228 Kbdclass - ok
15:41:36.0203 2228 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:41:36.0203 2228 kbdhid - ok
15:41:36.0218 2228 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
15:41:36.0234 2228 kmixer - ok
15:41:36.0250 2228 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
15:41:36.0265 2228 KSecDD - ok
15:41:36.0281 2228 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\windows\System32\srvsvc.dll
15:41:36.0296 2228 lanmanserver - ok
15:41:36.0328 2228 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\windows\System32\wkssvc.dll
15:41:36.0343 2228 lanmanworkstation - ok
15:41:36.0359 2228 lbrtfdc - ok
15:41:36.0421 2228 [ D571C606E4391449293A706588CC4BDD ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:41:36.0421 2228 LightScribeService - ok
15:41:36.0437 2228 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\windows\System32\lmhsvc.dll
15:41:36.0453 2228 LmHosts - ok
15:41:36.0484 2228 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\windows\System32\msgsvc.dll
15:41:36.0500 2228 Messenger - ok
15:41:36.0515 2228 [ B4232BFE8A07B4DA3A3D7D1D9A0170F7 ] Mkd2kfNt C:\windows\system32\drivers\Mkd2kfNt.sys
15:41:36.0531 2228 Mkd2kfNt - ok
15:41:36.0546 2228 [ B23829CB0FB3D57E4FD234AC6B37A69F ] Mkd2Nadr C:\windows\system32\drivers\Mkd2Nadr.sys
15:41:36.0546 2228 Mkd2Nadr - ok
15:41:36.0593 2228 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
15:41:36.0593 2228 mnmdd - ok
15:41:36.0609 2228 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:41:36.0625 2228 mnmsrvc - ok
15:41:36.0640 2228 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\windows\system32\drivers\Modem.sys
15:41:36.0640 2228 Modem - ok
15:41:36.0656 2228 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:41:36.0656 2228 Mouclass - ok
15:41:36.0671 2228 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:41:36.0671 2228 mouhid - ok
15:41:36.0671 2228 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
15:41:36.0687 2228 MountMgr - ok
15:41:36.0734 2228 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:41:36.0734 2228 MozillaMaintenance - ok
15:41:36.0734 2228 mraid35x - ok
15:41:36.0750 2228 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
15:41:36.0750 2228 MRxDAV - ok
15:41:36.0796 2228 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:41:36.0796 2228 MRxSmb - ok
15:41:36.0812 2228 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:41:36.0828 2228 MSDTC - ok
15:41:36.0843 2228 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:41:36.0843 2228 Msfs - ok
15:41:36.0859 2228 MSIServer - ok
15:41:36.0875 2228 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:41:36.0875 2228 MSKSSRV - ok
15:41:36.0890 2228 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:41:36.0890 2228 MSPCLOCK - ok
15:41:36.0906 2228 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:41:36.0906 2228 MSPQM - ok
15:41:36.0921 2228 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
15:41:36.0921 2228 mssmbios - ok
15:41:36.0968 2228 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:41:36.0968 2228 MSTEE - ok
15:41:36.0984 2228 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\windows\system32\DRIVERS\ASACPI.sys
15:41:37.0000 2228 MTsensor - ok
15:41:37.0015 2228 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
15:41:37.0015 2228 Mup - ok
15:41:37.0093 2228 MySQL - ok
15:41:37.0125 2228 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys
15:41:37.0125 2228 NABTSFEC - ok
15:41:37.0171 2228 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\windows\System32\qagentrt.dll
15:41:37.0187 2228 napagent - ok
15:41:37.0218 2228 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
15:41:37.0218 2228 NDIS - ok
15:41:37.0234 2228 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys
15:41:37.0234 2228 NdisIP - ok
15:41:37.0265 2228 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:41:37.0265 2228 NdisTapi - ok
15:41:37.0281 2228 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:41:37.0296 2228 Ndisuio - ok
15:41:37.0296 2228 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:41:37.0296 2228 NdisWan - ok
15:41:37.0328 2228 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:41:37.0328 2228 NDProxy - ok
15:41:37.0406 2228 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:41:37.0437 2228 Nero BackItUp Scheduler 4.0 - ok
15:41:37.0453 2228 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:41:37.0453 2228 NetBIOS - ok
15:41:37.0484 2228 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:41:37.0484 2228 NetBT - ok
15:41:37.0500 2228 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\windows\system32\netdde.exe
15:41:37.0515 2228 NetDDE - ok
15:41:37.0531 2228 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\windows\system32\netdde.exe
15:41:37.0531 2228 NetDDEdsdm - ok
15:41:37.0562 2228 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\windows\system32\lsass.exe
15:41:37.0562 2228 Netlogon - ok
15:41:37.0609 2228 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\windows\System32\netman.dll
15:41:37.0625 2228 Netman - ok
15:41:37.0656 2228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:41:37.0687 2228 NetTcpPortSharing - ok
15:41:37.0718 2228 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\windows\System32\mswsock.dll
15:41:37.0718 2228 Nla - ok
15:41:37.0750 2228 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\windows\system32\drivers\npf.sys
15:41:37.0750 2228 NPF - ok
15:41:37.0765 2228 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
15:41:37.0765 2228 Npfs - ok
15:41:37.0828 2228 npkcrypt - ok
15:41:37.0859 2228 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:41:37.0890 2228 Ntfs - ok
15:41:37.0890 2228 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\windows\System32\lsass.exe
15:41:37.0906 2228 NtLmSsp - ok
15:41:37.0937 2228 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
15:41:37.0953 2228 NtmsSvc - ok
15:41:37.0984 2228 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
15:41:37.0984 2228 Null - ok
15:41:38.0015 2228 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
15:41:38.0015 2228 NwlnkFlt - ok
15:41:38.0031 2228 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
15:41:38.0031 2228 NwlnkFwd - ok
15:41:38.0062 2228 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:41:38.0062 2228 ose - ok
15:41:38.0187 2228 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:41:38.0265 2228 osppsvc - ok
15:41:38.0296 2228 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\windows\system32\DRIVERS\parport.sys
15:41:38.0296 2228 Parport - ok
15:41:38.0312 2228 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
15:41:38.0312 2228 PartMgr - ok
15:41:38.0343 2228 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\windows\system32\drivers\ParVdm.sys
15:41:38.0343 2228 ParVdm - ok
15:41:38.0359 2228 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\windows\system32\DRIVERS\pci.sys
15:41:38.0359 2228 PCI - ok
15:41:38.0375 2228 PCIDump - ok
15:41:38.0406 2228 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\windows\system32\DRIVERS\pciide.sys
15:41:38.0406 2228 PCIIde - ok
15:41:38.0421 2228 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
15:41:38.0437 2228 Pcmcia - ok
15:41:38.0453 2228 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
15:41:38.0453 2228 pcouffin - ok
15:41:38.0468 2228 PDCOMP - ok
15:41:38.0468 2228 PDFRAME - ok
15:41:38.0484 2228 PDRELI - ok
15:41:38.0484 2228 PDRFRAME - ok
15:41:38.0500 2228 perc2 - ok
15:41:38.0515 2228 perc2hib - ok
15:41:38.0546 2228 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\windows\system32\services.exe
15:41:38.0562 2228 PlugPlay - ok
15:41:38.0593 2228 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\windows\system32\lsass.exe
15:41:38.0593 2228 PolicyAgent - ok
15:41:38.0609 2228 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:41:38.0625 2228 PptpMiniport - ok
15:41:38.0640 2228 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\windows\system32\DRIVERS\processr.sys
15:41:38.0640 2228 Processor - ok
15:41:38.0656 2228 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\windows\system32\lsass.exe
15:41:38.0656 2228 ProtectedStorage - ok
15:41:38.0671 2228 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
15:41:38.0671 2228 PSched - ok
15:41:38.0703 2228 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
15:41:38.0703 2228 Ptilink - ok
15:41:38.0718 2228 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
15:41:38.0718 2228 PxHelp20 - ok
15:41:38.0734 2228 ql1080 - ok
15:41:38.0734 2228 Ql10wnt - ok
15:41:38.0750 2228 ql12160 - ok
15:41:38.0765 2228 ql1240 - ok
15:41:38.0765 2228 ql1280 - ok
15:41:38.0781 2228 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:41:38.0781 2228 RasAcd - ok
15:41:38.0812 2228 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\windows\System32\rasauto.dll
15:41:38.0828 2228 RasAuto - ok
15:41:38.0843 2228 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:41:38.0843 2228 Rasl2tp - ok
15:41:38.0890 2228 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\windows\System32\rasmans.dll
15:41:38.0906 2228 RasMan - ok
15:41:38.0921 2228 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:41:38.0921 2228 RasPppoe - ok
15:41:38.0937 2228 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
15:41:38.0937 2228 Raspti - ok
15:41:38.0953 2228 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:41:38.0953 2228 Rdbss - ok
15:41:38.0968 2228 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:41:38.0968 2228 RDPCDD - ok
15:41:38.0984 2228 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
15:41:38.0984 2228 rdpdr - ok
15:41:39.0015 2228 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:41:39.0015 2228 RDPWD - ok
15:41:39.0031 2228 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:41:39.0062 2228 RDSessMgr - ok
15:41:39.0078 2228 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
15:41:39.0078 2228 redbook - ok
15:41:39.0125 2228 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\windows\System32\mprdim.dll
15:41:39.0125 2228 RemoteAccess - ok
15:41:39.0156 2228 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\windows\system32\regsvc.dll
15:41:39.0171 2228 RemoteRegistry - ok
15:41:39.0187 2228 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:41:39.0187 2228 RFCOMM - ok
15:41:39.0218 2228 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
15:41:39.0234 2228 rpcapd - ok
15:41:39.0234 2228 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\windows\System32\locator.exe
15:41:39.0250 2228 RpcLocator - ok
15:41:39.0281 2228 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\windows\System32\rpcss.dll
15:41:39.0281 2228 RpcSs - ok
15:41:39.0328 2228 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\windows\System32\rsvp.exe
15:41:39.0343 2228 RSVP - ok
15:41:39.0375 2228 [ 5EE9AD410120BFBA6490F6447FCC815F ] SaiK0621 C:\windows\system32\DRIVERS\SaiK0621.sys
15:41:39.0375 2228 SaiK0621 - ok
15:41:39.0406 2228 [ A79FBDBC6A979259E38DEA7D29B57619 ] SaiMini C:\windows\system32\DRIVERS\SaiMini.sys
15:41:39.0406 2228 SaiMini - ok
15:41:39.0437 2228 [ BB20EBA89E0EF39697A1A8728C5685FE ] SaiNtBus C:\windows\system32\drivers\SaiBus.sys
15:41:39.0437 2228 SaiNtBus - ok
15:41:39.0453 2228 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\windows\system32\lsass.exe
15:41:39.0468 2228 SamSs - ok
15:41:39.0468 2228 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\windows\System32\SCardSvr.exe
15:41:39.0484 2228 SCardSvr - ok
15:41:39.0500 2228 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\windows\system32\schedsvc.dll
15:41:39.0515 2228 Schedule - ok
15:41:39.0546 2228 [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus C:\windows\system32\DRIVERS\SE27bus.sys
15:41:39.0562 2228 SE27bus - ok
15:41:39.0593 2228 [ D53E7E53107D1796825540129F8FE89F ] SE27mdfl C:\windows\system32\DRIVERS\SE27mdfl.sys
15:41:39.0593 2228 SE27mdfl - ok
15:41:39.0625 2228 [ 2AFA2F65A6E91DA5B5070E734769827E ] SE27mdm C:\windows\system32\DRIVERS\SE27mdm.sys
15:41:39.0625 2228 SE27mdm - ok
15:41:39.0671 2228 [ 5A33A8D7B44C7BD8ABE248B4DCD1FF3C ] SE27mgmt C:\windows\system32\DRIVERS\SE27mgmt.sys
15:41:39.0671 2228 SE27mgmt - ok
15:41:39.0703 2228 [ BB30139683BBF3EE89EC931393D9335C ] se27nd5 C:\windows\system32\DRIVERS\se27nd5.sys
15:41:39.0703 2228 se27nd5 - ok
15:41:39.0718 2228 [ 5DA6FF71E94B9134DDD094EBB09F05E6 ] SE27obex C:\windows\system32\DRIVERS\SE27obex.sys
15:41:39.0718 2228 SE27obex - ok
15:41:39.0734 2228 [ 4D54A9D7C22157AB3D2442E8BCF5ECD2 ] se27unic C:\windows\system32\DRIVERS\se27unic.sys
15:41:39.0750 2228 se27unic - ok
15:41:39.0765 2228 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
15:41:39.0781 2228 Secdrv - ok
15:41:39.0796 2228 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\windows\System32\seclogon.dll
15:41:39.0812 2228 seclogon - ok
15:41:39.0828 2228 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\windows\system32\sens.dll
15:41:39.0843 2228 SENS - ok
15:41:39.0859 2228 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
15:41:39.0859 2228 serenum - ok
15:41:39.0875 2228 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\windows\system32\DRIVERS\serial.sys
15:41:39.0875 2228 Serial - ok
15:41:39.0921 2228 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
15:41:39.0921 2228 Sfloppy - ok
15:41:39.0968 2228 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\windows\System32\ipnathlp.dll
15:41:39.0984 2228 SharedAccess - ok
15:41:40.0000 2228 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:41:40.0015 2228 ShellHWDetection - ok
15:41:40.0031 2228 Simbad - ok
15:41:40.0078 2228 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate D:\Program Files\Skype\Updater\Updater.exe
15:41:40.0078 2228 SkypeUpdate - ok
15:41:40.0109 2228 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys
15:41:40.0109 2228 SLIP - ok
15:41:40.0125 2228 Sparrow - ok
15:41:40.0156 2228 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\windows\system32\speedfan.sys
15:41:40.0171 2228 speedfan - ok
15:41:40.0203 2228 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
15:41:40.0203 2228 splitter - ok
15:41:40.0218 2228 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
15:41:40.0234 2228 Spooler - ok
15:41:40.0281 2228 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\windows\system32\Drivers\sptd.sys
15:41:40.0281 2228 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9
15:41:40.0281 2228 sptd ( LockedFile.Multi.Generic ) - warning
15:41:40.0281 2228 sptd - detected LockedFile.Multi.Generic (1)
15:41:40.0296 2228 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\windows\system32\DRIVERS\sr.sys
15:41:40.0312 2228 sr - ok
15:41:40.0328 2228 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\windows\system32\srsvc.dll
15:41:40.0359 2228 srservice - ok
15:41:40.0375 2228 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
15:41:40.0375 2228 Srv - ok
15:41:40.0406 2228 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:41:40.0421 2228 SSDPSRV - ok
15:41:40.0437 2228 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\windows\system32\wiaservc.dll
15:41:40.0468 2228 stisvc - ok
15:41:40.0484 2228 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys
15:41:40.0484 2228 streamip - ok
15:41:40.0515 2228 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
15:41:40.0515 2228 swenum - ok
15:41:40.0531 2228 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
15:41:40.0531 2228 swmidi - ok
15:41:40.0546 2228 SwPrv - ok
15:41:40.0562 2228 symc810 - ok
15:41:45.0562 2228 symc8xx - ok
15:41:50.0562 2228 sym_hi - ok
15:41:55.0562 2228 sym_u3 - ok
15:42:00.0593 2228 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
15:42:10.0562 2228 sysaudio - ok
15:42:10.0625 2228 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\windows\system32\smlogsvc.exe
15:42:46.0000 2228 SysmonLog - ok
15:42:46.0046 2228 [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801 C:\windows\system32\DRIVERS\tap0801.sys
15:42:46.0046 2228 tap0801 - ok
15:42:46.0078 2228 [ 11D34FC869F5BDA29949FE3858380894 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
15:42:46.0078 2228 tap0901 - ok
15:42:46.0140 2228 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\windows\System32\tapisrv.dll
15:42:46.0156 2228 TapiSrv - ok
15:42:46.0187 2228 [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas C:\windows\system32\DRIVERS\tapoas.sys
15:42:46.0187 2228 tapoas - ok
15:42:46.0218 2228 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
15:42:46.0234 2228 Tcpip - ok
15:42:46.0250 2228 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
15:42:46.0250 2228 TDPIPE - ok
15:42:46.0265 2228 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
15:42:46.0281 2228 TDTCP - ok
15:42:46.0484 2228 [ FE559178000347D2CA1B7847F0379749 ] TeamViewer6 D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
15:42:46.0500 2228 TeamViewer6 - ok
15:42:46.0593 2228 [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
15:42:46.0625 2228 TeamViewer7 - ok
15:42:46.0656 2228 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\windows\system32\DRIVERS\teamviewervpn.sys
15:42:46.0656 2228 teamviewervpn - ok
15:42:46.0703 2228 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
15:42:46.0703 2228 TermDD - ok
15:42:46.0734 2228 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\windows\System32\termsrv.dll
15:42:46.0765 2228 TermService - ok
15:42:46.0796 2228 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\windows\System32\shsvcs.dll
15:42:46.0796 2228 Themes - ok
15:42:46.0828 2228 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:42:46.0843 2228 TlntSvr - ok
15:42:46.0859 2228 TosIde - ok
15:42:46.0890 2228 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\windows\system32\trkwks.dll
15:42:46.0906 2228 TrkWks - ok
15:42:46.0937 2228 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
15:42:46.0937 2228 Udfs - ok
15:42:47.0109 2228 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 D:\Program Files\VMware Player\vmware-ufad.exe
15:42:47.0109 2228 ufad-ws60 - ok
15:42:47.0125 2228 ultra - ok
15:42:47.0187 2228 [ F365FA561C3AB455D8685770D208691A ] UnlockerDriver5 D:\Program Files\Unlocker\UnlockerDriver5.sys
15:42:47.0187 2228 UnlockerDriver5 - ok
15:42:47.0218 2228 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
15:42:47.0234 2228 Update - ok
15:42:47.0250 2228 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\windows\System32\upnphost.dll
15:42:47.0265 2228 upnphost - ok
15:42:47.0296 2228 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\windows\System32\ups.exe
15:42:47.0296 2228 UPS - ok
15:42:47.0328 2228 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
15:42:47.0328 2228 usbaudio - ok
15:42:47.0359 2228 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:42:47.0359 2228 usbccgp - ok
15:42:47.0375 2228 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
15:42:47.0390 2228 usbehci - ok
15:42:47.0406 2228 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:42:47.0421 2228 usbhub - ok
15:42:47.0453 2228 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:42:47.0453 2228 usbprint - ok
15:42:47.0484 2228 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:42:47.0484 2228 usbscan - ok
15:42:47.0515 2228 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:42:47.0515 2228 USBSTOR - ok
15:42:47.0531 2228 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
15:42:47.0531 2228 usbuhci - ok
15:42:47.0546 2228 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
15:42:47.0562 2228 usbvideo - ok
15:42:47.0625 2228 [ 103B23EC82C08FC4BDBC369552FFAB2A ] VBoxDrv C:\windows\system32\DRIVERS\VBoxDrv.sys
15:42:47.0625 2228 VBoxDrv - ok
15:42:47.0671 2228 [ 226CD9E42BE28A84EC56430FBB57224F ] VBoxNetAdp C:\windows\system32\DRIVERS\VBoxNetAdp.sys
15:42:47.0671 2228 VBoxNetAdp - ok
15:42:47.0718 2228 [ 0A5D6512DCB14135A388D0E7E69E01BB ] VBoxNetFlt C:\windows\system32\DRIVERS\VBoxNetFlt.sys
15:42:47.0718 2228 VBoxNetFlt - ok
15:42:47.0765 2228 [ 96A478EDFB1FBF1FC663BEB09B4175A8 ] VBoxUSBMon C:\windows\system32\DRIVERS\VBoxUSBMon.sys
15:42:47.0781 2228 VBoxUSBMon - ok
15:42:47.0781 2228 Ventrilo - ok
15:42:47.0796 2228 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
15:42:47.0812 2228 VgaSave - ok
15:42:47.0812 2228 ViaIde - ok
15:42:47.0875 2228 [ 9AF896B739E3F34B9CD56EAFA84ABE60 ] VMAuthdService D:\Program Files\VMware Player\vmware-authd.exe
15:42:47.0875 2228 VMAuthdService - ok
15:42:47.0906 2228 [ 33C6F2E02662A7900CAC6AB2607E9F88 ] vmci C:\windows\system32\Drivers\vmci.sys
15:42:47.0921 2228 vmci - ok
15:42:47.0937 2228 [ 852D9499D01D75B024D497A306DBB76D ] vmkbd C:\windows\system32\drivers\VMkbd.sys
15:42:47.0937 2228 vmkbd - ok
15:42:47.0953 2228 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys
15:42:47.0953 2228 VMnetAdapter - ok
15:42:47.0984 2228 [ E887150BFEE294BFFEB28FB49698AE55 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys
15:42:47.0984 2228 VMnetBridge - ok
15:42:48.0000 2228 [ 1E9F6817BDD878E4C4E701C64F6352E7 ] VMnetDHCP C:\windows\system32\vmnetdhcp.exe
15:42:48.0015 2228 VMnetDHCP - ok
15:42:48.0031 2228 [ C3837C0C499AA62F2A2AC8DBF5015817 ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys
15:42:48.0031 2228 VMnetuserif - ok
15:42:48.0046 2228 [ 5E3AF8A6B096FD934A96D32D97843A69 ] VMparport C:\windows\system32\Drivers\VMparport.sys
15:42:48.0046 2228 VMparport - ok
15:42:48.0078 2228 [ F38F5E1D9DEC6CD1955A91AB141A88FB ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
15:42:48.0078 2228 VMUSBArbService - ok
15:42:48.0125 2228 [ 3FE2942910EACDC7271E40C8C037D63F ] VMware NAT Service C:\windows\system32\vmnat.exe
15:42:48.0140 2228 VMware NAT Service - ok
15:42:48.0171 2228 [ 4E53D280DE6D5D523E39FBBDDFF0E819 ] vmx86 C:\windows\system32\Drivers\vmx86.sys
15:42:48.0171 2228 vmx86 - ok
15:42:48.0203 2228 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
15:42:48.0203 2228 VolSnap - ok
15:42:48.0234 2228 [ 42F5FC978F64FAAB5AC7160EB178F29B ] vproiah C:\windows\system32\DRIVERS\vproiah.sys
15:42:48.0234 2228 vproiah - ok
15:42:48.0265 2228 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\windows\System32\vssvc.exe
15:42:48.0296 2228 VSS - ok
15:42:48.0359 2228 [ 476A052B3CE506ED63A94018F3E979D5 ] vstor2-ws60 D:\Program Files\VMware Player\vstor2-ws60.sys
15:42:48.0359 2228 vstor2-ws60 - ok
15:42:48.0406 2228 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\windows\system32\w32time.dll
15:42:48.0421 2228 W32Time - ok
15:42:48.0453 2228 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
15:42:48.0453 2228 Wanarp - ok
15:42:48.0484 2228 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\windows\system32\DRIVERS\Wdf01000.sys
15:42:48.0515 2228 Wdf01000 - ok
15:42:48.0531 2228 WDICA - ok
15:42:48.0546 2228 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
15:42:48.0562 2228 wdmaud - ok
15:42:48.0593 2228 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\windows\System32\webclnt.dll
15:42:48.0609 2228 WebClient - ok
15:42:48.0671 2228 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:42:48.0671 2228 winmgmt - ok
15:42:48.0734 2228 [ 2944BED10FFD9369DA9A988D8AC899E4 ] wip0204 C:\windows\system32\DRIVERS\wip0204.sys
15:42:48.0734 2228 wip0204 - ok
15:42:48.0765 2228 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:42:48.0765 2228 WmdmPmSN - ok
15:42:48.0812 2228 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\windows\System32\advapi32.dll
15:42:48.0828 2228 Wmi - ok
15:42:48.0859 2228 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:42:48.0859 2228 WmiApSrv - ok
15:42:48.0921 2228 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:42:48.0937 2228 WMPNetworkSvc - ok
15:42:48.0953 2228 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\windows\system32\DRIVERS\wpdusb.sys
15:42:48.0968 2228 WpdUsb - ok
15:42:49.0031 2228 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:42:49.0046 2228 WPFFontCache_v0400 - ok
15:42:49.0078 2228 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
15:42:49.0078 2228 WS2IFSL - ok
15:42:49.0125 2228 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\windows\system32\wscsvc.dll
15:42:49.0140 2228 wscsvc - ok
15:42:49.0171 2228 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS
15:42:49.0171 2228 WSTCODEC - ok
15:42:49.0203 2228 [ C1364564800EE9784192145324A23308 ] wuauserv C:\windows\system32\wuauserv.dll
15:42:49.0218 2228 wuauserv - ok
15:42:49.0250 2228 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
15:42:49.0250 2228 WudfPf - ok
15:42:49.0265 2228 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
15:42:49.0265 2228 WudfRd - ok
15:42:49.0296 2228 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll
15:42:49.0343 2228 WudfSvc - ok
15:42:49.0375 2228 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\windows\System32\wzcsvc.dll
15:42:49.0406 2228 WZCSVC - ok
15:42:49.0421 2228 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\windows\System32\xmlprov.dll
15:42:49.0453 2228 xmlprov - ok
15:42:49.0484 2228 [ 277C9D37F7C04B038D93D076DC7EF354 ] yukonwxp C:\windows\system32\DRIVERS\yk51x86.sys
15:42:49.0500 2228 yukonwxp - ok
15:42:49.0546 2228 ================ Scan global ===============================
15:42:49.0578 2228 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\windows\system32\basesrv.dll
15:42:49.0609 2228 [ F3FA14A297BC687D0B51289D034033C9 ] C:\windows\system32\winsrv.dll
15:42:49.0671 2228 [ F3FA14A297BC687D0B51289D034033C9 ] C:\windows\system32\winsrv.dll
15:42:49.0718 2228 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\windows\system32\services.exe
15:42:49.0734 2228 [Global] - ok
15:42:49.0734 2228 ================ Scan MBR ==================================
15:42:49.0765 2228 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
15:42:49.0921 2228 \Device\Harddisk0\DR0 - ok
15:42:49.0921 2228 ================ Scan VBR ==================================
15:42:49.0937 2228 [ EF80F749C6EC4823CEF670DACF4AC932 ] \Device\Harddisk0\DR0\Partition1
15:42:49.0937 2228 \Device\Harddisk0\DR0\Partition1 - ok
15:42:49.0937 2228 [ BF46D6A81A3CADA2E43356F09F544524 ] \Device\Harddisk0\DR0\Partition2
15:42:49.0937 2228 \Device\Harddisk0\DR0\Partition2 - ok
15:42:49.0953 2228 [ 7FBAD9F213FD7539D4ACCB6430E0B2A1 ] \Device\Harddisk0\DR0\Partition3
15:42:49.0953 2228 \Device\Harddisk0\DR0\Partition3 - ok
15:42:49.0968 2228 ============================================================
15:42:49.0968 2228 Scan finished
15:42:49.0968 2228 ============================================================
15:42:49.0968 4516 Detected object count: 1
15:42:49.0968 4516 Actual detected object count: 1
15:44:15.0578 4516 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:44:15.0578 4516 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:44:26.0593 4480 Deinitialize success

[Nekac1]

Log z ComboFix
ComboFix 12-08-25.04 - ADMIN 26.08.2012 15:57:35.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1180 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ADMIN\34.STR
c:\documents and settings\ADMIN\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-26 do 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-25 19:56 . 2012-08-25 19:56 388096 ----a-r- c:\documents and settings\ADMIN\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2011-11-24 14:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-11-24 14:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-11-24 14:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-11-24 14:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-11-24 14:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-11-24 14:18 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-11-24 14:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-11-24 14:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-11-24 14:18 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-11-24 14:18 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2002-09-23 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-11-19 09:49 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2002-09-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2002-09-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2002-09-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-11-19 10:07 385024 ----a-w- c:\windows\system32\html.iec
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:49 . 2008-11-19 11:09 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2002-09-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-09-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 18:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-11-19 10:07 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-11-19 10:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-11-19 10:07 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-11-19 10:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-11-19 09:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 18:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2002-09-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-11-19 10:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-11-19 09:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-09-29 14:35 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-09-29 14:35 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-09-29 14:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaPlatformMan"="c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe" [2010-03-30 701440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"boincmgr"="d:\program files\BOINC\Core\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="d:\program files\BOINC\Core\boinctray.exe" [2009-11-06 58112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"VMware hqtray"="d:\program files\VMware Player\hqtray.exe" [2010-01-22 64048]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-08 98304]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ADMIN\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Pidgin\\pidgin.exe"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Hry\\Warcraft III\\lancraft.exe"=
"d:\\Program Files\\BOINC\\Core\\boinc.exe"=
"d:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\VMware Player\\vmware-authd.exe"=
"d:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"d:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Program Files\\Garena Classic\\Garena.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Activision\\Tony Hawk's Underground 2\\Game\\THUG2.exe"=
"d:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"d:\\Program Files\\XAMPP\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"d:\\Temp\\Diablo-III-8370-enGB-Installer-downloader.exe"=
"e:\\Diablo III\\Diablo III\\Diablo III.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.998\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"6121:TCP"= 6121:TCP:char-server_sql.exe
"6900:TCP"= 6900:TCP:login-server_sql.exe
"5121:TCP"= 5121:TCP:map-server_sql.exe
"6112:TCP"= 6112:TCP:Wc3Port
"3724:TCP"= 3724:TCP:WoW
"6110:TCP"= 6110:TCP:Warcraft
"57894:TCP"= 57894:TCP:Pando Media Booster
"57894:UDP"= 57894:UDP:Pando Media Booster
"4000:TCP"= 4000:TCP:Diablo 2
"56977:TCP"= 56977:TCP:Pando Media Booster
"56977:UDP"= 56977:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"56330:TCP"= 56330:TCP:Pando Media Booster
"56330:UDP"= 56330:UDP:Pando Media Booster
"6353:TCP"= 6353:TCP:Dragonica HS
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.11.2008 15:22 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.11.2011 16:18 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.11.2011 16:18 355632]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [26.1.2012 1:17 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [26.1.2012 1:17 91440]
R2 Apache2.2;Apache2.2;d:\program files\XAMPP\apache\bin\httpd.exe [10.9.2011 11:43 18432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.11.2011 16:18 21256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [27.6.2012 12:29 1385896]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
R2 TeamViewer6;TeamViewer 6;d:\program files\TeamViewer\Version6\TeamViewer_Service.exe [23.2.2011 17:00 2253688]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [23.2.2012 12:40 2886528]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.1.2010 21:57 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.1.2010 21:00 563760]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [24.4.2012 18:15 100368]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [18.12.2010 12:18 50728]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [19.12.2011 15:11 116016]
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;d:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [16.10.2008 17:18 759072]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 22:10 136176]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena Plus\Room\safedrv.sys --> d:\program files\Garena Plus\Room\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 22:10 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [23.12.2010 9:49 142320]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [23.12.2010 9:49 88304]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 10:08 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.11.2008 14:47 47360]
S3 SaiK0621;SaiK0621;c:\windows\system32\drivers\SaiK0621.sys [22.10.2008 16:09 106496]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [3.8.2010 16:25 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 11:12 25088]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys [28.12.2011 12:02 16128]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [10.4.2010 22:29 23480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-27 09:12]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]
.
2009-06-21 c:\windows\Tasks\StartTurnaje.job
- d:\vit\BoincObsluha\StartTurnaje.bat [2009-06-11 05:07]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
LSP: d:\program files\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C38E8514-5955-4DB2-A1CB-879DBBAE15E0}: NameServer = 212.71.150.2,212.71.146.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\cpp0nar4.default\
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-VB Decompiler Lite_is1 - d:\temp\VB Decompiler Lite\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-26 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"d:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1424)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-08-26 16:09:18
ComboFix-quarantined-files.txt 2012-08-26 14:09
.
Před spuštěním: Volných bajtů: 14 797 275 136
Po spuštění: Volných bajtů: 14 735 323 136
.
- - End Of File - - AF263472FE7BF9D79FE9C706501B44A8



Po kombofixu se počítač znatelně zrychlil, je to možné?
EDIT: Počítač tolik nezrychlil combofix jako to že sem měl vyplý antivir. Když sem ho zapnul, problémy se vrátily.

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
d:\program files\Skype\Updater\Updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
SkypeUpdate
EagleXNt
GGSAFERDriver
gupdatem

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Máš programy na obou discích , to není zrovna cool..

Kolik máš volného místa v % na systémovém disku?

[Nekac1]

Log z combofix:

ComboFix 12-08-25.04 - ADMIN 27.08.2012 12:53:41.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1112 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"d:\program files\Skype\Updater\Updater.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Legacy_GGSAFERDRIVER
-------\Legacy_SKYPEUPDATE
-------\Service_EagleXNt
-------\Service_GGSAFERDriver
-------\Service_gupdatem
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-27 do 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-25 19:56 . 2012-08-25 19:56 388096 ----a-r- c:\documents and settings\ADMIN\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2011-11-24 14:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-11-24 14:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-11-24 14:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-11-24 14:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-11-24 14:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-11-24 14:18 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-11-24 14:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-11-24 14:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-11-24 14:18 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-11-24 14:18 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2002-09-23 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-11-19 09:49 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2002-09-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2002-09-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2002-09-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-11-19 10:07 385024 ----a-w- c:\windows\system32\html.iec
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:49 . 2008-11-19 11:09 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2002-09-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-09-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 18:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-11-19 10:07 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-11-19 10:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-11-19 10:07 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-11-19 10:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-11-19 09:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 18:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2002-09-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-11-19 10:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-11-19 09:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-09-29 14:35 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-09-29 14:35 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-09-29 14:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-26_14.06.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-27 11:06 . 2012-08-27 11:06 16384 c:\windows\Temp\Perflib_Perfdata_c94.dat
+ 2012-08-27 11:05 . 2012-08-27 11:05 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaPlatformMan"="c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe" [2010-03-30 701440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"boincmgr"="d:\program files\BOINC\Core\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="d:\program files\BOINC\Core\boinctray.exe" [2009-11-06 58112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"VMware hqtray"="d:\program files\VMware Player\hqtray.exe" [2010-01-22 64048]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-08 98304]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ADMIN\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Pidgin\\pidgin.exe"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Hry\\Warcraft III\\lancraft.exe"=
"d:\\Program Files\\BOINC\\Core\\boinc.exe"=
"d:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\VMware Player\\vmware-authd.exe"=
"d:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"d:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Program Files\\Garena Classic\\Garena.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Activision\\Tony Hawk's Underground 2\\Game\\THUG2.exe"=
"d:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"d:\\Program Files\\XAMPP\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"d:\\Temp\\Diablo-III-8370-enGB-Installer-downloader.exe"=
"e:\\Diablo III\\Diablo III\\Diablo III.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.998\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"6121:TCP"= 6121:TCP:char-server_sql.exe
"6900:TCP"= 6900:TCP:login-server_sql.exe
"5121:TCP"= 5121:TCP:map-server_sql.exe
"6112:TCP"= 6112:TCP:Wc3Port
"3724:TCP"= 3724:TCP:WoW
"6110:TCP"= 6110:TCP:Warcraft
"57894:TCP"= 57894:TCP:Pando Media Booster
"57894:UDP"= 57894:UDP:Pando Media Booster
"4000:TCP"= 4000:TCP:Diablo 2
"56977:TCP"= 56977:TCP:Pando Media Booster
"56977:UDP"= 56977:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"56330:TCP"= 56330:TCP:Pando Media Booster
"56330:UDP"= 56330:UDP:Pando Media Booster
"6353:TCP"= 6353:TCP:Dragonica HS
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.11.2008 15:22 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.11.2011 16:18 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.11.2011 16:18 355632]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [26.1.2012 1:17 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [26.1.2012 1:17 91440]
R2 Apache2.2;Apache2.2;d:\program files\XAMPP\apache\bin\httpd.exe [10.9.2011 11:43 18432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.11.2011 16:18 21256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [27.6.2012 12:29 1385896]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
R2 TeamViewer6;TeamViewer 6;d:\program files\TeamViewer\Version6\TeamViewer_Service.exe [23.2.2011 17:00 2253688]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [23.2.2012 12:40 2886528]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.1.2010 21:57 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.1.2010 21:00 563760]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [24.4.2012 18:15 100368]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [18.12.2010 12:18 50728]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [19.12.2011 15:11 116016]
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;d:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [16.10.2008 17:18 759072]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 22:10 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [23.12.2010 9:49 142320]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [23.12.2010 9:49 88304]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 10:08 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.11.2008 14:47 47360]
S3 SaiK0621;SaiK0621;c:\windows\system32\drivers\SaiK0621.sys [22.10.2008 16:09 106496]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [3.8.2010 16:25 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 11:12 25088]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys [28.12.2011 12:02 16128]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [10.4.2010 22:29 23480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-27 09:12]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]
.
2009-06-21 c:\windows\Tasks\StartTurnaje.job
- d:\vit\BoincObsluha\StartTurnaje.bat [2009-06-11 05:07]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
LSP: d:\program files\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C38E8514-5955-4DB2-A1CB-879DBBAE15E0}: NameServer = 212.71.150.2,212.71.146.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\cpp0nar4.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-27 13:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"d:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1428)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4332)
c:\windows\system32\msi.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
d:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
d:\program files\VMware Player\vmware-authd.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\program files\BOINC\Core\boinc.exe
c:\windows\system32\wscntfy.exe
d:\program files\BOINC\Data\projects\www.freehal.net_freehal_at_home\freehalapp_1.1587_windows_intelx86.exe
d:\program files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_v3_3.36_windows_intelx86__nci.exe
d:\program files\BOINC\Data\projects\radioactiveathome.org_boinc\radac_1.61_windows_intelx86.exe
d:\program files\BOINC\Data\projects\boinc.ucd.ie_fmah\vina_3.0_windows_intelx86.exe
d:\program files\BOINC\Data\projects\boinc.ucd.ie_fmah\vina_3.0_windows_intelx86.exe
.
**************************************************************************
.
Celkový čas: 2012-08-27 13:11:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-27 11:11
ComboFix2.txt 2012-08-26 14:09
.
Před spuštěním: Volných bajtů: 14 432 931 840
Po spuštění: Volných bajtů: 14 480 789 504
.
- - End Of File - - 94687833B53CE275A1EE205E647B6FAF

[Nekac1]

Log z aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-27 13:12:29
-----------------------------
13:12:29.437 OS Version: Windows 5.1.2600 Service Pack 3
13:12:29.437 Number of processors: 2 586 0x604
13:12:29.437 ComputerName: FILIP UserName: ADMIN
13:12:29.890 Initialize success
13:12:29.984 AVAST engine defs: 12082700
13:12:40.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
13:12:40.203 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 3
13:12:40.218 Disk 0 MBR read successfully
13:12:40.218 Disk 0 MBR scan
13:12:40.343 Disk 0 Windows XP default MBR code
13:12:40.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63
13:12:40.359 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 350394 MB offset 122881185
13:12:40.375 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 200082 MB offset 840488670
13:12:40.390 Disk 0 scanning sectors +1250258625
13:12:40.437 Disk 0 scanning C:\windows\system32\drivers
13:12:47.671 Service scanning
13:12:55.015 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
13:12:58.171 Modules scanning
13:13:58.562 Disk 0 trace - called modules:
13:13:58.593 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spjb.sys hal.dll >>UNKNOWN [0x8a5c4938]<<
13:13:58.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4e0ab8]
13:13:58.609 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a572b00]
13:13:58.937 AVAST engine scan C:\windows
13:14:05.453 AVAST engine scan C:\windows\system32
13:16:10.890 AVAST engine scan C:\windows\system32\drivers
13:16:27.000 AVAST engine scan C:\Documents and Settings\ADMIN
13:25:39.828 File: C:\Documents and Settings\ADMIN\Dokumenty\ICQ\Mailer2.exe **INFECTED** Win32:Malware-gen
13:27:48.156 AVAST engine scan C:\Documents and Settings\All Users
13:35:23.296 Scan finished successfully
13:39:53.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ADMIN\Plocha\MBR.dat"
13:39:53.859 The log file has been saved successfully to "C:\Documents and Settings\ADMIN\Plocha\aswMBR.txt"

[Nekac1]

Log z HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:40:13, on 27.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\rundll32.exe
D:\Program Files\BOINC\Core\boincmgr.exe
D:\Program Files\BOINC\Core\boinctray.exe
D:\Program Files\VMware Player\hqtray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\XAMPP\apache\bin\httpd.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\windows\System32\svchost.exe
D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
D:\Program Files\XAMPP\apache\bin\httpd.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\windows\system32\vmnat.exe
C:\windows\system32\vmnetdhcp.exe
D:\Program Files\VMware Player\vmware-authd.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\BOINC\Core\boinc.exe
C:\windows\system32\wscntfy.exe
D:\Program Files\BOINC\Data\projects\www.freehal.net_freehal_at_home\freehalapp_1.1587_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_v3_3.36_windows_intelx86__nci.exe
D:\Program Files\BOINC\Data\projects\radioactiveathome.org_boinc\radac_1.61_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\boinc.ucd.ie_fmah\vina_3.0_windows_intelx86.exe
D:\Program Files\BOINC\Data\projects\boinc.ucd.ie_fmah\vina_3.0_windows_intelx86.exe
C:\windows\explorer.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [boincmgr] "D:\Program Files\BOINC\Core\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "D:\Program Files\BOINC\Core\boinctray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VMware hqtray] "D:\Program Files\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [JavaPlatformMan] C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\Software\..\Telephony: DomainName = kliber.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38E8514-5955-4DB2-A1CB-879DBBAE15E0}: NameServer = 212.71.150.2,212.71.146.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kliber.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY (BIT Software) - D:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\XAMPP\apache\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware Player\vmware-ufad.exe
O23 - Service: Ventrilo - Unknown owner - D:\Program Files\Ventrilo Server\ventrilo_svc.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe

--
End of file - 10337 bytes




Na disku C mám necelých 25% volného místa (13,5 GB)

[jaro3]

OK.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.



Spusť znovu aswMBR , dej sken a poté klikni na „Fix“
Zavři program , restartuj PC , po restartu

Po restartu vypni obnovení systému na všech discích.
http://support.microsoft.com/kb/310405/cs
Podívej se sem:
C:\System Volume Information\Microsoft--- pokud tam je tato složka (Microsoft) , tak jí smaž.
Nakonec si znovu zapni obnovu systému.
znovu spusť aswMBR a dej sken , klikni na „Save log“
Obsah logu sem znovu vlož.

[Nekac1]

Spusť znovu aswMBR , dej sken a poté klikni na „Fix“
Zavři program , restartuj PC , po restartu

Fix tlačítko bylo zašedlé, nedalo se zmáčknout, krok jsem přeskočil
Složku C:\System Volume Information\Microsoft jsem nenašel.

log z aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-28 01:48:39
-----------------------------
01:48:39.812 OS Version: Windows 5.1.2600 Service Pack 3
01:48:39.812 Number of processors: 2 586 0x604
01:48:39.812 ComputerName: FILIP UserName: ADMIN
01:48:40.687 Initialize success
01:48:40.781 AVAST engine defs: 12082700
01:48:44.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
01:48:44.234 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 3
01:48:44.250 Disk 0 MBR read successfully
01:48:44.265 Disk 0 MBR scan
01:48:44.265 Disk 0 Windows XP default MBR code
01:48:44.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63
01:48:44.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 350394 MB offset 122881185
01:48:44.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 200082 MB offset 840488670
01:48:44.328 Disk 0 scanning sectors +1250258625
01:48:44.453 Disk 0 scanning C:\windows\system32\drivers
01:49:06.828 Service scanning
01:49:14.250 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
01:49:17.328 Modules scanning
01:49:44.765 Disk 0 trace - called modules:
01:49:44.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spug.sys hal.dll >>UNKNOWN [0x8a5ff938]<<
01:49:44.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a52cab8]
01:49:44.812 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a59fd98]
01:49:45.562 AVAST engine scan C:\windows
01:50:08.171 AVAST engine scan C:\windows\system32
01:58:42.250 AVAST engine scan C:\windows\system32\drivers
01:59:38.609 AVAST engine scan C:\Documents and Settings\ADMIN
02:15:58.984 File: C:\Documents and Settings\ADMIN\Dokumenty\ICQ\Mailer2.exe **INFECTED** Win32:Malware-gen
02:19:49.859 AVAST engine scan C:\Documents and Settings\All Users
02:33:25.000 Scan finished successfully
02:33:43.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ADMIN\Plocha\MBR.dat"
02:33:43.468 The log file has been saved successfully to "C:\Documents and Settings\ADMIN\Plocha\aswMBR.txt"

[jaro3]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Documents and Settings\ADMIN\Dokumenty\ICQ\Mailer2.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Spusť znovu aswMBR , dej sken a poté klikni na „FixMBR“
Zavři program , restartuj PC , po restartu

Po restartu vypni obnovení systému na všech discích.
http://support.microsoft.com/kb/310405/cs
Podívej se sem:
C:\System Volume Information\Microsoft--- pokud tam je tato složka (Microsoft) , tak jí smaž.
Nakonec si znovu zapni obnovu systému.
znovu spusť aswMBR a dej sken , klikni na „Save log“
Obsah logu sem znovu vlož.

Start-spustit-napiš: notepad ,do něho vlož tento celý text:

Kód: Vybrat vše

dir \spjb.sys /a h /s > File.txt


uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

Pak s tímto:

Kód: Vybrat vše

dir \spug.sys /a h /s > File.txt


[Nekac1]

https://www.virustotal.com/file/a1459d9 ... 346229341/

Scanuju.