Kontrola logu - Live Security Platinum Vyřešeno

[macwix]

Ahoj, do kompu se mi dostal program Live Security Platinum, smazal sem ho z plochy a ze startu ale zde je pro jistotu log z hjt. Prosím o jeho kontrolu, díky moc!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:23:28, on 11.9.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector10" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\10.0"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [6F63A55D196CA4FF00083E3AE56C3425] C:\Documents and Settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425\6F63A55D196CA4FF00083E3AE56C3425.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\nvdesk32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7078 bytes

[Reklama]

[Žbeky]

Odinstaluj SUPERAntiSpyware, nainstaluj normální antivir

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [6F63A55D196CA4FF00083E3AE56C3425] C:\Documents and Settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425\6F63A55D196CA4FF00083E3AE56C3425.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[macwix]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.13.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Macwick :: JARDA [administrátor]

Ochrana: Povolena

13.9.2012 9:37:51
mbam-log-2012-09-13 (09-48-43).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 199590
Uplynulý čas: 8 minut, 54 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 12
C:\Documents and Settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425\6F63A55D196CA4FF00083E3AE56C3425.exe (Trojan.LameShield) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Žádná instrukce nebyla provedena.
C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Žádná instrukce nebyla provedena.

(konec)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[macwix]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.13.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Macwick :: JARDA [administrátor]

Ochrana: Povolena

13.9.2012 11:59:15
mbam-log-2012-09-13 (11-59-15).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 199434
Uplynulý čas: 6 minut, 26 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.

Nalezené soubory: 12
C:\Documents and Settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425\6F63A55D196CA4FF00083E3AE56C3425.exe (Trojan.LameShield) -> Umístnění do karantény a smazání se zdařilo.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Umístnění do karantény a smazání se zdařilo.

(konec)

12:11:51.0203 3372 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:11:51.0468 3372 ============================================================
12:11:51.0468 3372 Current date / time: 2012/09/13 12:11:51.0468
12:11:51.0468 3372 SystemInfo:
12:11:51.0468 3372
12:11:51.0468 3372 OS Version: 5.1.2600 ServicePack: 2.0
12:11:51.0468 3372 Product type: Workstation
12:11:51.0468 3372 ComputerName: JARDA
12:11:51.0468 3372 UserName: Macwick
12:11:51.0468 3372 Windows directory: C:\WINDOWS
12:11:51.0468 3372 System windows directory: C:\WINDOWS
12:11:51.0468 3372 Processor architecture: Intel x86
12:11:51.0468 3372 Number of processors: 1
12:11:51.0468 3372 Page size: 0x1000
12:11:51.0468 3372 Boot type: Normal boot
12:11:51.0468 3372 ============================================================
12:11:54.0140 3372 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
12:11:54.0140 3372 ============================================================
12:11:54.0140 3372 \Device\Harddisk0\DR0:
12:11:54.0140 3372 MBR partitions:
12:11:54.0140 3372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2710011
12:11:54.0140 3372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2710050, BlocksNum 0x6DFE0C0
12:11:54.0140 3372 ============================================================
12:11:54.0156 3372 C: <-> \Device\Harddisk0\DR0\Partition1
12:11:54.0203 3372 E: <-> \Device\Harddisk0\DR0\Partition2
12:11:54.0203 3372 ============================================================
12:11:54.0203 3372 Initialize success
12:11:54.0203 3372 ============================================================
12:12:00.0250 2216 ============================================================
12:12:00.0250 2216 Scan started
12:12:00.0250 2216 Mode: Manual;
12:12:00.0250 2216 ============================================================
12:12:00.0734 2216 ================ Scan system memory ========================
12:12:00.0734 2216 System memory - ok
12:12:00.0734 2216 ================ Scan services =============================
12:12:00.0812 2216 !SASCORE - ok
12:12:00.0968 2216 Abiosdsk - ok
12:12:01.0000 2216 abp480n5 - ok
12:12:01.0046 2216 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
12:12:01.0046 2216 ac97intc - ok
12:12:01.0109 2216 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:12:01.0125 2216 ACPI - ok
12:12:01.0171 2216 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:12:01.0171 2216 ACPIEC - ok
12:12:01.0203 2216 adpu160m - ok
12:12:01.0250 2216 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
12:12:01.0265 2216 aeaudio - ok
12:12:01.0312 2216 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:12:01.0312 2216 aec - ok
12:12:01.0359 2216 [ 15E655BAA989444F56787EF558823643 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:12:01.0359 2216 AegisP - ok
12:12:01.0390 2216 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:12:01.0390 2216 AFD - ok
12:12:01.0453 2216 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:12:01.0453 2216 agp440 - ok
12:12:01.0484 2216 Aha154x - ok
12:12:01.0500 2216 aic78u2 - ok
12:12:01.0531 2216 aic78xx - ok
12:12:01.0593 2216 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:12:01.0593 2216 Alerter - ok
12:12:01.0640 2216 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
12:12:01.0656 2216 ALG - ok
12:12:01.0671 2216 AliIde - ok
12:12:01.0703 2216 amsint - ok
12:12:01.0765 2216 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:12:01.0765 2216 AppMgmt - ok
12:12:01.0796 2216 asc - ok
12:12:01.0828 2216 asc3350p - ok
12:12:01.0859 2216 asc3550 - ok
12:12:01.0968 2216 [ EB62FA6D7DA4E774E47D376E4D19CA5F ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
12:12:01.0968 2216 Aspi32 - ok
12:12:02.0062 2216 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:12:02.0062 2216 aspnet_state - ok
12:12:02.0125 2216 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:12:02.0125 2216 AsyncMac - ok
12:12:02.0171 2216 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:12:02.0171 2216 atapi - ok
12:12:02.0203 2216 Atdisk - ok
12:12:02.0250 2216 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:12:02.0250 2216 Atmarpc - ok
12:12:02.0296 2216 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:12:02.0296 2216 AudioSrv - ok
12:12:02.0312 2216 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:12:02.0312 2216 audstub - ok
12:12:02.0359 2216 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:12:02.0359 2216 Beep - ok
12:12:02.0421 2216 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
12:12:02.0453 2216 BITS - ok
12:12:02.0484 2216 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
12:12:02.0500 2216 Browser - ok
12:12:02.0546 2216 catchme - ok
12:12:02.0578 2216 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:12:02.0593 2216 cbidf2k - ok
12:12:02.0609 2216 cd20xrnt - ok
12:12:02.0656 2216 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:12:02.0671 2216 Cdaudio - ok
12:12:02.0718 2216 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:12:02.0718 2216 Cdfs - ok
12:12:02.0765 2216 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:12:02.0765 2216 Cdrom - ok
12:12:02.0796 2216 Changer - ok
12:12:02.0843 2216 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:12:02.0859 2216 CiSvc - ok
12:12:02.0890 2216 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:12:02.0890 2216 ClipSrv - ok
12:12:02.0953 2216 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:12:02.0953 2216 clr_optimization_v2.0.50727_32 - ok
12:12:02.0984 2216 CmdIde - ok
12:12:03.0015 2216 COMSysApp - ok
12:12:03.0078 2216 Cpqarray - ok
12:12:03.0140 2216 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
12:12:03.0140 2216 Creative Service for CDROM Access - ok
12:12:03.0187 2216 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:12:03.0187 2216 CryptSvc - ok
12:12:03.0250 2216 [ 4B6096745F72B4FD36514617E2EA5D37 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
12:12:03.0250 2216 ctac32k - ok
12:12:03.0328 2216 [ 3576EC792347ED15699F6D830E0F5437 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
12:12:03.0359 2216 ctaud2k - ok
12:12:03.0406 2216 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
12:12:03.0406 2216 ctljystk - ok
12:12:03.0437 2216 [ 097D42574E3C6D98CD5A2EE7647FA6BF ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
12:12:03.0437 2216 ctprxy2k - ok
12:12:03.0484 2216 [ C58A2507EF62B20B9BD670C666088B50 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
12:12:03.0515 2216 ctsfm2k - ok
12:12:03.0531 2216 dac2w2k - ok
12:12:03.0562 2216 dac960nt - ok
12:12:03.0640 2216 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:12:03.0656 2216 DcomLaunch - ok
12:12:03.0703 2216 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:12:03.0718 2216 Dhcp - ok
12:12:03.0765 2216 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:12:03.0765 2216 Disk - ok
12:12:03.0796 2216 dmadmin - ok
12:12:03.0859 2216 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:12:03.0890 2216 dmboot - ok
12:12:03.0937 2216 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
12:12:03.0968 2216 dmio - ok
12:12:04.0015 2216 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:12:04.0015 2216 dmload - ok
12:12:04.0046 2216 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:12:04.0046 2216 dmserver - ok
12:12:04.0109 2216 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:12:04.0109 2216 DMusic - ok
12:12:04.0156 2216 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:12:04.0171 2216 Dnscache - ok
12:12:04.0187 2216 dpti2o - ok
12:12:04.0234 2216 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:12:04.0234 2216 drmkaud - ok
12:12:04.0281 2216 [ 866B8EE30E4504C11AE0D29ED6F8824B ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:12:04.0281 2216 E100B - ok
12:12:04.0328 2216 [ 8C2B6BBC82AD12CD9A2E73E5DCBBA705 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
12:12:04.0343 2216 eamon - ok
12:12:04.0390 2216 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:12:04.0390 2216 ehdrv - ok
12:12:04.0625 2216 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:12:04.0656 2216 ekrn - ok
12:12:04.0718 2216 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
12:12:04.0718 2216 EL90XBC - ok
12:12:04.0765 2216 [ A9D94B89372F3F9609A1A5EEC631A260 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
12:12:04.0781 2216 emupia - ok
12:12:04.0812 2216 [ CF1108161DFEDD82AE811307A3763E1C ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:12:04.0812 2216 epfwtdir - ok
12:12:04.0859 2216 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:12:04.0859 2216 ERSvc - ok
12:12:04.0921 2216 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
12:12:04.0937 2216 Eventlog - ok
12:12:04.0968 2216 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\system32\es.dll
12:12:05.0000 2216 EventSystem - ok
12:12:05.0046 2216 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:12:05.0046 2216 Fastfat - ok
12:12:05.0109 2216 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:12:05.0125 2216 FastUserSwitchingCompatibility - ok
12:12:05.0171 2216 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:12:05.0171 2216 Fdc - ok
12:12:05.0218 2216 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:12:05.0218 2216 Fips - ok
12:12:05.0250 2216 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:12:05.0250 2216 Flpydisk - ok
12:12:05.0296 2216 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:12:05.0312 2216 FltMgr - ok
12:12:05.0390 2216 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:12:05.0390 2216 FontCache3.0.0.0 - ok
12:12:05.0421 2216 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:12:05.0421 2216 Fs_Rec - ok
12:12:05.0468 2216 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:12:05.0484 2216 Ftdisk - ok
12:12:05.0515 2216 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:12:05.0515 2216 gameenum - ok
12:12:05.0562 2216 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:12:05.0562 2216 Gpc - ok
12:12:05.0640 2216 [ DC9847CDC43665ED4CC780947516209C ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
12:12:05.0687 2216 ha10kx2k - ok
12:12:05.0734 2216 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:12:05.0750 2216 helpsvc - ok
12:12:05.0765 2216 HidServ - ok
12:12:05.0796 2216 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:12:05.0796 2216 HidUsb - ok
12:12:05.0812 2216 hpn - ok
12:12:05.0875 2216 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:12:05.0890 2216 HTTP - ok
12:12:05.0921 2216 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:12:05.0937 2216 HTTPFilter - ok
12:12:05.0953 2216 i2omgmt - ok
12:12:05.0984 2216 i2omp - ok
12:12:06.0046 2216 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:12:06.0046 2216 i8042prt - ok
12:12:06.0140 2216 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:12:06.0187 2216 idsvc - ok
12:12:06.0234 2216 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:12:06.0234 2216 Imapi - ok
12:12:06.0296 2216 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:12:06.0312 2216 ImapiService - ok
12:12:06.0359 2216 ini910u - ok
12:12:06.0421 2216 [ EF4FDA4841001A4B98C411797DB8894A ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:12:06.0437 2216 IntelIde - ok
12:12:06.0468 2216 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:12:06.0468 2216 Ip6Fw - ok
12:12:06.0515 2216 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:12:06.0515 2216 IpFilterDriver - ok
12:12:06.0562 2216 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:12:06.0562 2216 IpInIp - ok
12:12:06.0609 2216 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:12:06.0609 2216 IpNat - ok
12:12:06.0656 2216 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:12:06.0671 2216 IPSec - ok
12:12:06.0734 2216 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:12:06.0734 2216 IRENUM - ok
12:12:06.0796 2216 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:12:06.0796 2216 isapnp - ok
12:12:06.0890 2216 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:12:06.0906 2216 JavaQuickStarterService - ok
12:12:06.0953 2216 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:12:06.0953 2216 Kbdclass - ok
12:12:07.0000 2216 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:12:07.0015 2216 kmixer - ok
12:12:07.0062 2216 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:12:07.0062 2216 KSecDD - ok
12:12:07.0109 2216 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:12:07.0125 2216 lanmanserver - ok
12:12:07.0156 2216 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:12:07.0187 2216 lanmanworkstation - ok
12:12:07.0218 2216 lbrtfdc - ok
12:12:07.0296 2216 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:12:07.0296 2216 LmHosts - ok
12:12:07.0343 2216 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:12:07.0343 2216 MBAMProtector - ok
12:12:07.0421 2216 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:12:07.0453 2216 MBAMScheduler - ok
12:12:07.0515 2216 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:12:07.0531 2216 MBAMService - ok
12:12:07.0578 2216 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:12:07.0578 2216 Messenger - ok
12:12:07.0640 2216 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:12:07.0640 2216 mnmdd - ok
12:12:07.0687 2216 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:12:07.0687 2216 mnmsrvc - ok
12:12:07.0734 2216 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:12:07.0734 2216 Modem - ok
12:12:07.0781 2216 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:12:07.0781 2216 Mouclass - ok
12:12:07.0828 2216 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:12:07.0843 2216 mouhid - ok
12:12:07.0875 2216 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:12:07.0875 2216 MountMgr - ok
12:12:07.0937 2216 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:12:07.0953 2216 MozillaMaintenance - ok
12:12:07.0984 2216 mraid35x - ok
12:12:08.0046 2216 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:12:08.0062 2216 MRxDAV - ok
12:12:08.0140 2216 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:12:08.0156 2216 MRxSmb - ok
12:12:08.0218 2216 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:12:08.0218 2216 MSDTC - ok
12:12:08.0265 2216 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:12:08.0265 2216 Msfs - ok
12:12:08.0281 2216 MSIServer - ok
12:12:08.0328 2216 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:12:08.0328 2216 MSKSSRV - ok
12:12:08.0375 2216 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:12:08.0375 2216 MSPCLOCK - ok
12:12:08.0406 2216 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:12:08.0406 2216 MSPQM - ok
12:12:08.0437 2216 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:12:08.0437 2216 mssmbios - ok
12:12:08.0500 2216 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:12:08.0500 2216 Mup - ok
12:12:08.0609 2216 [ 89844C3D3A7AAE8999E229C88E452633 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:12:08.0640 2216 NBService - ok
12:12:08.0687 2216 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:12:08.0687 2216 NDIS - ok
12:12:08.0734 2216 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:12:08.0750 2216 NdisTapi - ok
12:12:08.0796 2216 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:12:08.0796 2216 Ndisuio - ok
12:12:08.0828 2216 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:12:08.0843 2216 NdisWan - ok
12:12:08.0875 2216 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:12:08.0875 2216 NDProxy - ok
12:12:08.0906 2216 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:12:08.0921 2216 NetBIOS - ok
12:12:08.0953 2216 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:12:08.0968 2216 NetBT - ok
12:12:09.0015 2216 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:12:09.0031 2216 NetDDE - ok
12:12:09.0062 2216 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:12:09.0078 2216 NetDDEdsdm - ok
12:12:09.0109 2216 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:12:09.0109 2216 Netlogon - ok
12:12:09.0171 2216 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
12:12:09.0187 2216 Netman - ok
12:12:09.0250 2216 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:12:09.0250 2216 NetTcpPortSharing - ok
12:12:09.0296 2216 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
12:12:09.0312 2216 Nla - ok
12:12:09.0375 2216 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:12:09.0390 2216 NMIndexingService - ok
12:12:09.0437 2216 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:12:09.0437 2216 Npfs - ok
12:12:09.0531 2216 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:12:09.0562 2216 Ntfs - ok
12:12:09.0593 2216 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:12:09.0593 2216 NtLmSsp - ok
12:12:09.0671 2216 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:12:09.0687 2216 NtmsSvc - ok
12:12:09.0734 2216 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:12:09.0734 2216 Null - ok
12:12:09.0812 2216 [ 94D8A3D08D55AE9ECDE7C5103D266BE8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:12:09.0843 2216 nv - ok
12:12:09.0890 2216 [ 9AA893D93F1771E832602A81DA5CDB41 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:12:09.0890 2216 NVSvc - ok
12:12:09.0937 2216 [ 0FB63C64AFD9DFCC6131E02227443C15 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
12:12:09.0937 2216 NWCWorkstation - ok
12:12:09.0984 2216 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:12:09.0984 2216 NwlnkFlt - ok
12:12:10.0046 2216 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:12:10.0046 2216 NwlnkFwd - ok
12:12:10.0093 2216 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:12:10.0109 2216 NwlnkIpx - ok
12:12:10.0140 2216 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:12:10.0140 2216 NwlnkNb - ok
12:12:10.0187 2216 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:12:10.0187 2216 NwlnkSpx - ok
12:12:10.0218 2216 [ 03373A79440473062C6F3AEDEC6A49C8 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
12:12:10.0250 2216 NWRDR - ok
12:12:10.0328 2216 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:12:10.0328 2216 ose - ok
12:12:10.0375 2216 [ F29184BDC81C398B6027A67FF6A19895 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
12:12:10.0390 2216 ossrv - ok
12:12:10.0437 2216 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:12:10.0437 2216 Parport - ok
12:12:10.0484 2216 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:12:10.0484 2216 PartMgr - ok
12:12:10.0531 2216 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:12:10.0531 2216 ParVdm - ok
12:12:10.0562 2216 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:12:10.0578 2216 PCI - ok
12:12:10.0593 2216 PCIDump - ok
12:12:10.0625 2216 PCIIde - ok
12:12:10.0656 2216 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:12:10.0671 2216 Pcmcia - ok
12:12:10.0687 2216 PDCOMP - ok
12:12:10.0687 2216 PDFRAME - ok
12:12:10.0703 2216 PDRELI - ok
12:12:10.0734 2216 PDRFRAME - ok
12:12:10.0765 2216 perc2 - ok
12:12:10.0781 2216 perc2hib - ok
12:12:10.0890 2216 [ 2F5532F9B0F903B26847DA674B4F55B2 ] PfModNT C:\WINDOWS\system32\PfModNT.sys
12:12:10.0890 2216 PfModNT - ok
12:12:10.0937 2216 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
12:12:10.0937 2216 PlugPlay - ok
12:12:10.0984 2216 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:12:10.0984 2216 PolicyAgent - ok
12:12:11.0031 2216 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:12:11.0031 2216 PptpMiniport - ok
12:12:11.0078 2216 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:12:11.0078 2216 Processor - ok
12:12:11.0109 2216 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:12:11.0109 2216 ProtectedStorage - ok
12:12:11.0156 2216 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:12:11.0171 2216 PSched - ok
12:12:11.0187 2216 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:12:11.0203 2216 Ptilink - ok
12:12:11.0218 2216 ql1080 - ok
12:12:11.0234 2216 Ql10wnt - ok
12:12:11.0265 2216 ql12160 - ok
12:12:11.0281 2216 ql1240 - ok
12:12:11.0312 2216 ql1280 - ok
12:12:11.0343 2216 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:12:11.0343 2216 RasAcd - ok
12:12:11.0375 2216 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:12:11.0375 2216 RasAuto - ok
12:12:11.0406 2216 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:12:11.0406 2216 Rasl2tp - ok
12:12:11.0437 2216 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:12:11.0453 2216 RasMan - ok
12:12:11.0484 2216 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:12:11.0484 2216 RasPppoe - ok
12:12:11.0531 2216 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:12:11.0531 2216 Raspti - ok
12:12:11.0578 2216 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:12:11.0593 2216 Rdbss - ok
12:12:11.0625 2216 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:12:11.0625 2216 RDPCDD - ok
12:12:11.0718 2216 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:12:11.0750 2216 rdpdr - ok
12:12:11.0843 2216 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:12:11.0843 2216 RDPWD - ok
12:12:11.0890 2216 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:12:11.0906 2216 RDSessMgr - ok
12:12:11.0953 2216 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:12:11.0968 2216 redbook - ok
12:12:12.0000 2216 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:12:12.0000 2216 RemoteAccess - ok
12:12:12.0062 2216 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:12:12.0062 2216 RemoteRegistry - ok
12:12:12.0140 2216 [ 7728B6AEDC83BC0DEFD0A53371D4613B ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
12:12:12.0156 2216 RichVideo - ok
12:12:12.0203 2216 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:12:12.0203 2216 ROOTMODEM - ok
12:12:12.0250 2216 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:12:12.0265 2216 RpcLocator - ok
12:12:12.0328 2216 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:12:12.0343 2216 RpcSs - ok
12:12:12.0390 2216 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:12:12.0406 2216 RSVP - ok
12:12:12.0468 2216 [ 7B8994BD539C3D9BBD7B2A3B204C29E8 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
12:12:12.0500 2216 RT73 - ok
12:12:12.0531 2216 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
12:12:12.0531 2216 SamSs - ok
12:12:12.0546 2216 SASKUTIL - ok
12:12:12.0593 2216 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:12:12.0609 2216 SCardSvr - ok
12:12:12.0656 2216 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:12:12.0671 2216 Schedule - ok
12:12:12.0718 2216 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:12:12.0718 2216 Secdrv - ok
12:12:12.0765 2216 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:12:12.0765 2216 seclogon - ok
12:12:12.0812 2216 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
12:12:12.0812 2216 SENS - ok
12:12:12.0859 2216 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:12:12.0859 2216 serenum - ok
12:12:12.0890 2216 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:12:12.0890 2216 Serial - ok
12:12:12.0968 2216 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:12:12.0968 2216 Sfloppy - ok
12:12:13.0015 2216 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:12:13.0031 2216 SharedAccess - ok
12:12:13.0109 2216 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:12:13.0109 2216 ShellHWDetection - ok
12:12:13.0140 2216 Simbad - ok
12:12:13.0234 2216 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
12:12:13.0265 2216 smwdm - ok
12:12:13.0312 2216 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
12:12:13.0328 2216 SoundMAX Agent Service (default) - ok
12:12:13.0359 2216 Sparrow - ok
12:12:13.0390 2216 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:12:13.0406 2216 splitter - ok
12:12:13.0437 2216 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:12:13.0453 2216 Spooler - ok
12:12:13.0531 2216 [ E8B705F9ABE446AAF7A315EF8B4AEA5A ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
12:12:13.0562 2216 sptd - ok
12:12:13.0609 2216 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:12:13.0609 2216 sr - ok
12:12:13.0656 2216 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
12:12:13.0671 2216 srservice - ok
12:12:13.0718 2216 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:12:13.0734 2216 Srv - ok
12:12:13.0781 2216 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:12:13.0796 2216 SSDPSRV - ok
12:12:13.0875 2216 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:12:13.0890 2216 stisvc - ok
12:12:13.0921 2216 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:12:13.0937 2216 swenum - ok
12:12:13.0968 2216 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:12:13.0968 2216 swmidi - ok
12:12:14.0000 2216 SwPrv - ok
12:12:14.0031 2216 symc810 - ok
12:12:14.0062 2216 symc8xx - ok
12:12:14.0109 2216 sym_hi - ok
12:12:14.0125 2216 sym_u3 - ok
12:12:14.0171 2216 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:12:14.0171 2216 sysaudio - ok
12:12:14.0218 2216 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:12:14.0218 2216 SysmonLog - ok
12:12:14.0265 2216 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:12:14.0281 2216 TapiSrv - ok
12:12:14.0343 2216 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:12:14.0359 2216 Tcpip - ok
12:12:14.0390 2216 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:12:14.0390 2216 TDPIPE - ok
12:12:14.0437 2216 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:12:14.0437 2216 TDTCP - ok
12:12:14.0484 2216 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:12:14.0484 2216 TermDD - ok
12:12:14.0546 2216 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
12:12:14.0562 2216 TermService - ok
12:12:14.0609 2216 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:12:14.0609 2216 Themes - ok
12:12:14.0656 2216 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:12:14.0671 2216 TlntSvr - ok
12:12:14.0703 2216 TosIde - ok
12:12:14.0734 2216 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:12:14.0750 2216 TrkWks - ok
12:12:14.0796 2216 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:12:14.0812 2216 Udfs - ok
12:12:14.0843 2216 ultra - ok
12:12:14.0906 2216 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:12:14.0906 2216 UMWdf - ok
12:12:14.0953 2216 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:12:14.0968 2216 Update - ok
12:12:15.0031 2216 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:12:15.0046 2216 upnphost - ok
12:12:15.0078 2216 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
12:12:15.0078 2216 UPS - ok
12:12:15.0125 2216 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:12:15.0125 2216 usbccgp - ok
12:12:15.0171 2216 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:12:15.0171 2216 usbhub - ok
12:12:15.0218 2216 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:12:15.0218 2216 usbscan - ok
12:12:15.0265 2216 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:12:15.0265 2216 USBSTOR - ok
12:12:15.0296 2216 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:12:15.0312 2216 usbuhci - ok
12:12:15.0343 2216 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:12:15.0343 2216 VgaSave - ok
12:12:15.0390 2216 ViaIde - ok
12:12:15.0421 2216 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:12:15.0421 2216 VolSnap - ok
12:12:15.0484 2216 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
12:12:15.0500 2216 VSS - ok
12:12:15.0562 2216 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
12:12:15.0578 2216 W32Time - ok
12:12:15.0640 2216 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:12:15.0640 2216 Wanarp - ok
12:12:15.0671 2216 WDICA - ok
12:12:15.0718 2216 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:12:15.0718 2216 wdmaud - ok
12:12:15.0765 2216 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
12:12:15.0765 2216 WebClient - ok
12:12:15.0859 2216 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:12:15.0875 2216 winmgmt - ok
12:12:15.0968 2216 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
12:12:15.0968 2216 WMDM PMSP Service - ok
12:12:16.0015 2216 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:12:16.0031 2216 WmdmPmSN - ok
12:12:16.0093 2216 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:12:16.0125 2216 Wmi - ok
12:12:16.0187 2216 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:12:16.0203 2216 WmiApSrv - ok
12:12:16.0265 2216 [ E6D35F3AA51A65EB35C1F2340154A25E ] wonk C:\WINDOWS\system32\drivers\xkmmn.sys
12:12:16.0265 2216 wonk - ok
12:12:16.0312 2216 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:12:16.0328 2216 wscsvc - ok
12:12:16.0375 2216 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:12:16.0375 2216 wuauserv - ok
12:12:16.0437 2216 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:12:16.0468 2216 WZCSVC - ok
12:12:16.0515 2216 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:12:16.0531 2216 xmlprov - ok
12:12:16.0578 2216 ================ Scan global ===============================
12:12:16.0609 2216 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
12:12:16.0640 2216 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
12:12:16.0687 2216 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
12:12:16.0718 2216 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
12:12:16.0734 2216 [Global] - ok
12:12:16.0750 2216 ================ Scan MBR ==================================
12:12:16.0765 2216 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
12:12:16.0921 2216 \Device\Harddisk0\DR0 - ok
12:12:16.0921 2216 ================ Scan VBR ==================================
12:12:16.0937 2216 [ FFB1D52311B20A7D9E3345409DB3D344 ] \Device\Harddisk0\DR0\Partition1
12:12:16.0937 2216 \Device\Harddisk0\DR0\Partition1 - ok
12:12:16.0953 2216 [ 89B8F357F1DA9E6784E7CD4D4FB581A9 ] \Device\Harddisk0\DR0\Partition2
12:12:16.0968 2216 \Device\Harddisk0\DR0\Partition2 - ok
12:12:16.0968 2216 ============================================================
12:12:16.0968 2216 Scan finished
12:12:16.0968 2216 ============================================================
12:12:17.0000 1908 Detected object count: 0
12:12:17.0000 1908 Actual detected object count: 0
12:12:31.0234 2580 Deinitialize success

ComboFix 12-09-12.03 - Macwick 13.09.2012 12:25:41.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.349 [GMT 2:00]
Spuštěný z: c:\documents and settings\Macwick\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Macwick\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0405.exe
.
c:\windows\system32\drivers\usbehci.sys . . . chybí !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-13 do 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 07:33 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 07:33 . 2012-09-13 07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-13 07:07 . 2012-09-13 07:07 -------- d-----w- c:\documents and settings\Macwick\Local Settings\Data aplikací\ESET
2012-09-13 07:01 . 2012-09-13 07:01 -------- d-----w- c:\program files\ESET
2012-09-13 07:01 . 2012-09-13 07:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-09-11 14:22 . 2012-09-11 14:22 388096 ----a-r- c:\documents and settings\Macwick\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-11 12:37 . 2012-09-11 14:03 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-09-10 16:44 . 2012-09-10 16:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 13:46 . 2012-09-07 13:46 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2009-2-18 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\nvdesk32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DCStrong\\sdc205\\StrongDC.exe"=
"c:\\Program Files\\QIP Infium PafoPack\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector10\\PDR10.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.3.2012 8:40 104160]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.9.2012 9:33 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.9.2012 9:33 22856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2007 18:56 646392]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 18:45 114144]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\documents and settings\Macwick\Data aplikací\Mozilla\Firefox\Profiles\u912thlq.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 5.0 CZ - c:\windows\UNIN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 12:38
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????T:7????wd??w????????\???\??????????????w-??w\???\????????s`??????C@?\???\??????s????\??????s\???8:7?A??s8:7??C@?x???`|?w\?????@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\nvdesk32.dll
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\nvdesk32.dll
.
Celkový čas: 2012-09-13 12:42:03
ComboFix-quarantined-files.txt 2012-09-13 10:41
ComboFix2.txt 2010-11-23 11:27
.
Před spuštěním: 2 636 152 832
Po spuštění: 2 850 922 496
.
- - End Of File - - 36BB27AD1B327A3AFEBAC89945EEB754

[jaro3]

Odinstaluj:
GridinSoft Trojan Killer--pokud si tak již neudělal..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Folder::
c:\program files\SUPERAntiSpyware
c:\program files\GridinSoft Trojan Killer

DirLook::
c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425

Driver::
SASKUTIL
!SASCORE

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[macwix]

Tak bohužel ComboFix nedojel. Zamrzl u toho modrého okna jak se v něm píše, že probíha scan a že to může trvat 10 max. 20 min. Restartoval jsem PC když se ani po dvou hodinách nic nedělo...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:32, on 14.9.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector10" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\10.0"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5861 bytes

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 11:55:42
-----------------------------
11:55:42.203 OS Version: Windows 5.1.2600 Service Pack 2
11:55:42.203 Number of processors: 1 586 0x102
11:55:42.203 ComputerName: JARDA UserName:
11:55:42.406 Initialize success
11:55:45.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:55:45.453 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3
11:55:45.453 Disk 0 MBR read successfully
11:55:45.453 Disk 0 MBR scan
11:55:45.453 Disk 0 Windows XP default MBR code
11:55:45.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 63
11:55:45.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 56316 MB offset 40960080
11:55:45.484 Disk 0 scanning sectors +156295440
11:55:45.531 Disk 0 scanning C:\WINDOWS\system32\drivers
11:55:50.781 Service scanning
11:55:59.015 Modules scanning
11:56:05.203 Disk 0 trace - called modules:
11:56:05.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
11:56:05.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f45ab8]
11:56:05.718 3 CLASSPNP.SYS[f757005b] -> nt!IofCallDriver -> \Device\0000006a[0x82f43178]
11:56:05.718 5 ACPI.sys[f74e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82e30030]
11:56:05.718 Scan finished successfully
11:56:21.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Macwick\Plocha\MBR.dat"
11:56:21.937 The log file has been saved successfully to "C:\Documents and Settings\Macwick\Plocha\aswMBR.txt"

[Žbeky]

Cf zkus v nouzovém režimu

[jaro3]

Něco jsem zapomněl , takže v nouz. režimu s tímto:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Restore::
c:\windows\system32\drivers\usbehci.sys

Folder::
c:\program files\SUPERAntiSpyware
c:\program files\GridinSoft Trojan Killer

DirLook::
c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425

Driver::
SASKUTIL
!SASCORE

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[macwix]

ComboFix 12-09-13.03 - Macwick 17.09.2012 18:48:02.5.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.501 [GMT 2:00]
Spuštěný z: c:\documents and settings\Macwick\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Macwick\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\program files\GridinSoft Trojan Killer
c:\program files\GridinSoft Trojan Killer\logs\scan-2012-09-11 [15-13-18].log
c:\program files\GridinSoft Trojan Killer\vs.c
c:\program files\SUPERAntiSpyware
c:\program files\SUPERAntiSpyware\AppData.sas
c:\program files\SUPERAntiSpyware\SASTask.exe
.
c:\windows\system32\drivers\usbehci.sys . . . je infikován!!
.
c:\windows\system32\drivers\usbehci.sys . . . chybí !!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_!SASCORE
-------\Legacy_SASKUTIL
-------\Service_!SASCORE
-------\Service_SASKUTIL
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-17 do 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-13 07:33 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 07:33 . 2012-09-13 07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-13 07:07 . 2012-09-13 07:07 -------- d-----w- c:\documents and settings\Macwick\Local Settings\Data aplikací\ESET
2012-09-13 07:01 . 2012-09-13 07:01 -------- d-----w- c:\program files\ESET
2012-09-13 07:01 . 2012-09-13 07:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-09-11 14:22 . 2012-09-11 14:22 388096 ----a-r- c:\documents and settings\Macwick\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-10 16:44 . 2012-09-10 16:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 13:46 . 2012-09-07 13:46 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425 ----
.
2012-09-10 16:46 . 2012-09-13 05:41 1872 ----a-w- c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425\6F63A55D196CA4FF00083E3AE56C3425
2012-09-10 16:44 . 2012-09-10 16:44 4286 ----a-w- c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425\6F63A55D196CA4FF00083E3AE56C3425.ico
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-13_10.38.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-17 16:59 . 2012-09-17 16:59 16384 c:\windows\temp\Perflib_Perfdata_124.dat
+ 2007-08-12 13:18 . 2012-09-17 14:07 1744 c:\windows\system32\d3d9caps.dat
- 2007-08-12 13:18 . 2012-09-13 06:34 1744 c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2009-2-18 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\nvdesk32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DCStrong\\sdc205\\StrongDC.exe"=
"c:\\Program Files\\QIP Infium PafoPack\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector10\\PDR10.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.3.2012 8:40 104160]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.9.2012 9:33 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.9.2012 9:33 22856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2007 18:56 646392]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 18:45 114144]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\documents and settings\Macwick\Data aplikací\Mozilla\Firefox\Profiles\u912thlq.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 18:59
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????T:7????wd??w????????\???\??????????????w-??w\???\????????s`??????C@?\???\??????s????\??????s\???8:7?A??s8:7??C@?x???`|?w\?????@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-09-17 19:04:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-17 17:04
ComboFix2.txt 2010-11-23 11:27
.
Před spuštěním: 3 472 539 648
Po spuštění: 2 688 450 560
.
- - End Of File - - D5420A8D1A4F45BE69E4AFC9C52ECDAB

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:29, on 17.9.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector10" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\10.0"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\nvdesk32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5710 bytes

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 11:55:42
-----------------------------
11:55:42.203 OS Version: Windows 5.1.2600 Service Pack 2
11:55:42.203 Number of processors: 1 586 0x102
11:55:42.203 ComputerName: JARDA UserName:
11:55:42.406 Initialize success
11:55:45.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:55:45.453 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3
11:55:45.453 Disk 0 MBR read successfully
11:55:45.453 Disk 0 MBR scan
11:55:45.453 Disk 0 Windows XP default MBR code
11:55:45.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 63
11:55:45.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 56316 MB offset 40960080
11:55:45.484 Disk 0 scanning sectors +156295440
11:55:45.531 Disk 0 scanning C:\WINDOWS\system32\drivers
11:55:50.781 Service scanning
11:55:59.015 Modules scanning
11:56:05.203 Disk 0 trace - called modules:
11:56:05.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
11:56:05.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f45ab8]
11:56:05.718 3 CLASSPNP.SYS[f757005b] -> nt!IofCallDriver -> \Device\0000006a[0x82f43178]
11:56:05.718 5 ACPI.sys[f74e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82e30030]
11:56:05.718 Scan finished successfully
11:56:21.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Macwick\Plocha\MBR.dat"
11:56:21.937 The log file has been saved successfully to "C:\Documents and Settings\Macwick\Plocha\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-17 19:53:46
-----------------------------
19:53:46.656 OS Version: Windows 5.1.2600 Service Pack 2
19:53:46.656 Number of processors: 1 586 0x102
19:53:46.656 ComputerName: JARDA UserName:
19:53:47.375 Initialize success
19:53:57.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:53:57.953 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3
19:53:57.953 Disk 0 MBR read successfully
19:53:57.968 Disk 0 MBR scan
19:53:57.968 Disk 0 Windows XP default MBR code
19:53:57.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 63
19:53:57.968 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 56316 MB offset 40960080
19:53:57.984 Disk 0 scanning sectors +156295440
19:53:58.046 Disk 0 scanning C:\WINDOWS\system32\drivers
19:54:02.515 Service scanning
19:54:10.203 Modules scanning
19:54:16.796 Disk 0 trace - called modules:
19:54:16.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
19:54:16.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f6eab8]
19:54:17.312 3 CLASSPNP.SYS[f757005b] -> nt!IofCallDriver -> \Device\0000006b[0x82f09190]
19:54:17.312 5 ACPI.sys[f74e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f09540]
19:54:17.312 Scan finished successfully
19:54:28.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Macwick\Plocha\MBR.dat"
19:54:28.656 The log file has been saved successfully to "C:\Documents and Settings\Macwick\Plocha\aswMBR.txt"

[jaro3]

Stáhni si zde soubor usbehci.sys:
http://leteckaposta.cz/470198627

Rozbal , vyjmi soubor ze složky a vlož do C:\
Bude zde:
C:\usbehci.sys


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
FCOPY::
C:\usbehci.sys | c:\windows\system32\drivers\usbehci.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[macwix]

ComboFix 12-09-18.06 - Macwick 18.09.2012 17:40:16.6.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.507 [GMT 2:00]
Spuštěný z: c:\documents and settings\Macwick\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Macwick\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\msssc.dll
c:\windows\system32\shimg.dll
.
.
--------------- FCopy ---------------
.
c:\usbehci.sys --> c:\windows\system32\drivers\usbehci.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-18 do 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 15:40 . 2011-02-12 09:06 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-09-18 15:13 . 2011-02-12 09:06 30464 ------w- C:\usbehci.sys
2012-09-13 07:33 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 07:33 . 2012-09-13 07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-13 07:07 . 2012-09-13 07:07 -------- d-----w- c:\documents and settings\Macwick\Local Settings\Data aplikací\ESET
2012-09-13 07:01 . 2012-09-13 07:01 -------- d-----w- c:\program files\ESET
2012-09-13 07:01 . 2012-09-13 07:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-09-11 14:22 . 2012-09-11 14:22 388096 ----a-r- c:\documents and settings\Macwick\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-10 16:44 . 2012-09-10 16:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\6F63A55D196CA4FF00083E3AE56C3425
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 13:46 . 2012-09-07 13:46 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-13_10.38.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-18 15:51 . 2012-09-18 15:51 16384 c:\windows\temp\Perflib_Perfdata_13c.dat
+ 2007-08-12 13:18 . 2012-09-18 10:43 1744 c:\windows\system32\d3d9caps.dat
- 2007-08-12 13:18 . 2012-09-13 06:34 1744 c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2009-2-18 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\nvdesk32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DCStrong\\sdc205\\StrongDC.exe"=
"c:\\Program Files\\QIP Infium PafoPack\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector10\\PDR10.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.3.2012 8:40 104160]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.9.2012 9:33 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.9.2012 9:33 22856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2007 18:56 646392]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 18:45 114144]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\documents and settings\Macwick\Data aplikací\Mozilla\Firefox\Profiles\u912thlq.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-18 17:52
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????T:7????wd??w????????\???\??????????????w-??w\???\????????8`??????C@?\???\??????s????\??????s\???8:7?A??s8:7??C@?x???`|?w\?????@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-09-18 17:56:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-18 15:56
ComboFix2.txt 2012-09-17 17:04
ComboFix3.txt 2010-11-23 11:27
.
Před spuštěním: 3 609 939 968
Po spuštění: 2 786 766 848
.
- - End Of File - - FED7F92827048C68A5E4B52C74E0A406

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:56, on 18.9.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector10" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\10.0"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\nvdesk32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5710 bytes