Prosímo kontrolu logu z HJT Vyřešeno

[Bretal]

log z TTS killeru:

19:42:30.0046 1628 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:42:32.0046 1628 ============================================================
19:42:32.0046 1628 Current date / time: 2012/10/17 19:42:32.0046
19:42:32.0046 1628 SystemInfo:
19:42:32.0046 1628
19:42:32.0046 1628 OS Version: 5.1.2600 ServicePack: 3.0
19:42:32.0046 1628 Product type: Workstation
19:42:32.0046 1628 ComputerName: BRETAPC
19:42:32.0046 1628 UserName: Breta
19:42:32.0046 1628 Windows directory: C:\WINDOWS
19:42:32.0046 1628 System windows directory: C:\WINDOWS
19:42:32.0046 1628 Processor architecture: Intel x86
19:42:32.0046 1628 Number of processors: 2
19:42:32.0046 1628 Page size: 0x1000
19:42:32.0046 1628 Boot type: Normal boot
19:42:32.0046 1628 ============================================================
19:42:33.0671 1628 Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:42:33.0703 1628 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:42:33.0703 1628 ============================================================
19:42:33.0703 1628 \Device\Harddisk1\DR1:
19:42:33.0703 1628 MBR partitions:
19:42:33.0703 1628 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
19:42:33.0703 1628 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x22D1C04B
19:42:33.0703 1628 \Device\Harddisk0\DR0:
19:42:33.0703 1628 MBR partitions:
19:42:33.0703 1628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:42:33.0703 1628 ============================================================
19:42:33.0718 1628 C: <-> \Device\Harddisk1\DR1\Partition1
19:42:33.0750 1628 E: <-> \Device\Harddisk0\DR0\Partition1
19:42:33.0781 1628 D: <-> \Device\Harddisk1\DR1\Partition2
19:42:33.0781 1628 ============================================================
19:42:33.0781 1628 Initialize success
19:42:33.0781 1628 ============================================================
19:42:47.0937 3620 ============================================================
19:42:47.0937 3620 Scan started
19:42:47.0937 3620 Mode: Manual;
19:42:47.0937 3620 ============================================================
19:42:49.0265 3620 ================ Scan system memory ========================
19:42:49.0265 3620 System memory - ok
19:42:49.0265 3620 ================ Scan services =============================
19:42:49.0343 3620 [ 42FAEEF297D64C132862266418DBEF7F ] 602XML Updater C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
19:42:49.0343 3620 602XML Updater - ok
19:42:49.0390 3620 Abiosdsk - ok
19:42:49.0390 3620 abp480n5 - ok
19:42:49.0421 3620 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:42:49.0421 3620 ACPI - ok
19:42:49.0437 3620 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:42:49.0437 3620 ACPIEC - ok
19:42:49.0453 3620 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:42:49.0468 3620 Adobe LM Service - ok
19:42:49.0500 3620 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:42:49.0515 3620 AdobeFlashPlayerUpdateSvc - ok
19:42:49.0515 3620 adpu160m - ok
19:42:49.0546 3620 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:42:49.0546 3620 aec - ok
19:42:49.0562 3620 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:42:49.0562 3620 AFD - ok
19:42:49.0562 3620 Aha154x - ok
19:42:49.0578 3620 aic78u2 - ok
19:42:49.0578 3620 aic78xx - ok
19:42:49.0609 3620 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:42:49.0609 3620 Alerter - ok
19:42:49.0625 3620 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
19:42:49.0625 3620 ALG - ok
19:42:49.0625 3620 AliIde - ok
19:42:49.0640 3620 amsint - ok
19:42:49.0687 3620 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:42:49.0687 3620 AntiVirSchedulerService - ok
19:42:49.0703 3620 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:42:49.0703 3620 AntiVirService - ok
19:42:49.0718 3620 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:42:49.0718 3620 AppMgmt - ok
19:42:49.0718 3620 asc - ok
19:42:49.0734 3620 asc3350p - ok
19:42:49.0734 3620 asc3550 - ok
19:42:49.0796 3620 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:42:49.0812 3620 aspnet_state - ok
19:42:49.0828 3620 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:42:49.0828 3620 AsyncMac - ok
19:42:49.0828 3620 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:42:49.0828 3620 atapi - ok
19:42:49.0828 3620 Atdisk - ok
19:42:49.0859 3620 [ 3E47191DDAFFCDD9B28CBC50FB6499B5 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:42:49.0859 3620 Ati HotKey Poller - ok
19:42:49.0890 3620 [ 096C9955485F2B3F910F4C503C318D74 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
19:42:49.0906 3620 ATI Smart - ok
19:42:49.0953 3620 [ E51AA5ADF535C847072C0AED3E642912 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:42:49.0984 3620 ati2mtag - ok
19:42:50.0000 3620 [ 70F72C50D39F5AFA76C17F86223A7C4F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:42:50.0000 3620 atksgt - ok
19:42:50.0015 3620 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:42:50.0031 3620 Atmarpc - ok
19:42:50.0046 3620 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:42:50.0046 3620 AudioSrv - ok
19:42:50.0062 3620 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:42:50.0062 3620 audstub - ok
19:42:50.0078 3620 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:42:50.0078 3620 avgntflt - ok
19:42:50.0093 3620 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:42:50.0093 3620 avipbb - ok
19:42:50.0093 3620 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:42:50.0093 3620 avkmgr - ok
19:42:50.0125 3620 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:42:50.0125 3620 Beep - ok
19:42:50.0156 3620 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
19:42:50.0156 3620 BITS - ok
19:42:50.0187 3620 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
19:42:50.0187 3620 Browser - ok
19:42:50.0203 3620 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:42:50.0218 3620 cbidf2k - ok
19:42:50.0250 3620 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
19:42:50.0250 3620 CCALib8 - ok
19:42:50.0265 3620 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:42:50.0265 3620 CCDECODE - ok
19:42:50.0281 3620 cd20xrnt - ok
19:42:50.0281 3620 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:42:50.0281 3620 Cdaudio - ok
19:42:50.0296 3620 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:42:50.0312 3620 Cdfs - ok
19:42:50.0328 3620 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:42:50.0328 3620 Cdrom - ok
19:42:50.0328 3620 Changer - ok
19:42:50.0343 3620 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:42:50.0343 3620 CiSvc - ok
19:42:50.0359 3620 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:42:50.0359 3620 ClipSrv - ok
19:42:50.0390 3620 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:42:50.0390 3620 clr_optimization_v2.0.50727_32 - ok
19:42:50.0421 3620 [ 2EDB74E72FEEB39C8906E4C8C54D91A5 ] CmdAgent C:\Program Files\Comodo\Firewall\cmdagent.exe
19:42:50.0421 3620 CmdAgent - ok
19:42:50.0437 3620 CmdIde - ok
19:42:50.0437 3620 [ 7399B62C07D2340826CCAD5B4D661D35 ] CmdMon C:\WINDOWS\system32\DRIVERS\cmdmon.sys
19:42:50.0437 3620 CmdMon - ok
19:42:50.0453 3620 COMSysApp - ok
19:42:50.0468 3620 Cpqarray - ok
19:42:50.0484 3620 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:42:50.0484 3620 CryptSvc - ok
19:42:50.0484 3620 dac2w2k - ok
19:42:50.0500 3620 dac960nt - ok
19:42:50.0531 3620 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:42:50.0546 3620 DcomLaunch - ok
19:42:50.0562 3620 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:42:50.0562 3620 Dhcp - ok
19:42:50.0562 3620 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:42:50.0562 3620 Disk - ok
19:42:50.0578 3620 dmadmin - ok
19:42:50.0609 3620 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:42:50.0609 3620 dmboot - ok
19:42:50.0640 3620 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:42:50.0640 3620 dmio - ok
19:42:50.0640 3620 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:42:50.0640 3620 dmload - ok
19:42:50.0640 3620 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:42:50.0640 3620 dmserver - ok
19:42:50.0656 3620 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:42:50.0656 3620 DMusic - ok
19:42:50.0671 3620 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:42:50.0671 3620 Dnscache - ok
19:42:50.0687 3620 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:42:50.0703 3620 Dot3svc - ok
19:42:50.0703 3620 dpti2o - ok
19:42:50.0718 3620 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:42:50.0718 3620 drmkaud - ok
19:42:50.0750 3620 [ 12ACA694B50EA53563C1E7C99E7BB27D ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
19:42:50.0750 3620 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12ACA694B50EA53563C1E7C99E7BB27D
19:42:50.0750 3620 dtscsi ( LockedFile.Multi.Generic ) - warning
19:42:50.0750 3620 dtscsi - detected LockedFile.Multi.Generic (1)
19:42:50.0750 3620 dwshd - ok
19:42:50.0765 3620 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:42:50.0781 3620 EapHost - ok
19:42:50.0796 3620 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:42:50.0796 3620 ERSvc - ok
19:42:50.0812 3620 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
19:42:50.0812 3620 Eventlog - ok
19:42:50.0843 3620 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
19:42:50.0843 3620 EventSystem - ok
19:42:50.0875 3620 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:42:50.0875 3620 Fastfat - ok
19:42:50.0906 3620 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:42:50.0906 3620 FastUserSwitchingCompatibility - ok
19:42:50.0921 3620 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:42:50.0921 3620 Fdc - ok
19:42:50.0921 3620 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:42:50.0937 3620 Fips - ok
19:42:50.0953 3620 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:42:50.0968 3620 Flpydisk - ok
19:42:50.0984 3620 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:42:50.0984 3620 FltMgr - ok
19:42:51.0031 3620 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:42:51.0031 3620 FontCache3.0.0.0 - ok
19:42:51.0031 3620 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:42:51.0046 3620 Fs_Rec - ok
19:42:51.0046 3620 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:42:51.0046 3620 Ftdisk - ok
19:42:51.0046 3620 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:42:51.0062 3620 Gpc - ok
19:42:51.0062 3620 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98a2643701d4 C:\Program Files\Google\Update\GoogleUpdate.exe
19:42:51.0078 3620 gupdate1c98a2643701d4 - ok
19:42:51.0078 3620 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:42:51.0078 3620 gupdatem - ok
19:42:51.0109 3620 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:42:51.0109 3620 gusvc - ok
19:42:51.0125 3620 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:42:51.0125 3620 HDAudBus - ok
19:42:51.0156 3620 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:42:51.0156 3620 helpsvc - ok
19:42:51.0171 3620 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:42:51.0171 3620 HidServ - ok
19:42:51.0187 3620 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:42:51.0187 3620 HidUsb - ok
19:42:51.0203 3620 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:42:51.0218 3620 hkmsvc - ok
19:42:51.0218 3620 hpn - ok
19:42:51.0250 3620 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:42:51.0250 3620 HTTP - ok
19:42:51.0265 3620 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:42:51.0265 3620 HTTPFilter - ok
19:42:51.0265 3620 i2omgmt - ok
19:42:51.0281 3620 i2omp - ok
19:42:51.0312 3620 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:42:51.0312 3620 i8042prt - ok
19:42:51.0343 3620 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:42:51.0359 3620 idsvc - ok
19:42:51.0375 3620 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:42:51.0375 3620 Imapi - ok
19:42:51.0390 3620 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:42:51.0390 3620 ImapiService - ok
19:42:51.0390 3620 ini910u - ok
19:42:51.0437 3620 [ 76A44EA5960F2F7224F5E7C7A18A0E3B ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:42:51.0437 3620 Inspect - ok
19:42:51.0531 3620 [ C464CF7A58C011A70188602B55C64E99 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:42:51.0578 3620 IntcAzAudAddService - ok
19:42:51.0593 3620 IntelIde - ok
19:42:51.0609 3620 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:42:51.0609 3620 intelppm - ok
19:42:51.0625 3620 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:42:51.0625 3620 Ip6Fw - ok
19:42:51.0640 3620 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:42:51.0640 3620 IpFilterDriver - ok
19:42:51.0656 3620 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:42:51.0656 3620 IpInIp - ok
19:42:51.0671 3620 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:42:51.0671 3620 IpNat - ok
19:42:51.0687 3620 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:42:51.0687 3620 IPSec - ok
19:42:51.0703 3620 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:42:51.0703 3620 IRENUM - ok
19:42:51.0718 3620 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:42:51.0718 3620 isapnp - ok
19:42:51.0765 3620 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:42:51.0765 3620 JavaQuickStarterService - ok
19:42:51.0796 3620 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:42:51.0796 3620 Kbdclass - ok
19:42:51.0812 3620 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:42:51.0812 3620 kbdhid - ok
19:42:51.0828 3620 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:42:51.0828 3620 kmixer - ok
19:42:51.0843 3620 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:42:51.0843 3620 KSecDD - ok
19:42:51.0859 3620 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:42:51.0859 3620 lanmanserver - ok
19:42:51.0875 3620 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:42:51.0875 3620 lanmanworkstation - ok
19:42:51.0875 3620 lbrtfdc - ok
19:42:51.0906 3620 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:42:51.0906 3620 lirsgt - ok
19:42:51.0921 3620 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:42:51.0921 3620 LmHosts - ok
19:42:51.0937 3620 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:42:51.0937 3620 MBAMProtector - ok
19:42:51.0953 3620 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:42:51.0953 3620 MBAMScheduler - ok
19:42:51.0968 3620 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:42:51.0984 3620 MBAMService - ok
19:42:51.0984 3620 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:42:52.0000 3620 Messenger - ok
19:42:52.0000 3620 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:42:52.0000 3620 mnmdd - ok
19:42:52.0015 3620 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:42:52.0015 3620 mnmsrvc - ok
19:42:52.0031 3620 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:42:52.0031 3620 Modem - ok
19:42:52.0046 3620 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:42:52.0046 3620 Mouclass - ok
19:42:52.0046 3620 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:42:52.0046 3620 MountMgr - ok
19:42:52.0093 3620 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:42:52.0093 3620 MozillaMaintenance - ok
19:42:52.0093 3620 mraid35x - ok
19:42:52.0109 3620 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:42:52.0109 3620 MRxDAV - ok
19:42:52.0125 3620 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:42:52.0140 3620 MRxSmb - ok
19:42:52.0156 3620 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:42:52.0156 3620 MSDTC - ok
19:42:52.0171 3620 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:42:52.0171 3620 Msfs - ok
19:42:52.0171 3620 MSIServer - ok
19:42:52.0187 3620 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:42:52.0187 3620 MSKSSRV - ok
19:42:52.0203 3620 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:42:52.0203 3620 MSPCLOCK - ok
19:42:52.0203 3620 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:42:52.0218 3620 MSPQM - ok
19:42:52.0218 3620 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:42:52.0218 3620 mssmbios - ok
19:42:52.0250 3620 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:42:52.0250 3620 MSTEE - ok
19:42:52.0250 3620 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:42:52.0265 3620 Mup - ok
19:42:52.0265 3620 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:42:52.0265 3620 NABTSFEC - ok
19:42:52.0296 3620 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:42:52.0296 3620 napagent - ok
19:42:52.0328 3620 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:42:52.0328 3620 NDIS - ok
19:42:52.0343 3620 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:42:52.0343 3620 NdisIP - ok
19:42:52.0375 3620 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:42:52.0375 3620 NdisTapi - ok
19:42:52.0375 3620 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:42:52.0390 3620 Ndisuio - ok
19:42:52.0390 3620 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:42:52.0390 3620 NdisWan - ok
19:42:52.0406 3620 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:42:52.0406 3620 NDProxy - ok
19:42:52.0406 3620 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:42:52.0406 3620 NetBIOS - ok
19:42:52.0437 3620 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:42:52.0437 3620 NetBT - ok
19:42:52.0453 3620 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:42:52.0453 3620 NetDDE - ok
19:42:52.0453 3620 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:42:52.0453 3620 NetDDEdsdm - ok
19:42:52.0484 3620 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:42:52.0484 3620 Netlogon - ok
19:42:52.0500 3620 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
19:42:52.0500 3620 Netman - ok
19:42:52.0515 3620 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:42:52.0515 3620 NetTcpPortSharing - ok
19:42:52.0546 3620 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
19:42:52.0546 3620 Nla - ok
19:42:52.0562 3620 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:42:52.0562 3620 Npfs - ok
19:42:52.0578 3620 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:42:52.0593 3620 Ntfs - ok
19:42:52.0593 3620 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:42:52.0593 3620 NtLmSsp - ok
19:42:52.0625 3620 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:42:52.0640 3620 NtmsSvc - ok
19:42:52.0656 3620 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:42:52.0656 3620 Null - ok
19:42:52.0671 3620 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:42:52.0671 3620 NwlnkFlt - ok
19:42:52.0687 3620 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:42:52.0687 3620 NwlnkFwd - ok
19:42:52.0718 3620 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:42:52.0718 3620 ose - ok
19:42:52.0734 3620 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:42:52.0750 3620 Parport - ok
19:42:52.0750 3620 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:42:52.0750 3620 PartMgr - ok
19:42:52.0765 3620 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:42:52.0781 3620 ParVdm - ok
19:42:52.0781 3620 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:42:52.0781 3620 PCI - ok
19:42:52.0781 3620 PCIDump - ok
19:42:52.0812 3620 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:42:52.0812 3620 PCIIde - ok
19:42:52.0812 3620 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:42:52.0828 3620 Pcmcia - ok
19:42:52.0828 3620 PDCOMP - ok
19:42:52.0828 3620 PDFRAME - ok
19:42:52.0843 3620 PDRELI - ok
19:42:52.0859 3620 PDRFRAME - ok
19:42:52.0859 3620 perc2 - ok
19:42:52.0875 3620 perc2hib - ok
19:42:52.0906 3620 [ 5903FA75200807AD739286BBF40C4904 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
19:42:52.0906 3620 pfc - ok
19:42:52.0906 3620 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
19:42:52.0906 3620 PlugPlay - ok
19:42:52.0921 3620 [ 0E01D7EEBADA0B324DB0CA1EE73440BA ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
19:42:52.0921 3620 PnkBstrA - ok
19:42:52.0937 3620 [ 1428E6CC1458A36CBFC1F2E304C7C42D ] PnkBstrB C:\WINDOWS\system32\PnkBstrB.exe
19:42:52.0937 3620 PnkBstrB - ok
19:42:52.0937 3620 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:42:52.0937 3620 PolicyAgent - ok
19:42:52.0953 3620 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:42:52.0953 3620 PptpMiniport - ok
19:42:52.0953 3620 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:42:52.0953 3620 ProtectedStorage - ok
19:42:52.0953 3620 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:42:52.0953 3620 PSched - ok
19:42:52.0968 3620 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:42:52.0968 3620 Ptilink - ok
19:42:52.0984 3620 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:42:52.0984 3620 PxHelp20 - ok
19:42:52.0984 3620 ql1080 - ok
19:42:52.0984 3620 Ql10wnt - ok
19:42:52.0984 3620 ql12160 - ok
19:42:53.0000 3620 ql1240 - ok
19:42:53.0000 3620 ql1280 - ok
19:42:53.0000 3620 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:42:53.0000 3620 RasAcd - ok
19:42:53.0015 3620 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:42:53.0031 3620 RasAuto - ok
19:42:53.0031 3620 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:42:53.0031 3620 Rasl2tp - ok
19:42:53.0062 3620 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:42:53.0062 3620 RasMan - ok
19:42:53.0062 3620 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:42:53.0062 3620 RasPppoe - ok
19:42:53.0078 3620 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:42:53.0078 3620 Raspti - ok
19:42:53.0093 3620 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:42:53.0093 3620 Rdbss - ok
19:42:53.0109 3620 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:42:53.0109 3620 RDPCDD - ok
19:42:53.0109 3620 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:42:53.0109 3620 rdpdr - ok
19:42:53.0140 3620 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:42:53.0140 3620 RDPWD - ok
19:42:53.0156 3620 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:42:53.0156 3620 RDSessMgr - ok
19:42:53.0171 3620 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:42:53.0171 3620 redbook - ok
19:42:53.0187 3620 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:42:53.0187 3620 RemoteAccess - ok
19:42:53.0203 3620 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:42:53.0203 3620 RemoteRegistry - ok
19:42:53.0218 3620 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:42:53.0234 3620 RpcLocator - ok
19:42:53.0250 3620 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:42:53.0250 3620 RpcSs - ok
19:42:53.0265 3620 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:42:53.0281 3620 RSVP - ok
19:42:53.0359 3620 [ 017CC2E361A47461472BC4C08BD12440 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMI.sys
19:42:53.0390 3620 RTHDMIAzAudService - ok
19:42:53.0406 3620 [ 36ADA62330C31AD314E4A26B815FC485 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:42:53.0406 3620 RTLE8023xp - ok
19:42:53.0406 3620 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
19:42:53.0406 3620 SamSs - ok
19:42:53.0421 3620 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:42:53.0421 3620 SCardSvr - ok
19:42:53.0453 3620 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:42:53.0453 3620 Schedule - ok
19:42:53.0484 3620 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:42:53.0484 3620 Secdrv - ok
19:42:53.0484 3620 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:42:53.0484 3620 seclogon - ok
19:42:53.0484 3620 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
19:42:53.0484 3620 SENS - ok
19:42:53.0500 3620 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:42:53.0500 3620 serenum - ok
19:42:53.0515 3620 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:42:53.0515 3620 Serial - ok
19:42:53.0546 3620 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:42:53.0546 3620 Sfloppy - ok
19:42:53.0578 3620 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:42:53.0578 3620 SharedAccess - ok
19:42:53.0593 3620 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:42:53.0593 3620 ShellHWDetection - ok
19:42:53.0593 3620 Simbad - ok
19:42:53.0609 3620 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:42:53.0609 3620 SLIP - ok
19:42:53.0625 3620 Sparrow - ok
19:42:53.0656 3620 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:42:53.0656 3620 splitter - ok
19:42:53.0671 3620 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:42:53.0671 3620 Spooler - ok
19:42:53.0703 3620 [ 354F377B33C388E74D189000571DF766 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
19:42:53.0703 3620 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 354F377B33C388E74D189000571DF766
19:42:53.0703 3620 sptd ( LockedFile.Multi.Generic ) - warning
19:42:53.0703 3620 sptd - detected LockedFile.Multi.Generic (1)
19:42:53.0718 3620 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:42:53.0718 3620 sr - ok
19:42:53.0734 3620 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
19:42:53.0734 3620 srservice - ok
19:42:53.0750 3620 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:42:53.0750 3620 Srv - ok
19:42:53.0750 3620 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:42:53.0765 3620 SSDPSRV - ok
19:42:53.0796 3620 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:42:53.0796 3620 ssmdrv - ok
19:42:53.0812 3620 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:42:53.0812 3620 stisvc - ok
19:42:53.0828 3620 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:42:53.0828 3620 streamip - ok
19:42:53.0859 3620 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:42:53.0859 3620 swenum - ok
19:42:53.0859 3620 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:42:53.0859 3620 swmidi - ok
19:42:53.0859 3620 SwPrv - ok
19:42:53.0875 3620 symc810 - ok
19:42:53.0890 3620 symc8xx - ok
19:42:53.0890 3620 sym_hi - ok
19:42:53.0906 3620 sym_u3 - ok
19:42:53.0921 3620 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:42:53.0921 3620 sysaudio - ok
19:42:53.0937 3620 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:42:53.0937 3620 SysmonLog - ok
19:42:53.0953 3620 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:42:53.0953 3620 TapiSrv - ok
19:42:53.0968 3620 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:42:53.0984 3620 Tcpip - ok
19:42:54.0000 3620 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:42:54.0000 3620 TDPIPE - ok
19:42:54.0015 3620 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:42:54.0015 3620 TDTCP - ok
19:42:54.0015 3620 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:42:54.0015 3620 TermDD - ok
19:42:54.0031 3620 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
19:42:54.0031 3620 TermService - ok
19:42:54.0046 3620 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:42:54.0046 3620 Themes - ok
19:42:54.0062 3620 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:42:54.0062 3620 TlntSvr - ok
19:42:54.0062 3620 TosIde - ok
19:42:54.0078 3620 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:42:54.0078 3620 TrkWks - ok
19:42:54.0093 3620 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:42:54.0093 3620 Udfs - ok
19:42:54.0109 3620 ultra - ok
19:42:54.0109 3620 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:42:54.0125 3620 Update - ok
19:42:54.0125 3620 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
19:42:54.0140 3620 upnphost - ok
19:42:54.0156 3620 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
19:42:54.0156 3620 UPS - ok
19:42:54.0171 3620 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:42:54.0171 3620 usbccgp - ok
19:42:54.0187 3620 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:42:54.0187 3620 usbehci - ok
19:42:54.0203 3620 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:42:54.0203 3620 usbhub - ok
19:42:54.0218 3620 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:42:54.0218 3620 usbprint - ok
19:42:54.0234 3620 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:42:54.0234 3620 usbscan - ok
19:42:54.0250 3620 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:42:54.0250 3620 USBSTOR - ok
19:42:54.0250 3620 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:42:54.0250 3620 usbuhci - ok
19:42:54.0265 3620 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:42:54.0265 3620 usbvideo - ok
19:42:54.0281 3620 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:42:54.0281 3620 VgaSave - ok
19:42:54.0281 3620 ViaIde - ok
19:42:54.0296 3620 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:42:54.0312 3620 VolSnap - ok
19:42:54.0328 3620 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
19:42:54.0328 3620 VSS - ok
19:42:54.0343 3620 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
19:42:54.0343 3620 W32Time - ok
19:42:54.0359 3620 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:42:54.0359 3620 Wanarp - ok
19:42:54.0359 3620 WDICA - ok
19:42:54.0375 3620 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:42:54.0375 3620 wdmaud - ok
19:42:54.0375 3620 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:42:54.0390 3620 WebClient - ok
19:42:54.0421 3620 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:42:54.0437 3620 winmgmt - ok
19:42:54.0453 3620 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:42:54.0453 3620 WmdmPmSN - ok
19:42:54.0484 3620 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:42:54.0500 3620 Wmi - ok
19:42:54.0515 3620 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:42:54.0515 3620 WmiApSrv - ok
19:42:54.0546 3620 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:42:54.0562 3620 WMPNetworkSvc - ok
19:42:54.0578 3620 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:42:54.0578 3620 WS2IFSL - ok
19:42:54.0609 3620 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:42:54.0609 3620 wscsvc - ok
19:42:54.0625 3620 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:42:54.0625 3620 WSTCODEC - ok
19:42:54.0640 3620 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:42:54.0640 3620 wuauserv - ok
19:42:54.0671 3620 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:42:54.0671 3620 WudfPf - ok
19:42:54.0687 3620 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:42:54.0687 3620 WudfRd - ok
19:42:54.0687 3620 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:42:54.0703 3620 WudfSvc - ok
19:42:54.0734 3620 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:42:54.0734 3620 WZCSVC - ok
19:42:54.0750 3620 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:42:54.0750 3620 xmlprov - ok
19:42:54.0765 3620 ================ Scan global ===============================
19:42:54.0781 3620 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
19:42:54.0796 3620 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:42:54.0812 3620 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:42:54.0828 3620 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
19:42:54.0828 3620 [Global] - ok
19:42:54.0828 3620 ================ Scan MBR ==================================
19:42:54.0828 3620 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
19:42:54.0984 3620 \Device\Harddisk1\DR1 - ok
19:42:54.0984 3620 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
19:42:54.0984 3620 \Device\Harddisk0\DR0 - ok
19:42:54.0984 3620 ================ Scan VBR ==================================
19:42:55.0000 3620 [ 0182D003F944059F8588005C38DCF8BF ] \Device\Harddisk1\DR1\Partition1
19:42:55.0000 3620 \Device\Harddisk1\DR1\Partition1 - ok
19:42:55.0015 3620 [ 4E2628A49EC87901529387A5AB2F9BF2 ] \Device\Harddisk1\DR1\Partition2
19:42:55.0015 3620 \Device\Harddisk1\DR1\Partition2 - ok
19:42:55.0015 3620 [ 021423980AC2A3CE06933E80A0CD0821 ] \Device\Harddisk0\DR0\Partition1
19:42:55.0015 3620 \Device\Harddisk0\DR0\Partition1 - ok
19:42:55.0015 3620 ============================================================
19:42:55.0015 3620 Scan finished
19:42:55.0015 3620 ============================================================
19:42:55.0031 2212 Detected object count: 2
19:42:55.0031 2212 Actual detected object count: 2
19:44:49.0140 2212 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
19:44:49.0140 2212 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
19:44:49.0140 2212 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:44:49.0140 2212 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:44:53.0328 3136 Deinitialize success

[Reklama]

[Bretal]

log z COMBOfixu:

ComboFix 12-10-17.05 - Breta 17.10.2012 20:00:05.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2745 [GMT 2:00]
Spuštěný z: c:\documents and settings\Breta\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\msstdfmt.dll
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-17 do 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-16 19:59 . 2012-10-16 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-16 19:59 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 15:02 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-10-06 15:02 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-10-06 15:02 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-06 15:02 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-10-06 15:02 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-10-06 15:02 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 15:09 . 2012-04-17 16:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 15:09 . 2011-06-03 03:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 09:29 . 2012-09-13 09:29 1409 ----a-w- c:\windows\QTFont.for
2012-09-03 18:00 . 2012-09-03 18:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-03 18:00 . 2012-09-03 18:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 18:00 . 2010-08-20 10:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-03 18:00 . 2008-02-21 18:52 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-03 14:10 . 2012-02-17 15:42 74 ----a-w- c:\documents and settings\Breta\Data aplikací\fspro2_1.tmp
2012-08-28 15:18 . 2004-08-17 14:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 14:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 14:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 14:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 14:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-17 14:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-10-29 14:24 . 2009-01-09 17:11 11600880 ----a-w- c:\program files\tru.dat
2008-10-29 12:26 . 2009-01-09 17:12 328280 ----a-w- c:\program files\fmodex.dll
2008-10-29 12:26 . 2009-01-09 17:12 353880 ----a-w- c:\program files\binkw32.dll
2008-01-31 18:35 . 2008-01-31 18:35 7943248 ----a-w- c:\program files\CFP_Setup_English_2.4.18.184.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-01-31 1115728]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-04-12 222776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2008 12:48 642560]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3.7.2012 15:55 36000]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.3.2011 10:59 84520]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3.7.2012 15:55 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16.10.2012 21:59 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16.10.2012 21:59 22856]
S2 gupdate1c98a2643701d4;Google Update Service (gupdate1c98a2643701d4);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 21:47 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.4.2012 18:19 250808]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 21:47 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25.4.2012 13:21 114144]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 15:09]
.
2012-10-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-09 13:41]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 19:46]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 19:46]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{910685FD-1C76-45D0-BAFB-BCEA129EED5D}: NameServer = 10.40.93.1,217.112.160.1
FF - ProfilePath - c:\documents and settings\Breta\Data aplikací\Mozilla\Firefox\Profiles\cbnlzhx3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-17 20:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-10-17 20:04:11
ComboFix-quarantined-files.txt 2012-10-17 18:04
.
Před spuštěním: 5 591 887 872
Po spuštění: 5 627 789 312
.
- - End Of File - - 6B86A5B6D82BB97DC96E1E4C1C99D093

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\documents and settings\Breta\Data aplikací\fspro2_1.tmp
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\Update
c:\program files\Google\Common\Google Updater

Driver::
gupdate1c98a2643701d4
gupdatem


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu


Toto otestuj na Virustotal
C:\WINDOWS\system32\Drivers\sptd.sys
C:\WINDOWS\System32\Drivers\dtscsi.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Bretal]

Tak jsem udělal to s tím COMBOfixem a trvalo to nekonečně dlouho a vyvrcholilo to tim, že se komp v důsledku výpadku elektřiny vypnul před dokončením procesu . CO TEĎ?

DÍKY

[Orcus]

Použij nástroj Obnovení systému pokud PC nenabíhá. Pokud nabíhá, proveď CF znovu.

[Bretal]

No naběhnul, ale nic nefunguje jak před tím - Firefox je nastavený úplně jinak. Nicméně provedu to CF. Díky

[jaro3]

Několikrát si restartoval? Tak udělej tu obnovu systému ,jak píše Orcus: vyber nějaký bod obnovy ,, předtím než to zhaslo.

[Bretal]

Ne,komp serestartoval jen jednou, ale udělal jsem znava to s tím COMBOfixem a jelo to cleou noc a furt akorát modrý rámeček, který naběhne hned po startu (jako nějaké zelené písmenka na černémpodkladě tam běhaly, ale pak je ten modrý rámeček, a ten mně vydržel celou noc bez hnutí).

Vím, že se ptám asi blbě, aleobnova systému - co toje a jak se to dělá?

Moc děkuji

[jaro3]

Pokud se dostaneš do nouz. režimu ( po startu držet klávesu F8 u PC , u NB myslím F2).

http://support.microsoft.com/kb/306084/cs

[Bretal]

tak sem provedl (konečně) tu obnovu systému a začala mně stávkovat Avira. mám zkusit obnovu systému na dřívejší datum? nebo udělat znova ten COMBOFIX nebo nejdřív otestovat ten podezřelý soubor ve VirusTotalu? já vím, že jako prostě asi píšu úplné blbosti, ale já fakt nevím, proto se tak ptám. a taky su z toho všeho podělaný, protože bez kompu su namydlený. moc děkuji za vaše rady

[Bretal]

Aviru jsem přeinstaloval a už jede normálně. - To jen tak pro informaci. Těším s ena další pokyny na záchranu mého stroje :-) Předem díky

[Orcus]

Pokud si obnovil systém, otestuj ten soubor a proveď ten CF.