Kontrola logu Vyřešeno

[Adys301]

Posílám log z PC mého táty z HiJackThis a Malwarebytes. ATF Cleaner jsem již použil. V Malwarebytes to našlo nějaké svinstvo, ale řekl bych, že to má něco společného s tátovy pirátskými XP.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:55:22, on 9.11.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe
D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Seznam.cz\postak.exe
D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe
D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\Suo10_SmartRAM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\ATI Technologies\ATI.ACE\DualCoreCenter.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\Davosa\Dokumenty\Stažené soubory\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={2FFA2992-2683-11E2-9CC6-001D9206C4CD}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={2FFA2992-2683-11E2-9CC6-001D9206C4CD}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - D:\Program Files\Seznam.cz\listicka.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - D:\Program Files\Seznam.cz\toolbar\toolbar.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "D:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Advanced SystemCare 5] "D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [SmartRAM] "D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\Suo10_SmartRAM.exe" /m
O4 - HKCU\..\Run: [RDReminder] D:\Program Files\Dll-Files.com Fixer\DLLFixer.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - D:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - D:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - D:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - D:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe
O23 - Service: AdvancedSystemCareAntivirus (ASCAntivirusSrv) - IOBit - D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6254 bytes


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.08.09

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Davosa :: BARBONE [administrátor]

Ochrana: Zakázána

9.11.2012 23:55:54
mbam-log-2012-11-09 (23-59-22).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 179467
Uplynulý čas: 2 minut, 43 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 1
D:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> Žádná instrukce nebyla provedena.

Nalezené klíče v registru: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa (PUP.Wpakill) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa (Trojan.I.Stole.Windows) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
D:\WINDOWS\system32\antiwpa.dll (PUP.Wpakill) -> Žádná instrukce nebyla provedena.
D:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Žádná instrukce nebyla provedena.

(konec)

[Reklama]

[Orcus]

Odinstaluj:
SweetIM Toolbar

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&arid={2FFA2992-2683-11E2-9CC6-001D9206C4CD}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={2FFA2992-2683-11E2-9CC6-001D9206C4CD}
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

====================================================

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

====================================================

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

[Adys301]

Po promazání nejsou XP aktivované, musel jsem aktivátor použít znovu ...

22:32:17.0234 4044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:32:17.0328 4044 ============================================================
22:32:17.0328 4044 Current date / time: 2012/11/10 22:32:17.0328
22:32:17.0328 4044 SystemInfo:
22:32:17.0328 4044
22:32:17.0328 4044 OS Version: 5.1.2600 ServicePack: 2.0
22:32:17.0328 4044 Product type: Workstation
22:32:17.0328 4044 ComputerName: BARBONE
22:32:17.0328 4044 UserName: Davosa
22:32:17.0328 4044 Windows directory: D:\WINDOWS
22:32:17.0328 4044 System windows directory: D:\WINDOWS
22:32:17.0328 4044 Processor architecture: Intel x86
22:32:17.0328 4044 Number of processors: 2
22:32:17.0328 4044 Page size: 0x1000
22:32:17.0328 4044 Boot type: Normal boot
22:32:17.0328 4044 ============================================================
22:32:18.0546 4044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:32:18.0546 4044 ============================================================
22:32:18.0546 4044 \Device\Harddisk0\DR0:
22:32:18.0546 4044 MBR partitions:
22:32:18.0546 4044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x148BCE52
22:32:18.0562 4044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x148BCED0, BlocksNum 0x89076B1
22:32:18.0562 4044 ============================================================
22:32:18.0593 4044 C: <-> \Device\Harddisk0\DR0\Partition1
22:32:18.0656 4044 D: <-> \Device\Harddisk0\DR0\Partition2
22:32:18.0656 4044 ============================================================
22:32:18.0656 4044 Initialize success
22:32:18.0656 4044 ============================================================
22:32:21.0578 2316 ============================================================
22:32:21.0578 2316 Scan started
22:32:21.0578 2316 Mode: Manual;
22:32:21.0578 2316 ============================================================
22:32:21.0968 2316 ================ Scan system memory ========================
22:32:21.0968 2316 System memory - ok
22:32:21.0968 2316 ================ Scan services =============================
22:32:22.0078 2316 Abiosdsk - ok
22:32:22.0078 2316 abp480n5 - ok
22:32:22.0109 2316 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI D:\WINDOWS\system32\DRIVERS\ACPI.sys
22:32:22.0125 2316 ACPI - ok
22:32:22.0140 2316 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC D:\WINDOWS\system32\drivers\ACPIEC.sys
22:32:22.0187 2316 ACPIEC - ok
22:32:22.0250 2316 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:32:22.0250 2316 AdobeFlashPlayerUpdateSvc - ok
22:32:22.0265 2316 adpu160m - ok
22:32:22.0343 2316 [ B5C089558C870482D871B7C4FF20B38D ] AdvancedSystemCareService5 D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe
22:32:22.0359 2316 AdvancedSystemCareService5 - ok
22:32:22.0390 2316 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec D:\WINDOWS\system32\drivers\aec.sys
22:32:22.0390 2316 aec - ok
22:32:22.0421 2316 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD D:\WINDOWS\System32\drivers\afd.sys
22:32:22.0421 2316 AFD - ok
22:32:22.0421 2316 Aha154x - ok
22:32:22.0437 2316 aic78u2 - ok
22:32:22.0437 2316 aic78xx - ok
22:32:22.0468 2316 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter D:\WINDOWS\system32\alrsvc.dll
22:32:22.0484 2316 Alerter - ok
22:32:22.0500 2316 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG D:\WINDOWS\System32\alg.exe
22:32:22.0500 2316 ALG - ok
22:32:22.0515 2316 AliIde - ok
22:32:22.0593 2316 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt D:\WINDOWS\system32\drivers\Ambfilt.sys
22:32:22.0656 2316 Ambfilt - ok
22:32:22.0687 2316 [ FCFFA85CFD4BF7A4711012847048DCA3 ] AmdK8 D:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:32:22.0687 2316 AmdK8 - ok
22:32:22.0734 2316 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM D:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:32:22.0734 2316 AmdPPM - ok
22:32:22.0734 2316 amsint - ok
22:32:22.0750 2316 asc - ok
22:32:22.0750 2316 asc3350p - ok
22:32:22.0765 2316 asc3550 - ok
22:32:22.0812 2316 [ 40F097E46500ED26DBE56EB87EE7E6B6 ] ASCAntivirusSrv D:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe
22:32:22.0812 2316 ASCAntivirusSrv - ok
22:32:22.0890 2316 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:32:22.0906 2316 aspnet_state - ok
22:32:22.0937 2316 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac D:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:32:22.0937 2316 AsyncMac - ok
22:32:22.0984 2316 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi D:\WINDOWS\system32\DRIVERS\atapi.sys
22:32:22.0984 2316 atapi - ok
22:32:22.0984 2316 Atdisk - ok
22:32:23.0031 2316 [ 8FDB05AFF463CB36BE0FD3BC779121CD ] Ati HotKey Poller D:\WINDOWS\system32\Ati2evxx.exe
22:32:23.0046 2316 Ati HotKey Poller - ok
22:32:23.0312 2316 [ 175DDF9AE328CB0D8696094FA1346361 ] ati2mtag D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:32:23.0390 2316 ati2mtag - ok
22:32:23.0406 2316 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc D:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:32:23.0406 2316 Atmarpc - ok
22:32:23.0437 2316 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv D:\WINDOWS\System32\audiosrv.dll
22:32:23.0437 2316 AudioSrv - ok
22:32:23.0453 2316 [ D9F724AA26C010A217C97606B160ED68 ] audstub D:\WINDOWS\system32\DRIVERS\audstub.sys
22:32:23.0453 2316 audstub - ok
22:32:23.0500 2316 [ C3E025D46368E3D18085EEF26EF6F6A1 ] bdfsfltr D:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
22:32:23.0500 2316 bdfsfltr - ok
22:32:23.0531 2316 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep D:\WINDOWS\system32\drivers\Beep.sys
22:32:23.0531 2316 Beep - ok
22:32:23.0578 2316 [ E774A26610EC92674273486612C11CFC ] BITS D:\WINDOWS\system32\qmgr.dll
22:32:23.0593 2316 BITS - ok
22:32:23.0625 2316 [ F219E27E88107A50544153898DD8178E ] Browser D:\WINDOWS\System32\browser.dll
22:32:23.0640 2316 Browser - ok
22:32:23.0656 2316 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k D:\WINDOWS\system32\drivers\cbidf2k.sys
22:32:23.0671 2316 cbidf2k - ok
22:32:23.0687 2316 cd20xrnt - ok
22:32:23.0687 2316 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio D:\WINDOWS\system32\drivers\Cdaudio.sys
22:32:23.0687 2316 Cdaudio - ok
22:32:23.0734 2316 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs D:\WINDOWS\system32\drivers\Cdfs.sys
22:32:23.0734 2316 Cdfs - ok
22:32:23.0750 2316 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom D:\WINDOWS\system32\DRIVERS\cdrom.sys
22:32:23.0750 2316 Cdrom - ok
22:32:23.0750 2316 Changer - ok
22:32:23.0765 2316 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc D:\WINDOWS\system32\cisvc.exe
22:32:23.0781 2316 CiSvc - ok
22:32:23.0781 2316 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv D:\WINDOWS\system32\clipsrv.exe
22:32:23.0781 2316 ClipSrv - ok
22:32:23.0812 2316 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:32:23.0812 2316 clr_optimization_v2.0.50727_32 - ok
22:32:23.0843 2316 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:32:23.0890 2316 clr_optimization_v4.0.30319_32 - ok
22:32:23.0890 2316 CmdIde - ok
22:32:23.0906 2316 COMSysApp - ok
22:32:23.0906 2316 Cpqarray - ok
22:32:23.0984 2316 cpuz130 - ok
22:32:24.0031 2316 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc D:\WINDOWS\System32\cryptsvc.dll
22:32:24.0031 2316 CryptSvc - ok
22:32:24.0031 2316 dac2w2k - ok
22:32:24.0046 2316 dac960nt - ok
22:32:24.0093 2316 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch D:\WINDOWS\system32\rpcss.dll
22:32:24.0109 2316 DcomLaunch - ok
22:32:24.0125 2316 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp D:\WINDOWS\System32\dhcpcsvc.dll
22:32:24.0125 2316 Dhcp - ok
22:32:24.0140 2316 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk D:\WINDOWS\system32\DRIVERS\disk.sys
22:32:24.0140 2316 Disk - ok
22:32:24.0140 2316 dmadmin - ok
22:32:24.0203 2316 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot D:\WINDOWS\system32\drivers\dmboot.sys
22:32:24.0218 2316 dmboot - ok
22:32:24.0218 2316 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio D:\WINDOWS\system32\drivers\dmio.sys
22:32:24.0234 2316 dmio - ok
22:32:24.0250 2316 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload D:\WINDOWS\system32\drivers\dmload.sys
22:32:24.0250 2316 dmload - ok
22:32:24.0250 2316 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver D:\WINDOWS\System32\dmserver.dll
22:32:24.0265 2316 dmserver - ok
22:32:24.0281 2316 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic D:\WINDOWS\system32\drivers\DMusic.sys
22:32:24.0281 2316 DMusic - ok
22:32:24.0296 2316 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache D:\WINDOWS\System32\dnsrslvr.dll
22:32:24.0296 2316 Dnscache - ok
22:32:24.0296 2316 dpti2o - ok
22:32:24.0312 2316 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud D:\WINDOWS\system32\drivers\drmkaud.sys
22:32:24.0312 2316 drmkaud - ok
22:32:24.0343 2316 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc D:\WINDOWS\System32\ersvc.dll
22:32:24.0359 2316 ERSvc - ok
22:32:24.0375 2316 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog D:\WINDOWS\system32\services.exe
22:32:24.0375 2316 Eventlog - ok
22:32:24.0390 2316 [ 972378B907070F64932A87C90A035487 ] EventSystem D:\WINDOWS\system32\es.dll
22:32:24.0390 2316 EventSystem - ok
22:32:24.0406 2316 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat D:\WINDOWS\system32\drivers\Fastfat.sys
22:32:24.0421 2316 Fastfat - ok
22:32:24.0437 2316 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
22:32:24.0437 2316 FastUserSwitchingCompatibility - ok
22:32:24.0453 2316 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc D:\WINDOWS\system32\DRIVERS\fdc.sys
22:32:24.0453 2316 Fdc - ok
22:32:24.0468 2316 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips D:\WINDOWS\system32\drivers\Fips.sys
22:32:24.0468 2316 Fips - ok
22:32:24.0484 2316 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk D:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:32:24.0484 2316 Flpydisk - ok
22:32:24.0515 2316 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr D:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:32:24.0515 2316 FltMgr - ok
22:32:24.0531 2316 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec D:\WINDOWS\system32\drivers\Fs_Rec.sys
22:32:24.0531 2316 Fs_Rec - ok
22:32:24.0546 2316 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk D:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:32:24.0562 2316 Ftdisk - ok
22:32:24.0593 2316 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio D:\WINDOWS\system32\giveio.sys
22:32:24.0593 2316 giveio - ok
22:32:24.0609 2316 GMSIPCI - ok
22:32:24.0609 2316 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc D:\WINDOWS\system32\DRIVERS\msgpc.sys
22:32:24.0609 2316 Gpc - ok
22:32:24.0671 2316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate D:\Program Files\Google\Update\GoogleUpdate.exe
22:32:24.0671 2316 gupdate - ok
22:32:24.0687 2316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem D:\Program Files\Google\Update\GoogleUpdate.exe
22:32:24.0687 2316 gupdatem - ok
22:32:24.0703 2316 [ 7929A161F9951D173CA9900FE7067391 ] hamachi D:\WINDOWS\system32\DRIVERS\hamachi.sys
22:32:24.0703 2316 hamachi - ok
22:32:24.0828 2316 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
22:32:24.0859 2316 Hamachi2Svc - ok
22:32:24.0890 2316 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:32:24.0890 2316 HDAudBus - ok
22:32:24.0953 2316 [ F59152272782FED8A8197FA788287F68 ] helpsvc D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:32:24.0968 2316 helpsvc - ok
22:32:25.0000 2316 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb D:\WINDOWS\system32\DRIVERS\hidusb.sys
22:32:25.0000 2316 hidusb - ok
22:32:25.0000 2316 hpn - ok
22:32:25.0046 2316 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP D:\WINDOWS\system32\Drivers\HTTP.sys
22:32:25.0046 2316 HTTP - ok
22:32:25.0078 2316 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter D:\WINDOWS\System32\w3ssl.dll
22:32:25.0109 2316 HTTPFilter - ok
22:32:25.0109 2316 i2omgmt - ok
22:32:25.0109 2316 i2omp - ok
22:32:25.0125 2316 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt D:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:32:25.0125 2316 i8042prt - ok
22:32:25.0140 2316 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi D:\WINDOWS\system32\DRIVERS\imapi.sys
22:32:25.0140 2316 Imapi - ok
22:32:25.0171 2316 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService D:\WINDOWS\system32\imapi.exe
22:32:25.0171 2316 ImapiService - ok
22:32:25.0187 2316 ini910u - ok
22:32:25.0390 2316 [ 063DD51CBDC37B8668E09148E0A118BC ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys
22:32:25.0437 2316 IntcAzAudAddService - ok
22:32:25.0437 2316 IntelIde - ok
22:32:25.0468 2316 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:32:25.0468 2316 Ip6Fw - ok
22:32:25.0500 2316 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:32:25.0515 2316 IpFilterDriver - ok
22:32:25.0515 2316 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp D:\WINDOWS\system32\DRIVERS\ipinip.sys
22:32:25.0515 2316 IpInIp - ok
22:32:25.0515 2316 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat D:\WINDOWS\system32\DRIVERS\ipnat.sys
22:32:25.0531 2316 IpNat - ok
22:32:25.0562 2316 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec D:\WINDOWS\system32\DRIVERS\ipsec.sys
22:32:25.0562 2316 IPSec - ok
22:32:25.0578 2316 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM D:\WINDOWS\system32\DRIVERS\irenum.sys
22:32:25.0578 2316 IRENUM - ok
22:32:25.0609 2316 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp D:\WINDOWS\system32\DRIVERS\isapnp.sys
22:32:25.0609 2316 isapnp - ok
22:32:25.0718 2316 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService D:\Program Files\Java\jre7\bin\jqs.exe
22:32:25.0718 2316 JavaQuickStarterService - ok
22:32:25.0750 2316 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass D:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:32:25.0750 2316 Kbdclass - ok
22:32:25.0781 2316 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer D:\WINDOWS\system32\drivers\kmixer.sys
22:32:25.0781 2316 kmixer - ok
22:32:25.0781 2316 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD D:\WINDOWS\system32\drivers\KSecDD.sys
22:32:25.0781 2316 KSecDD - ok
22:32:25.0812 2316 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver D:\WINDOWS\System32\srvsvc.dll
22:32:25.0828 2316 lanmanserver - ok
22:32:25.0843 2316 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
22:32:25.0843 2316 lanmanworkstation - ok
22:32:25.0859 2316 lbrtfdc - ok
22:32:25.0875 2316 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts D:\WINDOWS\System32\lmhsvc.dll
22:32:25.0890 2316 LmHosts - ok
22:32:25.0906 2316 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector D:\WINDOWS\system32\drivers\mbam.sys
22:32:25.0921 2316 MBAMProtector - ok
22:32:25.0953 2316 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:32:26.0000 2316 MBAMScheduler - ok
22:32:26.0031 2316 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:32:26.0093 2316 MBAMService - ok
22:32:26.0125 2316 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger D:\WINDOWS\System32\msgsvc.dll
22:32:26.0125 2316 Messenger - ok
22:32:26.0156 2316 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd D:\WINDOWS\system32\drivers\mnmdd.sys
22:32:26.0156 2316 mnmdd - ok
22:32:26.0187 2316 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc D:\WINDOWS\system32\mnmsrvc.exe
22:32:26.0187 2316 mnmsrvc - ok
22:32:26.0203 2316 [ 60210DEB037846AFE521EBF349964F6B ] Modem D:\WINDOWS\system32\drivers\Modem.sys
22:32:26.0218 2316 Modem - ok
22:32:26.0281 2316 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt D:\WINDOWS\system32\drivers\Monfilt.sys
22:32:26.0312 2316 Monfilt - ok
22:32:26.0359 2316 [ B160EC94114715675509115986400FD9 ] Mouclass D:\WINDOWS\system32\DRIVERS\mouclass.sys
22:32:26.0375 2316 Mouclass - ok
22:32:26.0406 2316 [ BB269EBA740737AB749B214D568B6812 ] mouhid D:\WINDOWS\system32\DRIVERS\mouhid.sys
22:32:26.0437 2316 mouhid - ok
22:32:26.0468 2316 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr D:\WINDOWS\system32\drivers\MountMgr.sys
22:32:26.0484 2316 MountMgr - ok
22:32:26.0531 2316 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:32:26.0562 2316 MozillaMaintenance - ok
22:32:26.0562 2316 mraid35x - ok
22:32:26.0578 2316 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV D:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:32:26.0578 2316 MRxDAV - ok
22:32:26.0625 2316 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:32:26.0625 2316 MRxSmb - ok
22:32:26.0656 2316 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC D:\WINDOWS\system32\msdtc.exe
22:32:26.0656 2316 MSDTC - ok
22:32:26.0687 2316 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs D:\WINDOWS\system32\drivers\Msfs.sys
22:32:26.0687 2316 Msfs - ok
22:32:26.0703 2316 MSIServer - ok
22:32:26.0734 2316 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV D:\WINDOWS\system32\drivers\MSKSSRV.sys
22:32:26.0734 2316 MSKSSRV - ok
22:32:26.0734 2316 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK D:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:32:26.0734 2316 MSPCLOCK - ok
22:32:26.0750 2316 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM D:\WINDOWS\system32\drivers\MSPQM.sys
22:32:26.0750 2316 MSPQM - ok
22:32:26.0781 2316 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios D:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:32:26.0781 2316 mssmbios - ok
22:32:26.0781 2316 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup D:\WINDOWS\system32\drivers\Mup.sys
22:32:26.0796 2316 Mup - ok
22:32:26.0796 2316 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS D:\WINDOWS\system32\drivers\NDIS.sys
22:32:26.0812 2316 NDIS - ok
22:32:26.0828 2316 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi D:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:32:26.0828 2316 NdisTapi - ok
22:32:26.0859 2316 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio D:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:32:26.0859 2316 Ndisuio - ok
22:32:26.0875 2316 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan D:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:32:26.0875 2316 NdisWan - ok
22:32:26.0890 2316 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy D:\WINDOWS\system32\drivers\NDProxy.sys
22:32:26.0906 2316 NDProxy - ok
22:32:26.0921 2316 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS D:\WINDOWS\system32\DRIVERS\netbios.sys
22:32:26.0921 2316 NetBIOS - ok
22:32:26.0937 2316 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT D:\WINDOWS\system32\DRIVERS\netbt.sys
22:32:26.0937 2316 NetBT - ok
22:32:26.0968 2316 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE D:\WINDOWS\system32\netdde.exe
22:32:26.0968 2316 NetDDE - ok
22:32:26.0984 2316 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm D:\WINDOWS\system32\netdde.exe
22:32:26.0984 2316 NetDDEdsdm - ok
22:32:27.0000 2316 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon D:\WINDOWS\system32\lsass.exe
22:32:27.0000 2316 Netlogon - ok
22:32:27.0031 2316 [ AF342D2781225A8769686E0D47E3123E ] Netman D:\WINDOWS\System32\netman.dll
22:32:27.0031 2316 Netman - ok
22:32:27.0062 2316 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:27.0078 2316 NetTcpPortSharing - ok
22:32:27.0109 2316 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla D:\WINDOWS\System32\mswsock.dll
22:32:27.0109 2316 Nla - ok
22:32:27.0125 2316 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs D:\WINDOWS\system32\drivers\Npfs.sys
22:32:27.0125 2316 Npfs - ok
22:32:27.0171 2316 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs D:\WINDOWS\system32\drivers\Ntfs.sys
22:32:27.0171 2316 Ntfs - ok
22:32:27.0187 2316 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp D:\WINDOWS\system32\lsass.exe
22:32:27.0187 2316 NtLmSsp - ok
22:32:27.0218 2316 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc D:\WINDOWS\system32\ntmssvc.dll
22:32:27.0250 2316 NtmsSvc - ok
22:32:27.0281 2316 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null D:\WINDOWS\system32\drivers\Null.sys
22:32:27.0281 2316 Null - ok
22:32:27.0296 2316 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:32:27.0312 2316 NwlnkFlt - ok
22:32:27.0312 2316 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:32:27.0312 2316 NwlnkFwd - ok
22:32:27.0343 2316 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport D:\WINDOWS\system32\DRIVERS\parport.sys
22:32:27.0343 2316 Parport - ok
22:32:27.0359 2316 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr D:\WINDOWS\system32\drivers\PartMgr.sys
22:32:27.0359 2316 PartMgr - ok
22:32:27.0406 2316 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm D:\WINDOWS\system32\drivers\ParVdm.sys
22:32:27.0406 2316 ParVdm - ok
22:32:27.0406 2316 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI D:\WINDOWS\system32\DRIVERS\pci.sys
22:32:27.0421 2316 PCI - ok
22:32:27.0421 2316 PCIDump - ok
22:32:27.0437 2316 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde D:\WINDOWS\system32\DRIVERS\pciide.sys
22:32:27.0437 2316 PCIIde - ok
22:32:27.0468 2316 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia D:\WINDOWS\system32\drivers\Pcmcia.sys
22:32:27.0484 2316 Pcmcia - ok
22:32:27.0484 2316 PDCOMP - ok
22:32:27.0500 2316 PDFRAME - ok
22:32:27.0500 2316 PDRELI - ok
22:32:27.0500 2316 PDRFRAME - ok
22:32:27.0515 2316 perc2 - ok
22:32:27.0515 2316 perc2hib - ok
22:32:27.0546 2316 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay D:\WINDOWS\system32\services.exe
22:32:27.0562 2316 PlugPlay - ok
22:32:27.0562 2316 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent D:\WINDOWS\system32\lsass.exe
22:32:27.0562 2316 PolicyAgent - ok
22:32:27.0609 2316 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport D:\WINDOWS\system32\DRIVERS\raspptp.sys
22:32:27.0609 2316 PptpMiniport - ok
22:32:27.0640 2316 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor D:\WINDOWS\system32\DRIVERS\processr.sys
22:32:27.0640 2316 Processor - ok
22:32:27.0640 2316 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe
22:32:27.0640 2316 ProtectedStorage - ok
22:32:27.0640 2316 [ 48671F327553DCF1D27F6197F622A668 ] PSched D:\WINDOWS\system32\DRIVERS\psched.sys
22:32:27.0656 2316 PSched - ok
22:32:27.0656 2316 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink D:\WINDOWS\system32\DRIVERS\ptilink.sys
22:32:27.0656 2316 Ptilink - ok
22:32:27.0656 2316 ql1080 - ok
22:32:27.0671 2316 Ql10wnt - ok
22:32:27.0671 2316 ql12160 - ok
22:32:27.0687 2316 ql1240 - ok
22:32:27.0687 2316 ql1280 - ok
22:32:27.0703 2316 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd D:\WINDOWS\system32\DRIVERS\rasacd.sys
22:32:27.0703 2316 RasAcd - ok
22:32:27.0734 2316 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto D:\WINDOWS\System32\rasauto.dll
22:32:27.0750 2316 RasAuto - ok
22:32:27.0765 2316 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:32:27.0781 2316 Rasl2tp - ok
22:32:27.0796 2316 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan D:\WINDOWS\System32\rasmans.dll
22:32:27.0796 2316 RasMan - ok
22:32:27.0796 2316 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe D:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:32:27.0812 2316 RasPppoe - ok
22:32:27.0812 2316 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti D:\WINDOWS\system32\DRIVERS\raspti.sys
22:32:27.0812 2316 Raspti - ok
22:32:27.0828 2316 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss D:\WINDOWS\system32\DRIVERS\rdbss.sys
22:32:27.0828 2316 Rdbss - ok
22:32:27.0843 2316 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:32:27.0843 2316 RDPCDD - ok
22:32:27.0875 2316 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD D:\WINDOWS\system32\drivers\RDPWD.sys
22:32:27.0890 2316 RDPWD - ok
22:32:27.0906 2316 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr D:\WINDOWS\system32\sessmgr.exe
22:32:27.0921 2316 RDSessMgr - ok
22:32:27.0937 2316 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook D:\WINDOWS\system32\DRIVERS\redbook.sys
22:32:27.0937 2316 redbook - ok
22:32:27.0953 2316 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess D:\WINDOWS\System32\mprdim.dll
22:32:27.0968 2316 RemoteAccess - ok
22:32:28.0000 2316 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator D:\WINDOWS\system32\locator.exe
22:32:28.0015 2316 RpcLocator - ok
22:32:28.0046 2316 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs D:\WINDOWS\system32\rpcss.dll
22:32:28.0046 2316 RpcSs - ok
22:32:28.0062 2316 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP D:\WINDOWS\system32\rsvp.exe
22:32:28.0078 2316 RSVP - ok
22:32:28.0093 2316 [ 1323BA3CA4E8D863EB00CD81C0AAF356 ] RTLE8023xp D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:32:28.0109 2316 RTLE8023xp - ok
22:32:28.0125 2316 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs D:\WINDOWS\system32\lsass.exe
22:32:28.0125 2316 SamSs - ok
22:32:28.0156 2316 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr D:\WINDOWS\System32\SCardSvr.exe
22:32:28.0156 2316 SCardSvr - ok
22:32:28.0187 2316 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule D:\WINDOWS\system32\schedsvc.dll
22:32:28.0187 2316 Schedule - ok
22:32:28.0203 2316 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv D:\WINDOWS\system32\DRIVERS\secdrv.sys
22:32:28.0203 2316 Secdrv - ok
22:32:28.0218 2316 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon D:\WINDOWS\System32\seclogon.dll
22:32:28.0218 2316 seclogon - ok
22:32:28.0250 2316 [ 220AD85BA9C5B3011296354011B901CC ] SENS D:\WINDOWS\system32\sens.dll
22:32:28.0250 2316 SENS - ok
22:32:28.0250 2316 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum D:\WINDOWS\system32\DRIVERS\serenum.sys
22:32:28.0265 2316 serenum - ok
22:32:28.0265 2316 [ C1DDBC85251551A840212999DA3D95F3 ] Serial D:\WINDOWS\system32\DRIVERS\serial.sys
22:32:28.0265 2316 Serial - ok
22:32:28.0296 2316 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy D:\WINDOWS\system32\drivers\Sfloppy.sys
22:32:28.0296 2316 Sfloppy - ok
22:32:28.0328 2316 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess D:\WINDOWS\System32\ipnathlp.dll
22:32:28.0328 2316 SharedAccess - ok
22:32:28.0359 2316 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
22:32:28.0359 2316 ShellHWDetection - ok
22:32:28.0375 2316 Simbad - ok
22:32:28.0375 2316 Sparrow - ok
22:32:28.0406 2316 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan D:\WINDOWS\system32\speedfan.sys
22:32:28.0421 2316 speedfan - ok
22:32:28.0437 2316 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter D:\WINDOWS\system32\drivers\splitter.sys
22:32:28.0437 2316 splitter - ok
22:32:28.0453 2316 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler D:\WINDOWS\system32\spoolsv.exe
22:32:28.0468 2316 Spooler - ok
22:32:28.0484 2316 [ A74035EA526DB97D9D50D2143A55F5CF ] sr D:\WINDOWS\system32\DRIVERS\sr.sys
22:32:28.0500 2316 sr - ok
22:32:28.0515 2316 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice D:\WINDOWS\system32\srsvc.dll
22:32:28.0515 2316 srservice - ok
22:32:28.0531 2316 [ 20B7E396720353E4117D64D9DCB926CA ] Srv D:\WINDOWS\system32\DRIVERS\srv.sys
22:32:28.0546 2316 Srv - ok
22:32:28.0578 2316 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV D:\WINDOWS\System32\ssdpsrv.dll
22:32:28.0578 2316 SSDPSRV - ok
22:32:28.0609 2316 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc D:\WINDOWS\system32\wiaservc.dll
22:32:28.0609 2316 stisvc - ok
22:32:28.0625 2316 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum D:\WINDOWS\system32\DRIVERS\swenum.sys
22:32:28.0625 2316 swenum - ok
22:32:28.0656 2316 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi D:\WINDOWS\system32\drivers\swmidi.sys
22:32:28.0656 2316 swmidi - ok
22:32:28.0656 2316 SwPrv - ok
22:32:28.0671 2316 symc810 - ok
22:32:28.0671 2316 symc8xx - ok
22:32:28.0687 2316 sym_hi - ok
22:32:28.0687 2316 sym_u3 - ok
22:32:28.0703 2316 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio D:\WINDOWS\system32\drivers\sysaudio.sys
22:32:28.0703 2316 sysaudio - ok
22:32:28.0734 2316 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog D:\WINDOWS\system32\smlogsvc.exe
22:32:28.0734 2316 SysmonLog - ok
22:32:28.0750 2316 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv D:\WINDOWS\System32\tapisrv.dll
22:32:28.0750 2316 TapiSrv - ok
22:32:28.0828 2316 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip D:\WINDOWS\system32\DRIVERS\tcpip.sys
22:32:28.0875 2316 Tcpip - ok
22:32:28.0890 2316 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE D:\WINDOWS\system32\drivers\TDPIPE.sys
22:32:28.0906 2316 TDPIPE - ok
22:32:28.0906 2316 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP D:\WINDOWS\system32\drivers\TDTCP.sys
22:32:28.0921 2316 TDTCP - ok
22:32:28.0953 2316 [ A540A99C281D933F3D69D55E48727F47 ] TermDD D:\WINDOWS\system32\DRIVERS\termdd.sys
22:32:28.0968 2316 TermDD - ok
22:32:29.0015 2316 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService D:\WINDOWS\System32\termsrv.dll
22:32:29.0015 2316 TermService - ok
22:32:29.0031 2316 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes D:\WINDOWS\System32\shsvcs.dll
22:32:29.0046 2316 Themes - ok
22:32:29.0046 2316 TosIde - ok
22:32:29.0078 2316 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks D:\WINDOWS\system32\trkwks.dll
22:32:29.0093 2316 TrkWks - ok
22:32:29.0109 2316 [ B7C681175E3F8DE967CEFE90E46440B5 ] Trufos D:\WINDOWS\system32\DRIVERS\TRUFOS.sys
22:32:29.0109 2316 Trufos - ok
22:32:29.0156 2316 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs D:\WINDOWS\system32\drivers\Udfs.sys
22:32:29.0156 2316 Udfs - ok
22:32:29.0156 2316 ultra - ok
22:32:29.0187 2316 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update D:\WINDOWS\system32\DRIVERS\update.sys
22:32:29.0187 2316 Update - ok
22:32:29.0234 2316 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost D:\WINDOWS\System32\upnphost.dll
22:32:29.0250 2316 upnphost - ok
22:32:29.0250 2316 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS D:\WINDOWS\System32\ups.exe
22:32:29.0250 2316 UPS - ok
22:32:29.0265 2316 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci D:\WINDOWS\system32\DRIVERS\usbehci.sys
22:32:29.0281 2316 usbehci - ok
22:32:29.0296 2316 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub D:\WINDOWS\system32\DRIVERS\usbhub.sys
22:32:29.0296 2316 usbhub - ok
22:32:29.0296 2316 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci D:\WINDOWS\system32\DRIVERS\usbohci.sys
22:32:29.0296 2316 usbohci - ok
22:32:29.0328 2316 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:32:29.0328 2316 USBSTOR - ok
22:32:29.0343 2316 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave D:\WINDOWS\System32\drivers\vga.sys
22:32:29.0343 2316 VgaSave - ok
22:32:29.0343 2316 ViaIde - ok
22:32:29.0359 2316 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap D:\WINDOWS\system32\drivers\VolSnap.sys
22:32:29.0375 2316 VolSnap - ok
22:32:29.0406 2316 [ 043539881667BB37B07524032D6FFC3E ] VSS D:\WINDOWS\System32\vssvc.exe
22:32:29.0421 2316 VSS - ok
22:32:29.0437 2316 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time D:\WINDOWS\system32\w32time.dll
22:32:29.0453 2316 W32Time - ok
22:32:29.0468 2316 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp D:\WINDOWS\system32\DRIVERS\wanarp.sys
22:32:29.0468 2316 Wanarp - ok
22:32:29.0468 2316 WDICA - ok
22:32:29.0484 2316 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud D:\WINDOWS\system32\drivers\wdmaud.sys
22:32:29.0484 2316 wdmaud - ok
22:32:29.0500 2316 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient D:\WINDOWS\System32\webclnt.dll
22:32:29.0531 2316 WebClient - ok
22:32:29.0593 2316 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt D:\WINDOWS\system32\wbem\WMIsvc.dll
22:32:29.0593 2316 winmgmt - ok
22:32:29.0640 2316 [ E02E913B3841717A890A644EE167B9A5 ] WmdmPmSN D:\WINDOWS\system32\mspmsnsv.dll
22:32:29.0656 2316 WmdmPmSN - ok
22:32:29.0656 2316 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi D:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:32:29.0656 2316 WmiAcpi - ok
22:32:29.0687 2316 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv D:\WINDOWS\system32\wbem\wmiapsrv.exe
22:32:29.0687 2316 WmiApSrv - ok
22:32:29.0734 2316 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:32:29.0765 2316 WPFFontCache_v0400 - ok
22:32:29.0796 2316 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc D:\WINDOWS\system32\wscsvc.dll
22:32:29.0796 2316 wscsvc - ok
22:32:29.0828 2316 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv D:\WINDOWS\system32\wuauserv.dll
22:32:29.0828 2316 wuauserv - ok
22:32:29.0859 2316 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC D:\WINDOWS\System32\wzcsvc.dll
22:32:29.0859 2316 WZCSVC - ok
22:32:29.0890 2316 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov D:\WINDOWS\System32\xmlprov.dll
22:32:29.0890 2316 xmlprov - ok
22:32:29.0906 2316 ================ Scan global ===============================
22:32:29.0937 2316 [ F642F3368D2839798DA79E7BA9218481 ] D:\WINDOWS\system32\basesrv.dll
22:32:29.0937 2316 [ E4E57FBA176F2752527B1D53A663D2D7 ] D:\WINDOWS\system32\winsrv.dll
22:32:29.0953 2316 [ E4E57FBA176F2752527B1D53A663D2D7 ] D:\WINDOWS\system32\winsrv.dll
22:32:29.0984 2316 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] D:\WINDOWS\system32\services.exe
22:32:29.0984 2316 [Global] - ok
22:32:29.0984 2316 ================ Scan MBR ==================================
22:32:30.0000 2316 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
22:32:30.0140 2316 \Device\Harddisk0\DR0 - ok
22:32:30.0140 2316 ================ Scan VBR ==================================
22:32:30.0156 2316 [ FCB3A0F72E950909F31CE69C284C3056 ] \Device\Harddisk0\DR0\Partition1
22:32:30.0156 2316 \Device\Harddisk0\DR0\Partition1 - ok
22:32:30.0171 2316 [ 1BF43992F461236232AB840F4759BEE8 ] \Device\Harddisk0\DR0\Partition2
22:32:30.0171 2316 \Device\Harddisk0\DR0\Partition2 - ok
22:32:30.0171 2316 ============================================================
22:32:30.0171 2316 Scan finished
22:32:30.0171 2316 ============================================================
22:32:30.0187 2288 Detected object count: 0
22:32:30.0187 2288 Actual detected object count: 0
22:32:39.0921 4020 Deinitialize success

ComboFix 12-11-09.02 - Davosa 10.11.2012 22:41:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3071.2537 [GMT 1:00]
Spuštěný z: d:\documents and settings\Davosa\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-10 do 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-10-31 19:15 . 2012-10-31 19:15 -------- d-----w- D:\AMD
2012-10-31 01:02 . 2012-11-10 21:22 -------- d-----r- D:\Program Files
2012-10-31 01:01 . 2012-10-31 18:28 -------- d-----w- D:\Documents and Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-10 16:16 . 2009-03-18 15:35 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2012-10-24 17:50 . 2012-10-31 19:44 261600 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "d:\program files\Seznam.cz\toolbar\toolbar.dll" [2011-05-25 188960]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="d:\program files\Seznam.cz\postak.exe" [2011-05-25 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"ATIPTA"="d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-09 344064]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-27 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DualCoreCenter.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DualCoreCenter.lnk
backup=d:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 11:03 1996200 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDReminder]
2012-10-25 13:31 8877744 ----a-w- d:\program files\Dll-Files.com Fixer\DLLFixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\msiexec.exe"=
"d:\\WINDOWS\\system32\\javaw.exe"=
"d:\\Program Files\\Java\\jre7\\bin\\java.exe"=
.
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [31.10.2012 19:38 1691480]
S3 cpuz130;cpuz130;\??\d:\docume~1\Davosa\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> d:\docume~1\Davosa\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [6.11.2012 20:45 22856]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 12:03 1385896]
S4 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.11.2012 20:45 676936]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 16950040
*Deregistered* - 16950040
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-10 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 21:01]
.
2012-11-10 d:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- d:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-11-09 13:31]
.
2012-11-10 d:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- d:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-11-09 13:31]
.
2012-11-10 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-10-31 18:43]
.
2012-11-10 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-10-31 18:43]
.
.
------- Doplňkový sken -------
.
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - d:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 10.10.100.254 192.168.1.1
FF - ProfilePath - d:\documents and settings\Davosa\Data aplikací\Mozilla\Firefox\Profiles\otoa35bl.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={2FFA2992-2683-11E2-9CC6-001D9206C4CD}&src=2&crg=3.1010000.10011&q=
FF - ExtSQL: 2012-10-31 20:23; {ea614400-e918-4741-9a97-7a972ff7c30b}; d:\documents and settings\Davosa\Data aplikací\Mozilla\Firefox\Profiles\otoa35bl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2012-10-31 22:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; d:\documents and settings\Davosa\Data aplikací\Mozilla\Firefox\Profiles\otoa35bl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-SmartRAM - d:\program files\IObit\Advanced SystemCare with Antivirus 2013\Suo10_SmartRAM.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-SweetIM - d:\program files\SweetIM\Messenger\SweetIM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-10 22:44
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1428)
d:\windows\system32\antiwpa.dll
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-11-10 22:45:37
ComboFix-quarantined-files.txt 2012-11-10 21:45
.
Před spuštěním: Volných bajtů: 53 528 375 296
Po spuštění: Volných bajtů: 53 489 164 288
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 764D0A16DBD13DC95914CA24EE75E3A5

[Orcus]

Nemůžeš chtít 2 věci, který jsou proti sobě. Buď to vyčístíme a seženeš si legální XP nebo tu můžem dokola čistit to samý. Aktivátory, cracky apod. tahaj do počítače zpravidla další svinstvo. Takže je na Tobě jakou cestu zvolíš.

[Adys301]

Ono je to spíše na tátovi

[Orcus]

Tak až vstane, tak se ho na to zeptej. Jinak bychom taky mohli přejmenovat téma na "Hledá se Don Quijot na kontrolu logu."

[Žbeky]

Prostě mu to nějak rozumně vysvětli. Proč chceš odvirovávat, když tam pak to svinstvo dobrovolně taháš zas?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
d:\program files\SweetIM\Toolbars
d:\program files\Dll-Files.com Fixer
d:\program files\Google\Update

File::
d:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
d:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"=-
[-HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Driver::
cpuz130

Firefox::
FF - ProfilePath - d:\documents and settings\Davosa\Data aplikací\Mozilla\Firefox\Profiles\otoa35bl.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={2FFA2992-2683-11E2-9CC6-001D9206C4CD}&src=2&crg=3.1010000.10011&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu