prosím o kontrolu HijackThis a ostatních logů

mafian · Příspěvekod **mafian** » 16 úno 2013 14:56

zdravím potřebuji kontrolu logu opět mam problém s internet připojením na nějaké internetové stránky dokonce i zde pc help musím jet přes anonymizer jinak se mi nenačtou zkoušeno IE,opera ,CHrom,i firefox.

počítač projet ATF Cleaner,ccleanerem,TFC

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:40, on 16.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Gibo SMS\GiboSMS.exe
C:\Documents and Settings\uživatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\WINDOWS\TEMP\E_S151.tmp" /EF "HKCU"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5097 bytes

Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org

Verze: v2013.02.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
uživatel :: ADMIN [administrátor]

16.2.2013 14:53:04
mbam-log-2013-02-16 (14-53-04).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 248607
Uplynulý čas: 2 minut, 38 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

# AdwCleaner v2.112 - Logfile created 02/16/2013 at 14:57:22
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : uživatel - ADMIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\uživatel\Plocha\adwcleaner0.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (cs)

File : C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Documents and Settings\uživatel\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1212 octets] - [16/02/2013 14:57:22]

########## EOF - C:\AdwCleaner[R1].txt - [1272 octets] ##########

Reklama

Příspěvekod **Žbeky** » 16 úno 2013 16:23

Fixni:

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“)
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt), jeho obsah sem celý vlož.

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

mafian · Příspěvekod **mafian** » 16 úno 2013 16:43

# AdwCleaner v2.112 - Logfile created 02/16/2013 at 16:39:42
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : uživatel - ADMIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\uživatel\Plocha\adwcleaner0.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (cs)

File : C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Documents and Settings\uživatel\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1341 octets] - [16/02/2013 14:57:22]
AdwCleaner[R2].txt - [1401 octets] - [16/02/2013 16:39:30]
AdwCleaner[S1].txt - [1334 octets] - [16/02/2013 16:39:42]

########## EOF - C:\AdwCleaner[S1].txt - [1394 octets] ##########

16:44:23.0296 3364 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:44:23.0468 3364 ============================================================
16:44:23.0468 3364 Current date / time: 2013/02/16 16:44:23.0468
16:44:23.0468 3364 SystemInfo:
16:44:23.0468 3364
16:44:23.0468 3364 OS Version: 5.1.2600 ServicePack: 3.0
16:44:23.0468 3364 Product type: Workstation
16:44:23.0468 3364 ComputerName: ADMIN
16:44:23.0468 3364 UserName: uživatel
16:44:23.0468 3364 Windows directory: C:\WINDOWS
16:44:23.0468 3364 System windows directory: C:\WINDOWS
16:44:23.0468 3364 Processor architecture: Intel x86
16:44:23.0468 3364 Number of processors: 4
16:44:23.0468 3364 Page size: 0x1000
16:44:23.0468 3364 Boot type: Normal boot
16:44:23.0468 3364 ============================================================
16:44:24.0578 3364 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:44:24.0578 3364 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:44:24.0578 3364 ============================================================
16:44:24.0578 3364 \Device\Harddisk0\DR0:
16:44:24.0578 3364 MBR partitions:
16:44:24.0578 3364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
16:44:24.0593 3364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x7741C29
16:44:24.0593 3364 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x2A389FFD
16:44:24.0593 3364 \Device\Harddisk1\DR1:
16:44:24.0593 3364 MBR partitions:
16:44:24.0593 3364 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41
16:44:24.0593 3364 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFFF9D80, BlocksNum 0x15788100
16:44:24.0593 3364 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x25781EBF, BlocksNum 0x88B6351
16:44:24.0593 3364 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x2E038210, BlocksNum 0xC34C680
16:44:24.0593 3364 ============================================================
16:44:24.0625 3364 C: <-> \Device\Harddisk0\DR0\Partition1
16:44:24.0656 3364 D: <-> \Device\Harddisk0\DR0\Partition2
16:44:24.0718 3364 F: <-> \Device\Harddisk0\DR0\Partition3
16:44:24.0734 3364 G: <-> \Device\Harddisk1\DR1\Partition1
16:44:24.0734 3364 I: <-> \Device\Harddisk1\DR1\Partition3
16:44:24.0765 3364 K: <-> \Device\Harddisk1\DR1\Partition2
16:44:24.0796 3364 L: <-> \Device\Harddisk1\DR1\Partition4
16:44:24.0796 3364 ============================================================
16:44:24.0796 3364 Initialize success
16:44:24.0796 3364 ============================================================
16:44:31.0156 3444 ============================================================
16:44:31.0156 3444 Scan started
16:44:31.0156 3444 Mode: Manual;
16:44:31.0156 3444 ============================================================
16:44:31.0687 3444 ================ Scan system memory ========================
16:44:31.0687 3444 System memory - ok
16:44:31.0687 3444 ================ Scan services =============================
16:44:31.0765 3444 Abiosdsk - ok
16:44:31.0765 3444 abp480n5 - ok
16:44:31.0859 3444 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:44:31.0859 3444 ACPI - ok
16:44:31.0890 3444 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:44:31.0890 3444 ACPIEC - ok
16:44:31.0953 3444 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:44:31.0953 3444 AdobeFlashPlayerUpdateSvc - ok
16:44:31.0953 3444 adpu160m - ok
16:44:31.0984 3444 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:44:31.0984 3444 aec - ok
16:44:32.0000 3444 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:44:32.0000 3444 AFD - ok
16:44:32.0015 3444 Aha154x - ok
16:44:32.0015 3444 aic78u2 - ok
16:44:32.0031 3444 aic78xx - ok
16:44:32.0062 3444 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:44:32.0062 3444 Alerter - ok
16:44:32.0078 3444 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
16:44:32.0078 3444 ALG - ok
16:44:32.0093 3444 AliIde - ok
16:44:32.0140 3444 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
16:44:32.0171 3444 Ambfilt - ok
16:44:32.0187 3444 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
16:44:32.0203 3444 amdide - ok
16:44:32.0234 3444 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:44:32.0234 3444 AmdPPM - ok
16:44:32.0234 3444 amsint - ok
16:44:32.0265 3444 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:44:32.0265 3444 AppMgmt - ok
16:44:32.0265 3444 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:44:32.0265 3444 Arp1394 - ok
16:44:32.0265 3444 asc - ok
16:44:32.0281 3444 asc3350p - ok
16:44:32.0281 3444 asc3550 - ok
16:44:32.0343 3444 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:44:32.0343 3444 aspnet_state - ok
16:44:32.0359 3444 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:44:32.0359 3444 AsyncMac - ok
16:44:32.0359 3444 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:44:32.0359 3444 atapi - ok
16:44:32.0375 3444 Atdisk - ok
16:44:32.0421 3444 [ 809B0EB83C75061C9DE2E528C65A1575 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:44:32.0421 3444 Ati HotKey Poller - ok
16:44:32.0453 3444 [ AD1865C5E1842C8BA06BE3B1799315AA ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
16:44:32.0468 3444 ATI Smart - ok
16:44:32.0625 3444 [ 032F23B133B680B06861329C5A176EE0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:44:32.0656 3444 ati2mtag - ok
16:44:32.0687 3444 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
16:44:32.0687 3444 AtiHDAudioService - ok
16:44:32.0703 3444 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:44:32.0703 3444 Atmarpc - ok
16:44:32.0703 3444 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:44:32.0718 3444 AudioSrv - ok
16:44:32.0718 3444 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:44:32.0718 3444 audstub - ok
16:44:33.0156 3444 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
16:44:33.0234 3444 AVGIDSAgent - ok
16:44:33.0281 3444 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:44:33.0281 3444 AVGIDSDriver - ok
16:44:33.0312 3444 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:44:33.0312 3444 AVGIDSHX - ok
16:44:33.0359 3444 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:44:33.0359 3444 AVGIDSShim - ok
16:44:33.0406 3444 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:44:33.0406 3444 Avgldx86 - ok
16:44:33.0421 3444 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
16:44:33.0421 3444 Avglogx - ok
16:44:33.0468 3444 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:44:33.0468 3444 Avgmfx86 - ok
16:44:33.0468 3444 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:44:33.0484 3444 Avgrkx86 - ok
16:44:33.0500 3444 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:44:33.0500 3444 Avgtdix - ok
16:44:33.0515 3444 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
16:44:33.0531 3444 avgwd - ok
16:44:33.0546 3444 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:44:33.0546 3444 Beep - ok
16:44:33.0578 3444 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
16:44:33.0640 3444 BITS - ok
16:44:33.0671 3444 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
16:44:33.0671 3444 Browser - ok
16:44:33.0703 3444 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:44:33.0703 3444 cbidf2k - ok
16:44:33.0703 3444 cd20xrnt - ok
16:44:33.0718 3444 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:44:33.0718 3444 Cdaudio - ok
16:44:33.0734 3444 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:44:33.0734 3444 Cdfs - ok
16:44:33.0765 3444 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:44:33.0765 3444 Cdrom - ok
16:44:33.0796 3444 [ E390DC1D7C461D7D56EC53402F329928 ] cisvc C:\WINDOWS\system32\cisvc.exe
16:44:33.0796 3444 cisvc - ok
16:44:33.0828 3444 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:44:33.0828 3444 ClipSrv - ok
16:44:33.0843 3444 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:44:33.0906 3444 clr_optimization_v2.0.50727_32 - ok
16:44:34.0093 3444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:44:34.0093 3444 clr_optimization_v4.0.30319_32 - ok
16:44:34.0093 3444 CmdIde - ok
16:44:34.0109 3444 COMSysApp - ok
16:44:34.0125 3444 Cpqarray - ok
16:44:34.0140 3444 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:44:34.0140 3444 CryptSvc - ok
16:44:34.0140 3444 dac2w2k - ok
16:44:34.0156 3444 dac960nt - ok
16:44:34.0187 3444 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:44:34.0187 3444 DcomLaunch - ok
16:44:34.0203 3444 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:44:34.0203 3444 Dhcp - ok
16:44:34.0218 3444 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:44:34.0218 3444 Disk - ok
16:44:34.0218 3444 dmadmin - ok
16:44:34.0234 3444 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:44:34.0234 3444 dmboot - ok
16:44:34.0250 3444 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:44:34.0250 3444 dmio - ok
16:44:34.0265 3444 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:44:34.0265 3444 dmload - ok
16:44:34.0281 3444 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:44:34.0281 3444 dmserver - ok
16:44:34.0312 3444 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:44:34.0312 3444 DMusic - ok
16:44:34.0343 3444 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:44:34.0343 3444 Dnscache - ok
16:44:34.0390 3444 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:44:34.0390 3444 Dot3svc - ok
16:44:34.0390 3444 dpti2o - ok
16:44:34.0406 3444 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:44:34.0406 3444 drmkaud - ok
16:44:34.0437 3444 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:44:34.0437 3444 dtsoftbus01 - ok
16:44:34.0468 3444 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:44:34.0468 3444 EapHost - ok
16:44:34.0468 3444 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:44:34.0468 3444 ERSvc - ok
16:44:34.0484 3444 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
16:44:34.0500 3444 Eventlog - ok
16:44:34.0515 3444 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\System32\es.dll
16:44:34.0515 3444 EventSystem - ok
16:44:34.0531 3444 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:44:34.0531 3444 Fastfat - ok
16:44:34.0578 3444 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:44:34.0578 3444 FastUserSwitchingCompatibility - ok
16:44:34.0578 3444 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:44:34.0578 3444 Fdc - ok
16:44:34.0593 3444 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:44:34.0593 3444 Fips - ok
16:44:34.0609 3444 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:44:34.0609 3444 Flpydisk - ok
16:44:34.0625 3444 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:44:34.0625 3444 FltMgr - ok
16:44:34.0703 3444 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:44:34.0703 3444 FontCache3.0.0.0 - ok
16:44:34.0718 3444 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:44:34.0718 3444 Fs_Rec - ok
16:44:34.0718 3444 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:44:34.0718 3444 Ftdisk - ok
16:44:34.0750 3444 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
16:44:34.0781 3444 gdrv - ok
16:44:34.0796 3444 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
16:44:34.0796 3444 giveio - ok
16:44:34.0828 3444 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:44:34.0828 3444 Gpc - ok
16:44:34.0843 3444 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:44:34.0843 3444 HDAudBus - ok
16:44:34.0875 3444 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:44:34.0875 3444 helpsvc - ok
16:44:34.0890 3444 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:44:34.0890 3444 HidServ - ok
16:44:34.0890 3444 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:44:34.0890 3444 hidusb - ok
16:44:34.0921 3444 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:44:34.0921 3444 hkmsvc - ok
16:44:34.0921 3444 hpn - ok
16:44:34.0937 3444 hpt3xx - ok
16:44:34.0953 3444 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:44:34.0968 3444 HTTP - ok
16:44:34.0984 3444 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:44:34.0984 3444 HTTPFilter - ok
16:44:34.0984 3444 i2omp - ok
16:44:35.0000 3444 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:44:35.0000 3444 i8042prt - ok
16:44:35.0062 3444 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:44:35.0078 3444 idsvc - ok
16:44:35.0078 3444 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:44:35.0078 3444 Imapi - ok
16:44:35.0109 3444 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:44:35.0109 3444 ImapiService - ok
16:44:35.0125 3444 ini910u - ok
16:44:35.0234 3444 [ 063DD51CBDC37B8668E09148E0A118BC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:44:35.0265 3444 IntcAzAudAddService - ok
16:44:35.0265 3444 IntelIde - ok
16:44:35.0296 3444 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:44:35.0296 3444 ip6fw - ok
16:44:35.0328 3444 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:44:35.0328 3444 IpFilterDriver - ok
16:44:35.0328 3444 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:44:35.0328 3444 IpInIp - ok
16:44:35.0359 3444 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:44:35.0359 3444 IpNat - ok
16:44:35.0359 3444 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:44:35.0375 3444 IPSec - ok
16:44:35.0390 3444 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:44:35.0406 3444 IRENUM - ok
16:44:35.0421 3444 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:44:35.0421 3444 isapnp - ok
16:44:35.0484 3444 [ 973DB7AC74C554C546F8B0B7B98FB855 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:44:35.0484 3444 JavaQuickStarterService - ok
16:44:35.0484 3444 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:44:35.0500 3444 Kbdclass - ok
16:44:35.0515 3444 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:44:35.0515 3444 kbdhid - ok
16:44:35.0531 3444 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:44:35.0531 3444 kmixer - ok
16:44:35.0562 3444 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:44:35.0562 3444 KSecDD - ok
16:44:35.0562 3444 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:44:35.0562 3444 lanmanserver - ok
16:44:35.0578 3444 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:44:35.0593 3444 lanmanworkstation - ok
16:44:35.0625 3444 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:44:35.0625 3444 LmHosts - ok
16:44:35.0640 3444 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:44:35.0640 3444 Messenger - ok
16:44:35.0656 3444 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:44:35.0656 3444 mnmdd - ok
16:44:35.0687 3444 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:44:35.0687 3444 mnmsrvc - ok
16:44:35.0687 3444 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:44:35.0687 3444 Modem - ok
16:44:35.0765 3444 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
16:44:35.0781 3444 Monfilt - ok
16:44:35.0796 3444 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:44:35.0796 3444 Mouclass - ok
16:44:35.0796 3444 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:44:35.0812 3444 mouhid - ok
16:44:35.0843 3444 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:44:35.0843 3444 MountMgr - ok
16:44:35.0843 3444 mraid35x - ok
16:44:35.0859 3444 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:44:35.0859 3444 MRxDAV - ok
16:44:35.0875 3444 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:44:35.0875 3444 MRxSmb - ok
16:44:35.0890 3444 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:44:35.0890 3444 MSDTC - ok
16:44:35.0906 3444 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:44:35.0906 3444 Msfs - ok
16:44:35.0921 3444 MSIServer - ok
16:44:35.0921 3444 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:44:35.0921 3444 MSKSSRV - ok
16:44:35.0937 3444 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:44:35.0937 3444 MSPCLOCK - ok
16:44:35.0937 3444 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:44:35.0937 3444 MSPQM - ok
16:44:35.0953 3444 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:44:35.0953 3444 mssmbios - ok
16:44:35.0984 3444 MSSQLSERVER - ok
16:44:36.0015 3444 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:44:36.0015 3444 MSSQLServerADHelper - ok
16:44:36.0031 3444 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:44:36.0031 3444 Mup - ok
16:44:36.0046 3444 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:44:36.0062 3444 napagent - ok
16:44:36.0062 3444 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:44:36.0062 3444 NDIS - ok
16:44:36.0078 3444 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:44:36.0093 3444 NdisTapi - ok
16:44:36.0109 3444 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:44:36.0109 3444 Ndisuio - ok
16:44:36.0109 3444 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:44:36.0109 3444 NdisWan - ok
16:44:36.0125 3444 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:44:36.0125 3444 NDProxy - ok
16:44:36.0140 3444 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:44:36.0140 3444 NetBIOS - ok
16:44:36.0156 3444 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:44:36.0156 3444 NetBT - ok
16:44:36.0187 3444 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:44:36.0187 3444 NetDDE - ok
16:44:36.0203 3444 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:44:36.0203 3444 NetDDEdsdm - ok
16:44:36.0234 3444 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:44:36.0234 3444 Netlogon - ok
16:44:36.0281 3444 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
16:44:36.0281 3444 Netman - ok
16:44:36.0312 3444 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:44:36.0312 3444 NetTcpPortSharing - ok
16:44:36.0343 3444 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:44:36.0343 3444 NIC1394 - ok
16:44:36.0359 3444 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
16:44:36.0359 3444 Nla - ok
16:44:36.0390 3444 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
16:44:36.0390 3444 nmwcd - ok
16:44:36.0421 3444 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
16:44:36.0421 3444 nmwcdc - ok
16:44:36.0453 3444 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
16:44:36.0453 3444 nmwcdnsu - ok
16:44:36.0484 3444 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
16:44:36.0484 3444 nmwcdnsuc - ok
16:44:36.0500 3444 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:44:36.0500 3444 Npfs - ok
16:44:36.0515 3444 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:44:36.0515 3444 Ntfs - ok
16:44:36.0515 3444 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:44:36.0515 3444 NtLmSsp - ok
16:44:36.0546 3444 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:44:36.0562 3444 NtmsSvc - ok
16:44:36.0578 3444 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:44:36.0578 3444 Null - ok
16:44:36.0609 3444 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:44:36.0609 3444 NwlnkFlt - ok
16:44:36.0609 3444 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:44:36.0609 3444 NwlnkFwd - ok
16:44:36.0609 3444 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:44:36.0609 3444 ohci1394 - ok
16:44:36.0687 3444 [ 98A418CFF837DF4954006BD8F23EC903 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
16:44:36.0718 3444 OODefragAgent - ok
16:44:36.0781 3444 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:44:36.0781 3444 ose - ok
16:44:36.0812 3444 [ F43E58DFC53DD59377E212894AD57330 ] PAR1284 C:\WINDOWS\system32\PAR1284.sys
16:44:36.0812 3444 PAR1284 - ok
16:44:36.0812 3444 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:44:36.0812 3444 Parport - ok
16:44:36.0828 3444 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:44:36.0828 3444 PartMgr - ok
16:44:36.0843 3444 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:44:36.0843 3444 ParVdm - ok
16:44:36.0875 3444 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:44:36.0875 3444 pccsmcfd - ok
16:44:36.0875 3444 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:44:36.0890 3444 PCI - ok
16:44:36.0890 3444 PCIDump - ok
16:44:36.0906 3444 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:44:36.0906 3444 PCIIde - ok
16:44:36.0921 3444 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:44:36.0921 3444 Pcmcia - ok
16:44:36.0921 3444 perc2 - ok
16:44:36.0937 3444 perc2hib - ok
16:44:36.0968 3444 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
16:44:36.0968 3444 PlugPlay - ok
16:44:36.0968 3444 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:44:36.0968 3444 PolicyAgent - ok
16:44:36.0984 3444 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:44:36.0984 3444 PptpMiniport - ok
16:44:37.0000 3444 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:44:37.0000 3444 Processor - ok
16:44:37.0000 3444 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:44:37.0000 3444 ProtectedStorage - ok
16:44:37.0015 3444 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:44:37.0015 3444 PSched - ok
16:44:37.0031 3444 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:44:37.0031 3444 Ptilink - ok
16:44:37.0046 3444 ql1080 - ok
16:44:37.0046 3444 Ql10wnt - ok
16:44:37.0046 3444 ql12160 - ok
16:44:37.0062 3444 ql1240 - ok
16:44:37.0078 3444 ql1280 - ok
16:44:37.0078 3444 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:44:37.0078 3444 RasAcd - ok
16:44:37.0093 3444 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:44:37.0093 3444 RasAuto - ok
16:44:37.0125 3444 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:44:37.0125 3444 Rasl2tp - ok
16:44:37.0156 3444 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:44:37.0156 3444 RasMan - ok
16:44:37.0156 3444 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:44:37.0156 3444 RasPppoe - ok
16:44:37.0171 3444 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:44:37.0171 3444 Raspti - ok
16:44:37.0171 3444 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:44:37.0171 3444 Rdbss - ok
16:44:37.0187 3444 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:44:37.0187 3444 RDPCDD - ok
16:44:37.0203 3444 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:44:37.0203 3444 rdpdr - ok
16:44:37.0234 3444 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:44:37.0234 3444 RDPWD - ok
16:44:37.0265 3444 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:44:37.0265 3444 RDSessMgr - ok
16:44:37.0281 3444 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:44:37.0281 3444 redbook - ok
16:44:37.0328 3444 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:44:37.0328 3444 RemoteAccess - ok
16:44:37.0359 3444 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:44:37.0359 3444 RemoteRegistry - ok
16:44:37.0359 3444 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\System32\locator.exe
16:44:37.0359 3444 RpcLocator - ok
16:44:37.0390 3444 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:44:37.0390 3444 RpcSs - ok
16:44:37.0421 3444 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:44:37.0421 3444 RSVP - ok
16:44:37.0500 3444 [ EE76248CA187BB50FF964A287D420FEE ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMI.sys
16:44:37.0562 3444 RTHDMIAzAudService - ok
16:44:37.0593 3444 [ BEB9270471499994899FA2DF18466B43 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:44:37.0593 3444 RTLE8023xp - ok
16:44:37.0609 3444 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
16:44:37.0609 3444 SamSs - ok
16:44:37.0625 3444 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:44:37.0625 3444 SCardSvr - ok
16:44:37.0656 3444 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:44:37.0656 3444 Schedule - ok
16:44:37.0671 3444 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:44:37.0671 3444 Secdrv - ok
16:44:37.0703 3444 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:44:37.0703 3444 seclogon - ok
16:44:37.0718 3444 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
16:44:37.0718 3444 SENS - ok
16:44:37.0734 3444 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:44:37.0750 3444 serenum - ok
16:44:37.0750 3444 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:44:37.0750 3444 Serial - ok
16:44:37.0890 3444 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:44:37.0906 3444 ServiceLayer - ok
16:44:37.0937 3444 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:44:37.0937 3444 Sfloppy - ok
16:44:37.0968 3444 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:44:37.0984 3444 SharedAccess - ok
16:44:38.0000 3444 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:44:38.0000 3444 ShellHWDetection - ok
16:44:38.0000 3444 Simbad - ok
16:44:38.0031 3444 [ BD3863C139F3380A9F44FB188FEEFC6E ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
16:44:38.0031 3444 snapman - ok
16:44:38.0046 3444 Sparrow - ok
16:44:38.0078 3444 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
16:44:38.0078 3444 speedfan - ok
16:44:38.0093 3444 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:44:38.0093 3444 splitter - ok
16:44:38.0125 3444 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:44:38.0125 3444 Spooler - ok
16:44:38.0125 3444 ================ Scan global ===============================
16:44:38.0140 3444 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
16:44:38.0156 3444 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
16:44:38.0171 3444 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
16:44:38.0171 3444 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
16:44:38.0171 3444 [Global] - ok
16:44:38.0171 3444 ================ Scan MBR ==================================
16:44:38.0187 3444 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
16:44:38.0468 3444 \Device\Harddisk0\DR0 - ok
16:44:38.0484 3444 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:44:38.0515 3444 \Device\Harddisk1\DR1 - ok
16:44:38.0515 3444 ================ Scan VBR ==================================
16:44:38.0531 3444 [ 0C9CF58B039381786757D6E4C9D53E2C ] \Device\Harddisk0\DR0\Partition1
16:44:38.0531 3444 \Device\Harddisk0\DR0\Partition1 - ok
16:44:38.0546 3444 [ 525D1C54FADBA2BD8357FBEA485EA750 ] \Device\Harddisk0\DR0\Partition2
16:44:38.0546 3444 \Device\Harddisk0\DR0\Partition2 - ok
16:44:38.0578 3444 [ 3BE5DE4C7CDC8C1BEBF89FCA350C8470 ] \Device\Harddisk0\DR0\Partition3
16:44:38.0578 3444 \Device\Harddisk0\DR0\Partition3 - ok
16:44:38.0578 3444 [ 10E5B0FA4180DFCE2E773F55FD7EB1C8 ] \Device\Harddisk1\DR1\Partition1
16:44:38.0578 3444 \Device\Harddisk1\DR1\Partition1 - ok
16:44:38.0593 3444 [ B1090BBB02921E91373529A4B1B88D55 ] \Device\Harddisk1\DR1\Partition2
16:44:38.0593 3444 \Device\Harddisk1\DR1\Partition2 - ok
16:44:38.0593 3444 [ 1B3738F720E6605C8AF85DC74BF3F6F3 ] \Device\Harddisk1\DR1\Partition3
16:44:38.0609 3444 \Device\Harddisk1\DR1\Partition3 - ok
16:44:38.0609 3444 [ 7D6A2078D6C2A4C67BF5CEBA6F2AA2F2 ] \Device\Harddisk1\DR1\Partition4
16:44:38.0609 3444 \Device\Harddisk1\DR1\Partition4 - ok
16:44:38.0625 3444 ============================================================
16:44:38.0625 3444 Scan finished
16:44:38.0625 3444 ============================================================
16:44:38.0625 3436 Detected object count: 0
16:44:38.0625 3436 Actual detected object count: 0
16:44:51.0609 3360 Deinitialize success

mafian · Příspěvekod **mafian** » 16 úno 2013 17:07

ComboFix 13-02-15.01 - uživatel 16.02.2013 16:49:45.22.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2718 [GMT 1:00]
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-16 do 2013-02-16 )))))))))))))))))))))))))))))))
.
.
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Thinstall
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Thinstall
2013-02-09 20:06 . 2013-02-09 20:06 -------- d-----w- c:\program files\Autodesk
2013-02-07 20:41 . 2013-02-08 08:42 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Agrowin 2012
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\program files\vOKOsCom
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- C:\Znojmia-Software
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 53248 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2013-01-31 17:48 . 2013-01-31 17:48 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Nokia
2013-01-31 17:17 . 2009-07-13 17:16 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-31 17:17 . 2009-07-13 15:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2013-01-31 17:03 . 2013-01-31 17:03 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Help
2013-01-31 16:55 . 2013-01-31 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 17:01 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 16:29 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\PC Suite
2013-01-31 16:28 . 2013-01-31 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\Common Files\PCSuite
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Common Files\Nokia
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\DIFX
2013-01-31 16:27 . 2012-06-11 10:33 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\PC Connectivity Solution
2013-01-31 16:27 . 2012-01-09 16:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2013-01-31 16:27 . 2012-01-09 16:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Nokia
2013-01-31 16:26 . 2013-01-31 16:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2013-01-31 09:28 . 2013-01-31 09:28 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\AVG
2013-01-30 17:36 . 2013-01-30 17:36 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\SimpleTV V03
2013-01-27 20:39 . 2013-02-16 15:45 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-01-21 09:00 . 2013-01-21 14:04 -------- d-----w- c:\program files\SpeedFan
2013-01-20 15:03 . 2013-01-20 15:03 -------- d-----w- c:\program files\Usb to Serial Driver 1.12.35
2013-01-20 15:02 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-01-20 15:02 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-01-20 15:02 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-01-20 15:02 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-01-20 15:02 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-01-20 15:02 . 2013-01-20 15:02 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-01-20 15:02 . 2013-01-20 15:02 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-01-20 14:59 . 2013-01-20 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CORE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 08:42 . 2012-07-02 11:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 08:42 . 2012-07-02 11:24 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55 . 2001-10-25 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2001-10-25 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2001-10-24 11:46 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2001-10-25 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2011-12-28 10:23 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2011-12-28 10:23 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2001-10-25 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-11-19 19:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-21 09:59 . 2011-12-28 09:53 373264 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-11-29 08:26 . 2013-01-03 13:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\Microsoft-Office-2010-v1.0-CZ-Portable\\Microsoft Office 2010 Portable CZ by Sparrow v1.0\\MSO_2010_by_Sparrow.dat"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 5:30 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2011 11:39 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13.9.2012 3:11 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 5:23 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 0:14 164832]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 17:21 239168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 19:31 2156952]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 16:18 103040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.11.2012 12:53 43648]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.9.2012 10:47 1691480]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.1.2013 17:27 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.1.2013 17:27 8576]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 17:17 2489680]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 92851578
*Deregistered* - 92851578
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 08:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-16 16:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1152)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-02-16 16:53:27
ComboFix-quarantined-files.txt 2013-02-16 15:53
.
Před spuštěním: Volných bajtů: 26 204 606 464
Po spuštění: Volných bajtů: 26 161 303 552
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 7F98F73C48D78CC90BA1CCF6BBDC5319

Příspěvekod **memphisto** » 17 úno 2013 10:36

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\PerfStringBackup.TMP

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

mafian · Příspěvekod **mafian** » 17 úno 2013 11:35

ComboFix 13-02-15.01 - uživatel 17.02.2013 11:25:30.23.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2714 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\PerfStringBackup.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\PerfStringBackup.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-17 do 2013-02-17 )))))))))))))))))))))))))))))))
.
.
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Thinstall
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Thinstall
2013-02-09 20:06 . 2013-02-09 20:06 -------- d-----w- c:\program files\Autodesk
2013-02-07 20:41 . 2013-02-08 08:42 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Agrowin 2012
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\program files\vOKOsCom
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- C:\Znojmia-Software
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 53248 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2013-01-31 17:48 . 2013-01-31 17:48 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Nokia
2013-01-31 17:17 . 2009-07-13 17:16 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-31 17:17 . 2009-07-13 15:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2013-01-31 17:03 . 2013-01-31 17:03 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Help
2013-01-31 16:55 . 2013-01-31 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 17:01 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 16:29 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\PC Suite
2013-01-31 16:28 . 2013-01-31 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\Common Files\PCSuite
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Common Files\Nokia
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\DIFX
2013-01-31 16:27 . 2012-06-11 10:33 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\PC Connectivity Solution
2013-01-31 16:27 . 2012-01-09 16:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2013-01-31 16:27 . 2012-01-09 16:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Nokia
2013-01-31 16:26 . 2013-01-31 16:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2013-01-31 09:28 . 2013-01-31 09:28 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\AVG
2013-01-30 17:36 . 2013-01-30 17:36 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\SimpleTV V03
2013-01-21 09:00 . 2013-01-21 14:04 -------- d-----w- c:\program files\SpeedFan
2013-01-20 15:03 . 2013-01-20 15:03 -------- d-----w- c:\program files\Usb to Serial Driver 1.12.35
2013-01-20 15:02 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-01-20 15:02 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-01-20 15:02 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-01-20 15:02 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-01-20 15:02 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-01-20 15:02 . 2013-01-20 15:02 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-01-20 15:02 . 2013-01-20 15:02 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-01-20 14:59 . 2013-01-20 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CORE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 08:42 . 2012-07-02 11:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 08:42 . 2012-07-02 11:24 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55 . 2001-10-25 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2001-10-25 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2001-10-24 11:46 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2001-10-25 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2011-12-28 10:23 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2011-12-28 10:23 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2001-10-25 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-11-19 19:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-21 09:59 . 2011-12-28 09:53 373264 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-11-29 08:26 . 2013-01-03 13:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\Microsoft-Office-2010-v1.0-CZ-Portable\\Microsoft Office 2010 Portable CZ by Sparrow v1.0\\MSO_2010_by_Sparrow.dat"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 5:30 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2011 11:39 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13.9.2012 3:11 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 5:23 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 0:14 164832]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 17:21 239168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 19:31 2156952]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 16:18 103040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.11.2012 12:53 43648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.9.2012 10:47 1691480]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.1.2013 17:27 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.1.2013 17:27 8576]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 17:17 2489680]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 08:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-17 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2013-02-17 11:32:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-17 10:32
ComboFix2.txt 2013-02-16 15:53
.
Před spuštěním: Volných bajtů: 25 719 734 272
Po spuštění: Volných bajtů: 25 688 600 576
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E8B8959ABB4B26C179392F604AA23AB9

Příspěvekod **jaro3** » 17 úno 2013 19:05

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
DirLook::
c:\documents and settings\uživatel\Local Settings\Data aplikací\Help

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

mafian · Příspěvekod **mafian** » 17 úno 2013 21:10

ComboFix 13-02-15.01 - uživatel 17.02.2013 22:08:13.24.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2749 [GMT 1:00]
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\u×ivatel\Plocha\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-17 do 2013-02-17 )))))))))))))))))))))))))))))))
.
.
2013-02-17 10:34 . 2013-02-17 21:00 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Thinstall
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Thinstall
2013-02-09 20:06 . 2013-02-09 20:06 -------- d-----w- c:\program files\Autodesk
2013-02-07 20:41 . 2013-02-08 08:42 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Agrowin 2012
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\program files\vOKOsCom
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- C:\Znojmia-Software
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 53248 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2013-01-31 17:48 . 2013-01-31 17:48 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Nokia
2013-01-31 17:17 . 2009-07-13 17:16 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-31 17:17 . 2009-07-13 15:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2013-01-31 17:03 . 2013-01-31 17:03 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Help
2013-01-31 16:55 . 2013-01-31 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 17:01 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 16:29 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\PC Suite
2013-01-31 16:28 . 2013-01-31 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\Common Files\PCSuite
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Common Files\Nokia
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\DIFX
2013-01-31 16:27 . 2012-06-11 10:33 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\PC Connectivity Solution
2013-01-31 16:27 . 2012-01-09 16:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2013-01-31 16:27 . 2012-01-09 16:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Nokia
2013-01-31 16:26 . 2013-01-31 16:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2013-01-31 09:28 . 2013-01-31 09:28 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\AVG
2013-01-30 17:36 . 2013-01-30 17:36 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\SimpleTV V03
2013-01-21 09:00 . 2013-01-21 14:04 -------- d-----w- c:\program files\SpeedFan
2013-01-20 15:03 . 2013-01-20 15:03 -------- d-----w- c:\program files\Usb to Serial Driver 1.12.35
2013-01-20 15:02 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-01-20 15:02 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-01-20 15:02 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-01-20 15:02 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-01-20 15:02 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-01-20 15:02 . 2013-01-20 15:02 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-01-20 15:02 . 2013-01-20 15:02 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-01-20 14:59 . 2013-01-20 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CORE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 08:42 . 2012-07-02 11:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 08:42 . 2012-07-02 11:24 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55 . 2001-10-25 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2001-10-25 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2001-10-24 11:46 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2001-10-25 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2011-12-28 10:23 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2011-12-28 10:23 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2001-10-25 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-11-19 19:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-21 09:59 . 2011-12-28 09:53 373264 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-11-29 08:26 . 2013-01-03 13:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\Microsoft-Office-2010-v1.0-CZ-Portable\\Microsoft Office 2010 Portable CZ by Sparrow v1.0\\MSO_2010_by_Sparrow.dat"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 5:30 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2011 11:39 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13.9.2012 3:11 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 5:23 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 0:14 164832]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 17:21 239168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 19:31 2156952]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 16:18 103040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.11.2012 12:53 43648]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.9.2012 10:47 1691480]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.1.2013 17:27 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.1.2013 17:27 8576]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 17:17 2489680]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 08:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-17 22:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-02-17 22:11:53
ComboFix-quarantined-files.txt 2013-02-17 21:11
ComboFix2.txt 2013-02-17 10:32
ComboFix3.txt 2013-02-16 15:53
.
Před spuštěním: Volných bajtů: 24 786 063 360
Po spuštění: Volných bajtů: 24 759 914 496
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 6B35C7B642EB947B732F1805B43399A2

https://www.virustotal.com/cs/file/e3b0 ... 361130973/
https://www.virustotal.com/cs/file/e3b0 ... 361131091/
https://www.virustotal.com/cs/file/e3b0 ... 361131517/
https://www.virustotal.com/cs/file/e3b0 ... 361131643/

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-17 21:08:40
-----------------------------
21:08:40.562 OS Version: Windows 5.1.2600 Service Pack 3
21:08:40.562 Number of processors: 4 586 0x402
21:08:40.562 ComputerName: ADMIN UserName:
21:08:41.031 Initialize success
21:08:56.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:08:56.484 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476938MB BusType: 3
21:08:56.484 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
21:08:56.500 Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476938MB BusType: 3
21:08:56.500 Disk 0 MBR read successfully
21:08:56.531 Disk 0 MBR scan
21:08:56.531 Disk 0 Windows XP default MBR code
21:08:56.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70001 MB offset 63
21:08:56.546 Disk 0 Partition - 00 0F Extended LBA 61059 MB offset 143364060
21:08:56.562 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 345875 MB offset 268414020
21:08:56.593 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 61059 MB offset 143364123
21:08:56.640 Disk 0 scanning sectors +976768065
21:08:56.765 Disk 0 scanning C:\WINDOWS\system32\drivers
21:09:04.312 Service scanning
21:09:10.015 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:09:12.312 Modules scanning
21:09:15.718 Disk 0 trace - called modules:
21:09:15.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfl.sys >>UNKNOWN [0x8b0b4938]<<
21:09:15.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b067ab8]
21:09:15.765 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000075[0x8b06ff18]
21:09:15.765 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b06e940]
21:09:15.765 Scan finished successfully
21:09:50.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\uživatel\Plocha\MBR.dat"
21:09:50.796 The log file has been saved successfully to "C:\Documents and Settings\uživatel\Plocha\aswMBR.txt"

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:21:28, on 17.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Documents and Settings\uživatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4972 bytes

Příspěvekod **memphisto** » 18 úno 2013 07:48

Combofix se neprovedl. Zkus znovu v nouzovém režimu

mafian · Příspěvekod **mafian** » 18 úno 2013 11:55

tak snad už to bude ok

ComboFix 13-02-15.01 - uživatel 18.02.2013 11:45:10.25.4 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2879 [GMT 1:00]
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\u×ivatel\Plocha\CFScript.txt
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-18 do 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-17 10:34 . 2013-02-18 10:39 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Thinstall
2013-02-14 09:19 . 2013-02-14 09:19 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Thinstall
2013-02-09 20:06 . 2013-02-09 20:06 -------- d-----w- c:\program files\Autodesk
2013-02-07 20:41 . 2013-02-08 08:42 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Agrowin 2012
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- c:\program files\vOKOsCom
2013-02-07 12:35 . 2013-02-07 12:35 -------- d-----w- C:\Znojmia-Software
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 73728 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-01-31 17:49 . 2013-01-31 17:49 53248 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2013-01-31 17:49 . 2013-01-31 17:49 49152 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2013-01-31 17:48 . 2013-01-31 17:48 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Nokia
2013-01-31 17:17 . 2009-07-13 17:16 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-31 17:17 . 2009-07-13 15:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2013-01-31 17:03 . 2013-01-31 17:03 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Help
2013-01-31 16:55 . 2013-01-31 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 17:01 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Nokia
2013-01-31 16:28 . 2013-01-31 16:29 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\PC Suite
2013-01-31 16:28 . 2013-01-31 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\Common Files\PCSuite
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Common Files\Nokia
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\DIFX
2013-01-31 16:27 . 2012-06-11 10:33 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-01-31 16:27 . 2013-01-31 16:27 -------- d-----w- c:\program files\PC Connectivity Solution
2013-01-31 16:27 . 2012-01-09 16:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2013-01-31 16:27 . 2012-01-09 16:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2013-01-31 16:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2013-01-31 16:27 . 2013-01-31 17:48 -------- d-----w- c:\program files\Nokia
2013-01-31 16:26 . 2013-01-31 16:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2013-01-31 09:28 . 2013-01-31 09:28 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\AVG
2013-01-30 17:36 . 2013-01-30 17:36 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\SimpleTV V03
2013-01-21 09:00 . 2013-01-21 14:04 -------- d-----w- c:\program files\SpeedFan
2013-01-20 15:03 . 2013-01-20 15:03 -------- d-----w- c:\program files\Usb to Serial Driver 1.12.35
2013-01-20 15:02 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-01-20 15:02 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-01-20 15:02 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-01-20 15:02 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-01-20 15:02 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-01-20 15:02 . 2013-01-20 15:02 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-01-20 15:02 . 2013-01-20 15:02 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-01-20 14:59 . 2013-01-20 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CORE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 08:42 . 2012-07-02 11:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 08:42 . 2012-07-02 11:24 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55 . 2001-10-25 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2001-10-25 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2001-10-24 11:46 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2001-10-25 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2011-12-28 10:23 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2011-12-28 10:23 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2001-10-25 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-11-19 19:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-21 09:59 . 2011-12-28 09:53 373264 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-11-29 08:26 . 2013-01-03 13:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\Microsoft-Office-2010-v1.0-CZ-Portable\\Microsoft Office 2010 Portable CZ by Sparrow v1.0\\MSO_2010_by_Sparrow.dat"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 5:30 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2011 11:39 691696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 0:14 164832]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 17:21 239168]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.11.2012 12:53 43648]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13.9.2012 3:11 179936]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 5:23 159712]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
S2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 19:31 2156952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.9.2012 10:47 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 16:18 103040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.1.2013 17:27 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.1.2013 17:27 8576]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 17:17 2489680]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 08:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-18 11:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-02-18 11:48:33
ComboFix-quarantined-files.txt 2013-02-18 10:48
ComboFix2.txt 2013-02-17 21:11
ComboFix3.txt 2013-02-17 10:32
ComboFix4.txt 2013-02-16 15:53
.
Před spuštěním: Volných bajtů: 24 760 401 920
Po spuštění: Volných bajtů: 24 728 707 072
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8F90771BDDE50264ECE6C85A6814C576

Příspěvekod **jaro3** » 18 úno 2013 18:56

Combfix , zkus ten script v nouz. režimu.

Ještě ty soubory na virustotal.

mafian · Příspěvekod **mafian** » 18 úno 2013 19:49

combofix byl spuštěn v nouzáku ale zkusim to tedy ještě jednou
ty soubory jsou ok viz muj příspěvek výše jsou tam odkazy.

prosím o kontrolu HijackThis a ostatních logů

prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Re: prosím o kontrolu HijackThis a ostatních logů

Kdo je online