prosím o preventivní kontrolu hijackthis

mafian · Příspěvekod **mafian** » 05 črc 2013 16:15

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:26, on 5.7.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Documents and Settings\uživatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
O1 - Hosts: 212.80.69.80 test1.voyo.nova.cz
O2 - BHO: phpnuke Helper Object - {890CA547-B66C-48BF-9663-DBE0BFDC7D0C} - C:\Program Files\phpnuke\phpnuke\1.8.18.5\bh\phpnuke.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: phpnuke Toolbar - {7B206A1E-933F-4A50-9E60-5167598BDB03} - C:\Program Files\phpnuke\phpnuke\1.8.18.5\phpnukeTlbr.dll
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5686 bytes
děkuji

Reklama

Příspěvekod **memphisto** » 05 črc 2013 16:31

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

mafian · Příspěvekod **mafian** » 05 črc 2013 17:59

ten nenašel nic
Malwarebytes' Anti-Malware

# AdwCleaner v2.304 - Log vytvooen 05/07/2013 v 17:57:07
# Aktualizováno 03/07/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : uživatel - ADMIN
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\uživatel\Plocha\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Documents and Settings\Administrator\Data aplikací\registry mechanic
Složka Nalezeno : C:\Documents and Settings\uživatel\Data aplikací\registry mechanic
Složka Nalezeno : C:\Documents and Settings\uživatel\Data aplikací\searchresultstb
Složka Nalezeno : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\PackageAware
Soubor Nalezeno : C:\user.js

***** [Registry] *****

Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v18.0.1 (cs)

Soubor : C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\prefs.js

Nalezeno : user_pref("browser.search.order.1", "Search The Web (phpnuke)");
Nalezeno : user_pref("browser.search.selectedEngine", "Search The Web (phpnuke)");
Nalezeno : user_pref("extensions.phpnuke.srchPrvdr", "Search The Web (phpnuke)");

-\\ Google Chrome v24.0.1312.56

Soubor : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Documents and Settings\uživatel\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

Soubor : C:\Documents and Settings\Administrator\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R3].txt - [2998 octets] - [05/07/2013 17:57:07]

########## EOF - C:\AdwCleaner[R3].txt - [3058 octets] ##########

Příspěvekod **memphisto** » 05 črc 2013 18:08

V adw nech vše smazat a dodej log po mazání

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

mafian · Příspěvekod **mafian** » 05 črc 2013 20:39

# AdwCleaner v2.304 - Log vytvooen 05/07/2013 v 20:36:32
# Aktualizováno 03/07/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : uživatel - ADMIN
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\uživatel\Plocha\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Documents and Settings\Administrator\Data aplikací\registry mechanic
Složka Vymazáno : C:\Documents and Settings\uživatel\Data aplikací\registry mechanic
Složka Vymazáno : C:\Documents and Settings\uživatel\Data aplikací\searchresultstb
Složka Vymazáno : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\PackageAware
Soubor Vymazáno : C:\user.js

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v18.0.1 (cs)

Soubor : C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\prefs.js

C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\user.js ... Vymazáno !

Vymazáno : user_pref("browser.search.order.1", "Search The Web (phpnuke)");
Vymazáno : user_pref("browser.search.selectedEngine", "Search The Web (phpnuke)");
Vymazáno : user_pref("extensions.phpnuke.srchPrvdr", "Search The Web (phpnuke)");

-\\ Google Chrome v24.0.1312.56

Soubor : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Documents and Settings\uživatel\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

Soubor : C:\Documents and Settings\Administrator\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R3].txt - [3127 octets] - [05/07/2013 17:57:07]
AdwCleaner[R4].txt - [3246 octets] - [05/07/2013 20:36:20]
AdwCleaner[S2].txt - [340 octets] - [05/07/2013 20:36:09]
AdwCleaner[S3].txt - [3292 octets] - [05/07/2013 20:36:32]

########## EOF - C:\AdwCleaner[S3].txt - [3352 octets] ##########

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : uživatel [Práva správce]
Mód : Kontrola -- Datum : 07/05/2013 20:41:39
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NALEZENO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HID SVC][Skrytý od API] HKLM\[...]\CCSet\[...]\Services : S () -> NALEZENO
[HID SVC][Skrytý od API] HKLM\[...]\CS002\[...]\Services : S () -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.hxxp", "78.41.21.46"); -> NALEZENO
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.hxxp_port", 8080); -> NALEZENO
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.type", 1); -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> G:\windows\system32\config\SYSTEM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SOFTWARE
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SECURITY
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SAM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\DEFAULT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\123456\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Administrator\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Default User\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\LocalService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\NetworkService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\winpostgr\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\winpostgr\Nabídka Start\Programy\Po spuštění

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 test.voyo.nova.cz
212.80.69.80 test1.voyo.nova.cz
127.0.0.1 test.play.iprima.cz
127.0.0.1 stream.test
127.0.0.1 test.brightcove.com
127.0.0.1 test.voyo.markiza.sk

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 +++++
--- User ---
[MBR] 5d4c55145fb41930ddfe1ff25703ab24
[BSP] 1f84de9c24bc9c12d138a4253a71b732 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70001 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 143364060 | Size: 61059 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268414020 | Size: 345875 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 +++++
--- User ---
[MBR] 804d10eeb9a00c80eb5fafc353e90552
[BSP] 995669ecf0f527c3bb0612362dd1bdfa : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131059 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268410240 | Size: 175888 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 628629120 | Size: 69996 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 771981840 | Size: 99992 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_07052013_204139.txt >>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by uživatel on pá 05.07.2013 at 20:44:57,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8B684B1E-BF7E-48CE-B8FE-706DB9A460B7}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\uživatel\Data aplikací\mozilla\firefox\profiles\5hb9nwi2.default\prefs.js

user_pref("extensions.phpnuke.hmpgUrl", "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc");
user_pref("extensions.phpnuke.kw_url", "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc&q=");
user_pref("extensions.phpnuke.newTabUrl", "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc");
user_pref("extensions.phpnuke.tlbrSrchUrl", "hxxp://search.phpnuke.org/?lang={dfltLng}&cid={cid}&q=");
user_pref("keyword.URL", "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc&q=");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pá 05.07.2013 at 20:46:38,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

tak co stím dál díky

Příspěvekod **memphisto** » 05 črc 2013 21:00

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

mafian · Příspěvekod **mafian** » 05 črc 2013 21:14

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : uživatel [Práva správce]
Mód : Odebrat -- Datum : 07/05/2013 21:13:39
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HID SVC][Skrytý od API] HKLM\[...]\CCSet\[...]\Services : S () -> [0x3] Systém nemůže nalézt uvedenou cestu.
[HID SVC][Skrytý od API] HKLM\[...]\CS002\[...]\Services : S () -> [0x3] Systém nemůže nalézt uvedenou cestu.

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.hxxp", "78.41.21.46"); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.hxxp_port", 8080); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.type", 1); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> G:\windows\system32\config\SYSTEM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SOFTWARE
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SECURITY
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SAM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\DEFAULT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\123456\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Administrator\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Default User\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\LocalService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\NetworkService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\winpostgr\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\winpostgr\Nabídka Start\Programy\Po spuštění

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 test.voyo.nova.cz
212.80.69.80 test1.voyo.nova.cz
127.0.0.1 test.play.iprima.cz
127.0.0.1 stream.test
127.0.0.1 test.brightcove.com
127.0.0.1 test.voyo.markiza.sk

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 +++++
--- User ---
[MBR] 5d4c55145fb41930ddfe1ff25703ab24
[BSP] 1f84de9c24bc9c12d138a4253a71b732 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70001 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 143364060 | Size: 61059 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268414020 | Size: 345875 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 +++++
--- User ---
[MBR] 804d10eeb9a00c80eb5fafc353e90552
[BSP] 995669ecf0f527c3bb0612362dd1bdfa : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131059 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268410240 | Size: 175888 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 628629120 | Size: 69996 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 771981840 | Size: 99992 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_07052013_211339.txt >>
RKreport[0]_S_07052013_204139.txt;RKreport[0]_S_07052013_211329.txt

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : uživatel [Práva správce]
Mód : Odebrat -- Datum : 07/05/2013 21:13:39
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HID SVC][Skrytý od API] HKLM\[...]\CCSet\[...]\Services : S () -> [0x3] Systém nemůže nalézt uvedenou cestu.
[HID SVC][Skrytý od API] HKLM\[...]\CS002\[...]\Services : S () -> [0x3] Systém nemůže nalézt uvedenou cestu.

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.hxxp", "78.41.21.46"); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.hxxp_port", 8080); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[FF][PROXY] 5hb9nwi2.default : user_pref("network.proxy.type", 1); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> G:\windows\system32\config\SYSTEM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SOFTWARE
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SECURITY
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SAM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\DEFAULT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\123456\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Administrator\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Default User\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\LocalService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\NetworkService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\winpostgr\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\winpostgr\Nabídka Start\Programy\Po spuštění

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 test.voyo.nova.cz
212.80.69.80 test1.voyo.nova.cz
127.0.0.1 test.play.iprima.cz
127.0.0.1 stream.test
127.0.0.1 test.brightcove.com
127.0.0.1 test.voyo.markiza.sk

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 +++++
--- User ---
[MBR] 5d4c55145fb41930ddfe1ff25703ab24
[BSP] 1f84de9c24bc9c12d138a4253a71b732 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70001 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 143364060 | Size: 61059 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268414020 | Size: 345875 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 +++++
--- User ---
[MBR] 804d10eeb9a00c80eb5fafc353e90552
[BSP] 995669ecf0f527c3bb0612362dd1bdfa : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131059 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268410240 | Size: 175888 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 628629120 | Size: 69996 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 771981840 | Size: 99992 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_07052013_211339.txt >>
RKreport[0]_S_07052013_204139.txt;RKreport[0]_S_07052013_211329.txt

Příspěvekod **memphisto** » 06 črc 2013 08:13

Tu proxy tam máš schválně nastavenou?

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

mafian · Příspěvekod **mafian** » 06 črc 2013 08:49

ta proxy se může už smazat ale dával jsem ji tam já před pár měsíci.

08:47:45.0890 2228 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:47:46.0046 2228 ============================================================
08:47:46.0046 2228 Current date / time: 2013/07/06 08:47:46.0046
08:47:46.0046 2228 SystemInfo:
08:47:46.0046 2228
08:47:46.0046 2228 OS Version: 5.1.2600 ServicePack: 3.0
08:47:46.0046 2228 Product type: Workstation
08:47:46.0046 2228 ComputerName: ADMIN
08:47:46.0046 2228 UserName: uživatel
08:47:46.0046 2228 Windows directory: C:\WINDOWS
08:47:46.0046 2228 System windows directory: C:\WINDOWS
08:47:46.0046 2228 Processor architecture: Intel x86
08:47:46.0046 2228 Number of processors: 4
08:47:46.0046 2228 Page size: 0x1000
08:47:46.0046 2228 Boot type: Normal boot
08:47:46.0046 2228 ============================================================
08:47:47.0328 2228 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:47:47.0328 2228 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:47:47.0328 2228 ============================================================
08:47:47.0328 2228 \Device\Harddisk0\DR0:
08:47:47.0328 2228 MBR partitions:
08:47:47.0328 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
08:47:47.0343 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x7741C29
08:47:47.0343 2228 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x2A389FFD
08:47:47.0343 2228 \Device\Harddisk1\DR1:
08:47:47.0343 2228 MBR partitions:
08:47:47.0343 2228 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41
08:47:47.0343 2228 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFFF9D80, BlocksNum 0x15788100
08:47:47.0343 2228 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x25781EBF, BlocksNum 0x88B6351
08:47:47.0343 2228 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x2E038210, BlocksNum 0xC34C680
08:47:47.0343 2228 ============================================================
08:47:47.0375 2228 C: <-> \Device\Harddisk0\DR0\Partition1
08:47:47.0406 2228 D: <-> \Device\Harddisk0\DR0\Partition2
08:47:47.0468 2228 F: <-> \Device\Harddisk0\DR0\Partition3
08:47:47.0500 2228 G: <-> \Device\Harddisk1\DR1\Partition1
08:47:47.0500 2228 I: <-> \Device\Harddisk1\DR1\Partition3
08:47:47.0515 2228 K: <-> \Device\Harddisk1\DR1\Partition2
08:47:47.0546 2228 L: <-> \Device\Harddisk1\DR1\Partition4
08:47:47.0546 2228 ============================================================
08:47:47.0546 2228 Initialize success
08:47:47.0546 2228 ============================================================
08:47:48.0625 3468 ============================================================
08:47:48.0625 3468 Scan started
08:47:48.0625 3468 Mode: Manual;
08:47:48.0625 3468 ============================================================
08:47:49.0781 3468 ================ Scan system memory ========================
08:47:49.0781 3468 System memory - ok
08:47:49.0781 3468 ================ Scan services =============================
08:47:49.0859 3468 Abiosdsk - ok
08:47:49.0875 3468 abp480n5 - ok
08:47:49.0953 3468 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:47:49.0968 3468 ACPI - ok
08:47:50.0000 3468 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:47:50.0000 3468 ACPIEC - ok
08:47:50.0046 3468 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:47:50.0062 3468 AdobeFlashPlayerUpdateSvc - ok
08:47:50.0062 3468 adpu160m - ok
08:47:50.0093 3468 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:47:50.0093 3468 aec - ok
08:47:50.0109 3468 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:47:50.0109 3468 AFD - ok
08:47:50.0109 3468 Aha154x - ok
08:47:50.0125 3468 aic78u2 - ok
08:47:50.0125 3468 aic78xx - ok
08:47:50.0156 3468 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:47:50.0156 3468 Alerter - ok
08:47:50.0171 3468 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
08:47:50.0171 3468 ALG - ok
08:47:50.0171 3468 AliIde - ok
08:47:50.0218 3468 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
08:47:50.0234 3468 Ambfilt - ok
08:47:50.0265 3468 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
08:47:50.0265 3468 amdide - ok
08:47:50.0281 3468 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
08:47:50.0281 3468 AmdPPM - ok
08:47:50.0281 3468 amsint - ok
08:47:50.0328 3468 [ 05EDA44C080EBAF758F8A318488FFD75 ] appliand C:\WINDOWS\system32\DRIVERS\appliand.sys
08:47:50.0328 3468 appliand - ok
08:47:50.0328 3468 [ 05EDA44C080EBAF758F8A318488FFD75 ] appliandMP C:\WINDOWS\system32\DRIVERS\appliand.sys
08:47:50.0328 3468 appliandMP - ok
08:47:50.0343 3468 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:47:50.0343 3468 AppMgmt - ok
08:47:50.0375 3468 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:47:50.0375 3468 Arp1394 - ok
08:47:50.0390 3468 asc - ok
08:47:50.0390 3468 asc3350p - ok
08:47:50.0390 3468 asc3550 - ok
08:47:50.0437 3468 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:47:50.0437 3468 aspnet_state - ok
08:47:50.0468 3468 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:47:50.0468 3468 AsyncMac - ok
08:47:50.0468 3468 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:47:50.0468 3468 atapi - ok
08:47:50.0468 3468 Atdisk - ok
08:47:50.0515 3468 [ 809B0EB83C75061C9DE2E528C65A1575 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:47:50.0515 3468 Ati HotKey Poller - ok
08:47:50.0546 3468 [ AD1865C5E1842C8BA06BE3B1799315AA ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
08:47:50.0578 3468 ATI Smart - ok
08:47:50.0687 3468 [ 032F23B133B680B06861329C5A176EE0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:47:50.0734 3468 ati2mtag - ok
08:47:50.0781 3468 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
08:47:50.0781 3468 AtiHDAudioService - ok
08:47:50.0812 3468 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:47:50.0812 3468 Atmarpc - ok
08:47:50.0843 3468 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:47:50.0843 3468 AudioSrv - ok
08:47:50.0875 3468 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:47:50.0875 3468 audstub - ok
08:47:51.0031 3468 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
08:47:51.0109 3468 AVGIDSAgent - ok
08:47:51.0156 3468 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
08:47:51.0156 3468 AVGIDSDriver - ok
08:47:51.0203 3468 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
08:47:51.0203 3468 AVGIDSHX - ok
08:47:51.0234 3468 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
08:47:51.0234 3468 AVGIDSShim - ok
08:47:51.0281 3468 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:47:51.0281 3468 Avgldx86 - ok
08:47:51.0296 3468 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
08:47:51.0312 3468 Avglogx - ok
08:47:51.0312 3468 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:47:51.0312 3468 Avgmfx86 - ok
08:47:51.0328 3468 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:47:51.0328 3468 Avgrkx86 - ok
08:47:51.0343 3468 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:47:51.0359 3468 Avgtdix - ok
08:47:51.0375 3468 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
08:47:51.0390 3468 avgwd - ok
08:47:51.0421 3468 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:47:51.0421 3468 Beep - ok
08:47:51.0453 3468 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
08:47:51.0515 3468 BITS - ok
08:47:51.0562 3468 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
08:47:51.0562 3468 Browser - ok
08:47:51.0593 3468 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:47:51.0593 3468 cbidf2k - ok
08:47:51.0593 3468 cd20xrnt - ok
08:47:51.0609 3468 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:47:51.0609 3468 Cdaudio - ok
08:47:51.0625 3468 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:47:51.0625 3468 Cdfs - ok
08:47:51.0671 3468 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:47:51.0687 3468 Cdrom - ok
08:47:51.0687 3468 [ E390DC1D7C461D7D56EC53402F329928 ] cisvc C:\WINDOWS\system32\cisvc.exe
08:47:51.0687 3468 cisvc - ok
08:47:51.0703 3468 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:47:51.0703 3468 ClipSrv - ok
08:47:51.0734 3468 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:47:51.0781 3468 clr_optimization_v2.0.50727_32 - ok
08:47:51.0906 3468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:47:51.0906 3468 clr_optimization_v4.0.30319_32 - ok
08:47:51.0921 3468 CmdIde - ok
08:47:51.0921 3468 COMSysApp - ok
08:47:51.0953 3468 Cpqarray - ok
08:47:51.0968 3468 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:47:51.0968 3468 CryptSvc - ok
08:47:51.0968 3468 dac2w2k - ok
08:47:51.0968 3468 dac960nt - ok
08:47:52.0000 3468 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:47:52.0015 3468 DcomLaunch - ok
08:47:52.0015 3468 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:47:52.0046 3468 Dhcp - ok
08:47:52.0093 3468 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:47:52.0140 3468 Disk - ok
08:47:52.0140 3468 dmadmin - ok
08:47:52.0171 3468 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:47:52.0218 3468 dmboot - ok
08:47:52.0234 3468 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:47:52.0234 3468 dmio - ok
08:47:52.0250 3468 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:47:52.0250 3468 dmload - ok
08:47:52.0281 3468 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:47:52.0281 3468 dmserver - ok
08:47:52.0296 3468 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:47:52.0296 3468 DMusic - ok
08:47:52.0328 3468 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:47:52.0328 3468 Dnscache - ok
08:47:52.0343 3468 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:47:52.0343 3468 Dot3svc - ok
08:47:52.0343 3468 dpti2o - ok
08:47:52.0359 3468 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:47:52.0359 3468 drmkaud - ok
08:47:52.0390 3468 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
08:47:52.0390 3468 dtsoftbus01 - ok
08:47:52.0406 3468 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:47:52.0406 3468 EapHost - ok
08:47:52.0406 3468 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:47:52.0406 3468 ERSvc - ok
08:47:52.0421 3468 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
08:47:52.0421 3468 Eventlog - ok
08:47:52.0437 3468 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\System32\es.dll
08:47:52.0437 3468 EventSystem - ok
08:47:52.0437 3468 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:47:52.0453 3468 Fastfat - ok
08:47:52.0468 3468 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:47:52.0468 3468 FastUserSwitchingCompatibility - ok
08:47:52.0468 3468 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:47:52.0468 3468 Fdc - ok
08:47:52.0500 3468 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:47:52.0500 3468 Fips - ok
08:47:52.0500 3468 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:47:52.0500 3468 Flpydisk - ok
08:47:52.0531 3468 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:47:52.0531 3468 FltMgr - ok
08:47:52.0625 3468 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:47:52.0625 3468 FontCache3.0.0.0 - ok
08:47:52.0640 3468 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:47:52.0640 3468 Fs_Rec - ok
08:47:52.0640 3468 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:47:52.0640 3468 Ftdisk - ok
08:47:52.0671 3468 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
08:47:52.0687 3468 gdrv - ok
08:47:52.0703 3468 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:47:52.0703 3468 Gpc - ok
08:47:52.0718 3468 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:47:52.0718 3468 HDAudBus - ok
08:47:52.0750 3468 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:47:52.0750 3468 helpsvc - ok
08:47:52.0765 3468 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:47:52.0765 3468 HidServ - ok
08:47:52.0765 3468 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:47:52.0765 3468 hidusb - ok
08:47:52.0781 3468 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:47:52.0781 3468 hkmsvc - ok
08:47:52.0781 3468 hpn - ok
08:47:52.0796 3468 hpt3xx - ok
08:47:52.0828 3468 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:47:52.0828 3468 HTTP - ok
08:47:52.0843 3468 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:47:52.0843 3468 HTTPFilter - ok
08:47:52.0859 3468 i2omp - ok
08:47:52.0875 3468 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:47:52.0875 3468 i8042prt - ok
08:47:52.0906 3468 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:47:52.0921 3468 idsvc - ok
08:47:52.0953 3468 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:47:52.0953 3468 Imapi - ok
08:47:52.0984 3468 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:47:52.0984 3468 ImapiService - ok
08:47:52.0984 3468 ini910u - ok
08:47:53.0109 3468 [ A7564CC4E170F1E5B84BAE6BB8C5F16E ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:47:53.0140 3468 IntcAzAudAddService - ok
08:47:53.0140 3468 IntelIde - ok
08:47:53.0171 3468 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:47:53.0171 3468 ip6fw - ok
08:47:53.0203 3468 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:47:53.0203 3468 IpFilterDriver - ok
08:47:53.0203 3468 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:47:53.0203 3468 IpInIp - ok
08:47:53.0218 3468 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:47:53.0218 3468 IpNat - ok
08:47:53.0218 3468 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:47:53.0218 3468 IPSec - ok
08:47:53.0234 3468 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:47:53.0234 3468 IRENUM - ok
08:47:53.0250 3468 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:47:53.0250 3468 isapnp - ok
08:47:53.0281 3468 [ 973DB7AC74C554C546F8B0B7B98FB855 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:47:53.0296 3468 JavaQuickStarterService - ok
08:47:53.0296 3468 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:47:53.0296 3468 Kbdclass - ok
08:47:53.0312 3468 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:47:53.0312 3468 kbdhid - ok
08:47:53.0328 3468 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:47:53.0328 3468 kmixer - ok
08:47:53.0343 3468 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:47:53.0343 3468 KSecDD - ok
08:47:53.0359 3468 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:47:53.0390 3468 lanmanserver - ok
08:47:53.0421 3468 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:47:53.0437 3468 lanmanworkstation - ok
08:47:53.0468 3468 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:47:53.0468 3468 LmHosts - ok
08:47:53.0484 3468 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:47:53.0484 3468 Messenger - ok
08:47:53.0500 3468 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:47:53.0500 3468 mnmdd - ok
08:47:53.0515 3468 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
08:47:53.0515 3468 mnmsrvc - ok
08:47:53.0515 3468 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:47:53.0515 3468 Modem - ok
08:47:53.0562 3468 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
08:47:53.0562 3468 Monfilt - ok
08:47:53.0593 3468 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:47:53.0593 3468 Mouclass - ok
08:47:53.0609 3468 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:47:53.0609 3468 mouhid - ok
08:47:53.0625 3468 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:47:53.0625 3468 MountMgr - ok
08:47:53.0656 3468 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:47:53.0656 3468 MozillaMaintenance - ok
08:47:53.0671 3468 mraid35x - ok
08:47:53.0671 3468 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:47:53.0671 3468 MRxDAV - ok
08:47:53.0718 3468 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:47:53.0734 3468 MRxSmb - ok
08:47:53.0750 3468 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\System32\msdtc.exe
08:47:53.0750 3468 MSDTC - ok
08:47:53.0765 3468 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:47:53.0765 3468 Msfs - ok
08:47:53.0765 3468 MSIServer - ok
08:47:53.0765 3468 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:47:53.0781 3468 MSKSSRV - ok
08:47:53.0781 3468 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:47:53.0781 3468 MSPCLOCK - ok
08:47:53.0781 3468 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:47:53.0781 3468 MSPQM - ok
08:47:53.0812 3468 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:47:53.0812 3468 mssmbios - ok
08:47:53.0843 3468 MSSQLSERVER - ok
08:47:53.0859 3468 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:47:53.0859 3468 MSSQLServerADHelper - ok
08:47:53.0875 3468 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:47:53.0890 3468 Mup - ok
08:47:53.0921 3468 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:47:53.0921 3468 napagent - ok
08:47:53.0937 3468 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:47:53.0937 3468 NDIS - ok
08:47:53.0984 3468 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:47:53.0984 3468 NdisTapi - ok
08:47:53.0984 3468 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:47:53.0984 3468 Ndisuio - ok
08:47:54.0000 3468 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:47:54.0000 3468 NdisWan - ok
08:47:54.0015 3468 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:47:54.0015 3468 NDProxy - ok
08:47:54.0015 3468 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:47:54.0015 3468 NetBIOS - ok
08:47:54.0062 3468 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:47:54.0062 3468 NetBT - ok
08:47:54.0078 3468 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
08:47:54.0078 3468 NetDDE - ok
08:47:54.0078 3468 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:47:54.0078 3468 NetDDEdsdm - ok
08:47:54.0093 3468 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:47:54.0093 3468 Netlogon - ok
08:47:54.0109 3468 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
08:47:54.0125 3468 Netman - ok
08:47:54.0140 3468 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:47:54.0156 3468 NetTcpPortSharing - ok
08:47:54.0171 3468 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:47:54.0171 3468 NIC1394 - ok
08:47:54.0187 3468 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
08:47:54.0187 3468 Nla - ok
08:47:54.0234 3468 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
08:47:54.0234 3468 nmwcd - ok
08:47:54.0265 3468 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
08:47:54.0265 3468 nmwcdc - ok
08:47:54.0296 3468 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
08:47:54.0312 3468 nmwcdnsu - ok
08:47:54.0328 3468 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
08:47:54.0343 3468 nmwcdnsuc - ok
08:47:54.0359 3468 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:47:54.0359 3468 Npfs - ok
08:47:54.0359 3468 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:47:54.0375 3468 Ntfs - ok
08:47:54.0375 3468 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
08:47:54.0375 3468 NtLmSsp - ok
08:47:54.0406 3468 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:47:54.0406 3468 NtmsSvc - ok
08:47:54.0421 3468 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:47:54.0421 3468 Null - ok
08:47:54.0453 3468 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:47:54.0453 3468 NwlnkFlt - ok
08:47:54.0453 3468 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:47:54.0453 3468 NwlnkFwd - ok
08:47:54.0468 3468 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:47:54.0468 3468 ohci1394 - ok
08:47:54.0531 3468 [ 98A418CFF837DF4954006BD8F23EC903 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
08:47:54.0578 3468 OODefragAgent - ok
08:47:54.0625 3468 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:47:54.0625 3468 ose - ok
08:47:54.0671 3468 [ F43E58DFC53DD59377E212894AD57330 ] PAR1284 C:\WINDOWS\system32\PAR1284.sys
08:47:54.0671 3468 PAR1284 - ok
08:47:54.0687 3468 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
08:47:54.0687 3468 Parport - ok
08:47:54.0687 3468 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:47:54.0687 3468 PartMgr - ok
08:47:54.0703 3468 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:47:54.0703 3468 ParVdm - ok
08:47:54.0734 3468 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
08:47:54.0734 3468 pccsmcfd - ok
08:47:54.0750 3468 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:47:54.0750 3468 PCI - ok
08:47:54.0750 3468 PCIDump - ok
08:47:54.0765 3468 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:47:54.0765 3468 PCIIde - ok
08:47:54.0781 3468 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:47:54.0781 3468 Pcmcia - ok
08:47:54.0781 3468 perc2 - ok
08:47:54.0781 3468 perc2hib - ok
08:47:54.0828 3468 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
08:47:54.0828 3468 PlugPlay - ok
08:47:54.0828 3468 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:47:54.0828 3468 PolicyAgent - ok
08:47:54.0859 3468 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:47:54.0859 3468 PptpMiniport - ok
08:47:54.0875 3468 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
08:47:54.0875 3468 Processor - ok
08:47:54.0875 3468 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:47:54.0875 3468 ProtectedStorage - ok
08:47:54.0890 3468 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:47:54.0890 3468 PSched - ok
08:47:54.0906 3468 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:47:54.0906 3468 Ptilink - ok
08:47:54.0906 3468 ql1080 - ok
08:47:54.0921 3468 Ql10wnt - ok
08:47:54.0921 3468 ql12160 - ok
08:47:54.0921 3468 ql1240 - ok
08:47:54.0921 3468 ql1280 - ok
08:47:54.0937 3468 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:47:54.0953 3468 RasAcd - ok
08:47:54.0968 3468 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:47:54.0968 3468 RasAuto - ok
08:47:54.0984 3468 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:47:54.0984 3468 Rasl2tp - ok
08:47:55.0015 3468 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:47:55.0015 3468 RasMan - ok
08:47:55.0031 3468 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:47:55.0031 3468 RasPppoe - ok
08:47:55.0031 3468 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:47:55.0031 3468 Raspti - ok
08:47:55.0062 3468 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:47:55.0062 3468 Rdbss - ok
08:47:55.0062 3468 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:47:55.0062 3468 RDPCDD - ok
08:47:55.0078 3468 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:47:55.0078 3468 rdpdr - ok
08:47:55.0125 3468 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:47:55.0140 3468 RDPWD - ok
08:47:55.0171 3468 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:47:55.0171 3468 RDSessMgr - ok
08:47:55.0203 3468 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:47:55.0203 3468 redbook - ok
08:47:55.0234 3468 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:47:55.0234 3468 RemoteAccess - ok
08:47:55.0265 3468 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:47:55.0265 3468 RemoteRegistry - ok
08:47:55.0281 3468 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\System32\locator.exe
08:47:55.0281 3468 RpcLocator - ok
08:47:55.0312 3468 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:47:55.0312 3468 RpcSs - ok
08:47:55.0328 3468 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
08:47:55.0328 3468 RSVP - ok
08:47:55.0406 3468 [ EE76248CA187BB50FF964A287D420FEE ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMI.sys
08:47:55.0468 3468 RTHDMIAzAudService - ok
08:47:55.0515 3468 [ BEB9270471499994899FA2DF18466B43 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:47:55.0515 3468 RTLE8023xp - ok
08:47:55.0531 3468 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
08:47:55.0531 3468 SamSs - ok
08:47:55.0531 3468 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:47:55.0531 3468 SCardSvr - ok
08:47:55.0578 3468 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:47:55.0578 3468 Schedule - ok
08:47:55.0609 3468 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:47:55.0609 3468 Secdrv - ok
08:47:55.0656 3468 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:47:55.0656 3468 seclogon - ok
08:47:55.0687 3468 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
08:47:55.0687 3468 SENS - ok
08:47:55.0703 3468 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:47:55.0703 3468 serenum - ok
08:47:55.0703 3468 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:47:55.0703 3468 Serial - ok
08:47:55.0781 3468 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:47:55.0796 3468 ServiceLayer - ok
08:47:55.0828 3468 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:47:55.0828 3468 Sfloppy - ok
08:47:55.0859 3468 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:47:55.0859 3468 SharedAccess - ok
08:47:55.0875 3468 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:47:55.0875 3468 ShellHWDetection - ok
08:47:55.0875 3468 Simbad - ok
08:47:55.0921 3468 [ BD3863C139F3380A9F44FB188FEEFC6E ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
08:47:55.0921 3468 snapman - ok
08:47:55.0937 3468 Sparrow - ok
08:47:55.0953 3468 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:47:55.0953 3468 splitter - ok
08:47:55.0968 3468 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:47:55.0968 3468 Spooler - ok
08:47:55.0968 3468 ================ Scan global ===============================
08:47:55.0984 3468 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
08:47:56.0031 3468 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
08:47:56.0031 3468 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
08:47:56.0046 3468 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
08:47:56.0046 3468 [Global] - ok
08:47:56.0046 3468 ================ Scan MBR ==================================
08:47:56.0046 3468 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
08:47:56.0218 3468 \Device\Harddisk0\DR0 - ok
08:47:56.0234 3468 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
08:47:56.0265 3468 \Device\Harddisk1\DR1 - ok
08:47:56.0265 3468 ================ Scan VBR ==================================
08:47:56.0265 3468 [ 0C9CF58B039381786757D6E4C9D53E2C ] \Device\Harddisk0\DR0\Partition1
08:47:56.0265 3468 \Device\Harddisk0\DR0\Partition1 - ok
08:47:56.0296 3468 [ 525D1C54FADBA2BD8357FBEA485EA750 ] \Device\Harddisk0\DR0\Partition2
08:47:56.0296 3468 \Device\Harddisk0\DR0\Partition2 - ok
08:47:56.0312 3468 [ 3BE5DE4C7CDC8C1BEBF89FCA350C8470 ] \Device\Harddisk0\DR0\Partition3
08:47:56.0312 3468 \Device\Harddisk0\DR0\Partition3 - ok
08:47:56.0312 3468 [ 10E5B0FA4180DFCE2E773F55FD7EB1C8 ] \Device\Harddisk1\DR1\Partition1
08:47:56.0328 3468 \Device\Harddisk1\DR1\Partition1 - ok
08:47:56.0328 3468 [ B1090BBB02921E91373529A4B1B88D55 ] \Device\Harddisk1\DR1\Partition2
08:47:56.0328 3468 \Device\Harddisk1\DR1\Partition2 - ok
08:47:56.0328 3468 [ 1B3738F720E6605C8AF85DC74BF3F6F3 ] \Device\Harddisk1\DR1\Partition3
08:47:56.0343 3468 \Device\Harddisk1\DR1\Partition3 - ok
08:47:56.0343 3468 [ 7D6A2078D6C2A4C67BF5CEBA6F2AA2F2 ] \Device\Harddisk1\DR1\Partition4
08:47:56.0343 3468 \Device\Harddisk1\DR1\Partition4 - ok
08:47:56.0359 3468 ============================================================
08:47:56.0359 3468 Scan finished
08:47:56.0359 3468 ============================================================
08:47:56.0359 2276 Detected object count: 0
08:47:56.0359 2276 Actual detected object count: 0
08:47:59.0250 2728 Deinitialize success

combofix dodám za chvíli

mafian · Příspěvekod **mafian** » 06 črc 2013 10:41

ComboFix 13-07-06.02 - uživatel 06.07.2013 10:36:54.27.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2712 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-06 do 2013-07-06 )))))))))))))))))))))))))))))))
.
.
2013-07-05 18:44 . 2013-07-05 18:44 -------- d-----w- c:\windows\ERUNT
2013-07-05 18:44 . 2013-07-05 18:44 -------- d-----w- C:\JRT
2013-07-04 18:12 . 2013-07-04 18:16 -------- d-----w- C:\output
2013-07-04 18:09 . 2013-07-04 18:09 -------- d-----w- C:\JPGToPDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-06 08:30 . 2013-02-17 10:34 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-06-13 06:41 . 2012-07-02 11:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-13 06:41 . 2012-07-02 11:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-01 13:04 . 2013-06-01 13:04 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-01 13:04 . 2013-06-01 13:04 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-01 13:04 . 2013-06-01 13:04 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-05-07 22:27 . 2001-10-25 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2011-12-28 10:55 385024 ------w- c:\windows\system32\html.iec
2013-05-06 18:07 . 2013-05-06 18:07 82072 ----a-w- c:\windows\cadkasdeinst01e.exe
2013-05-03 05:38 . 2001-10-25 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:38 . 2001-10-24 11:46 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 14:01 . 2001-10-25 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-02-19 17:54 . 2013-02-19 17:54 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2013-02-18 774168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20143688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-04-15 14:37 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 4:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 6:30 35552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2011 12:39 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13.9.2012 4:11 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 4:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 6:23 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 164832]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 18:21 239168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 14:05 196664]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 18:17 2489680]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 20:31 2156952]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24.6.2010 14:46 28256]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 17:18 103040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.11.2012 13:53 43648]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [16.11.2012 0:34 5814904]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.9.2012 11:47 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24.6.2010 14:46 28256]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.1.2013 18:27 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.1.2013 18:27 8576]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:41]
.
2013-07-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-11-04 14:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 90.183.12.3 90.183.12.188
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.ftp - 78.41.21.46
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 78.41.21.46
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - 78.41.21.46
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2013-05-10 21:18; foxyproxy@eric.h.jung; c:\documents and settings\uĂ…Âľivatel\Data aplikacĂÂ\Mozilla\Firefox\Profiles\5hb9nwi2.default\extensions\foxyproxy@eric.h.jung
FF - ExtSQL: 2013-05-10 21:34; proxylist@proxylists.me; c:\documents and settings\uĂ…Âľivatel\Data aplikacĂÂ\Mozilla\Firefox\Profiles\5hb9nwi2.default\extensions\proxylist@proxylists.me.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-06 10:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-07-06 10:40:37
ComboFix-quarantined-files.txt 2013-07-06 08:40
.
Před spuštěním: Volných bajtů: 15 045 136 384
Po spuštění: Volných bajtů: 15 003 201 536
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 14D01B17BDB53A97A08ACACA3D6980CF
09CE7397AF23D4C0B331B89D0297CC7E

Příspěvekod **jaro3** » 06 črc 2013 11:38

Spusť znovu RogueKiller
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.

Pak klikni na Oprava Proxy a Zpráva - otevře se log, ten sem vlož.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

mafian · Příspěvekod **mafian** » 06 črc 2013 12:04

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : uživatel [Práva správce]
Mód : Oprava Proxy -- Datum : 07/06/2013 12:03:51
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HID SVC][Skrytý od API] HKLM\[...]\CCSet\[...]\Services : S () -> NALEZENO
[HID SVC][Skrytý od API] HKLM\[...]\CS002\[...]\Services : S () -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> G:\windows\system32\config\SYSTEM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SOFTWARE
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SECURITY
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\SAM
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\windows\system32\config\DEFAULT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\123456\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\123456\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Administrator\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\Default User\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\LocalService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\NetworkService\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění
-> G:\Documents and Settings\winpostgr\NTUSER.DAT
C:\WINDOWS\system32
C:\Documents and Settings\winpostgr\Nabídka Start\Programy\Po spuštění

¤¤¤ Nákaza : ¤¤¤

Dokončeno : << RKreport[0]_PR_07062013_120351.txt >>
RKreport[0]_D_07052013_211339.txt;RKreport[0]_S_07052013_204139.txt;RKreport[0]_S_07052013_211329.txt
RKreport[0]_S_07062013_120130.txt;RKreport[0]_S_07062013_120344.txt

prosím o preventivní kontrolu hijackthis

prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Re: prosím o preventivní kontrolu hijackthis

Kdo je online