Prosím o kontrolu logu

Musky80 · Příspěvekod **Musky80** » 05 říj 2012 10:13

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:03, on 5.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\ASC\ASCService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1606980848-436374069-839522115-1004\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe" (User 'Dan')
O4 - HKUS\S-1-5-21-1606980848-436374069-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Generali')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-1606980848-436374069-839522115-1004 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Dan')
O4 - S-1-5-21-1606980848-436374069-839522115-1004 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Dan')
O4 - S-1-5-21-1606980848-436374069-839522115-1004 Startup: Zástupce - sfBot.lnk = E:\Dan\DaS\sfBot.exe (User 'Dan')
O4 - S-1-5-21-1606980848-436374069-839522115-1004 User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Dan')
O4 - S-1-5-21-1606980848-436374069-839522115-1004 User Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Dan')
O4 - S-1-5-21-1606980848-436374069-839522115-1004 User Startup: Zástupce - sfBot.lnk = E:\Dan\DaS\sfBot.exe (User 'Dan')
O8 - Extra context menu item: Otevřít soubor v PhotoME... - C:\Program Files\PhotoMEBeta\iemenuext.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://beta.appinventor.mit.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\ASC\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 7811 bytes

Reklama

Příspěvekod **Orcus** » 05 říj 2012 11:10

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Musky80 · Příspěvekod **Musky80** » 05 říj 2012 12:28

fixnuto, antimalware nic nenašel

Příspěvekod **Orcus** » 05 říj 2012 12:47

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Musky80 · Příspěvekod **Musky80** » 05 říj 2012 14:02

TDSKiller
13:32:13.0366 3188 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:32:13.0546 3188 ============================================================
13:32:13.0546 3188 Current date / time: 2012/10/05 13:32:13.0546
13:32:13.0546 3188 SystemInfo:
13:32:13.0546 3188
13:32:13.0546 3188 OS Version: 5.1.2600 ServicePack: 3.0
13:32:13.0546 3188 Product type: Workstation
13:32:13.0546 3188 ComputerName: DOMA
13:32:13.0546 3188 UserName: Tomas
13:32:13.0546 3188 Windows directory: C:\WINDOWS
13:32:13.0546 3188 System windows directory: C:\WINDOWS
13:32:13.0546 3188 Processor architecture: Intel x86
13:32:13.0546 3188 Number of processors: 1
13:32:13.0546 3188 Page size: 0x1000
13:32:13.0546 3188 Boot type: Normal boot
13:32:13.0546 3188 ============================================================
13:32:14.0447 3188 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:32:14.0477 3188 ============================================================
13:32:14.0477 3188 \Device\Harddisk0\DR0:
13:32:14.0487 3188 MBR partitions:
13:32:14.0487 3188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
13:32:14.0487 3188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50014E6, BlocksNum 0x50014E6
13:32:14.0497 3188 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xF003EF1, BlocksNum 0x5823EFA
13:32:14.0527 3188 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14827E2A, BlocksNum 0x5A026F4
13:32:14.0547 3188 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1A22A55D, BlocksNum 0x5A026F4
13:32:14.0557 3188 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x1FC2CC90, BlocksNum 0x5800A31
13:32:14.0557 3188 ============================================================
13:32:14.0597 3188 C: <-> \Device\Harddisk0\DR0\Partition1
13:32:14.0658 3188 D: <-> \Device\Harddisk0\DR0\Partition3
13:32:14.0698 3188 E: <-> \Device\Harddisk0\DR0\Partition4
13:32:14.0718 3188 F: <-> \Device\Harddisk0\DR0\Partition5
13:32:14.0738 3188 G: <-> \Device\Harddisk0\DR0\Partition6
13:32:14.0758 3188 ============================================================
13:32:14.0758 3188 Initialize success
13:32:14.0758 3188 ============================================================
13:32:18.0363 3864 ============================================================
13:32:18.0363 3864 Scan started
13:32:18.0363 3864 Mode: Manual;
13:32:18.0363 3864 ============================================================
13:32:19.0815 3864 ================ Scan system memory ========================
13:32:19.0825 3864 System memory - ok
13:32:19.0825 3864 ================ Scan services =============================
13:32:20.0025 3864 Abiosdsk - ok
13:32:20.0035 3864 abp480n5 - ok
13:32:20.0085 3864 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:32:20.0095 3864 ACPI - ok
13:32:20.0135 3864 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:32:20.0135 3864 ACPIEC - ok
13:32:20.0206 3864 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:32:20.0216 3864 AdobeFlashPlayerUpdateSvc - ok
13:32:20.0236 3864 adpu160m - ok
13:32:20.0336 3864 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\ASC\ASCService.exe
13:32:20.0366 3864 AdvancedSystemCareService5 - ok
13:32:20.0416 3864 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:32:20.0416 3864 aec - ok
13:32:20.0466 3864 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:32:20.0466 3864 AFD - ok
13:32:20.0486 3864 Aha154x - ok
13:32:20.0506 3864 aic78u2 - ok
13:32:20.0526 3864 aic78xx - ok
13:32:20.0556 3864 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:32:20.0556 3864 Alerter - ok
13:32:20.0596 3864 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
13:32:20.0606 3864 ALG - ok
13:32:20.0616 3864 AliIde - ok
13:32:20.0646 3864 [ 3980814F8027D27EA003E2E3D9D4F604 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:32:20.0656 3864 AmdK7 - ok
13:32:20.0666 3864 amsint - ok
13:32:20.0726 3864 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:32:20.0726 3864 AntiVirSchedulerService - ok
13:32:20.0766 3864 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:32:20.0776 3864 AntiVirService - ok
13:32:20.0806 3864 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:32:20.0816 3864 AppMgmt - ok
13:32:20.0826 3864 asc - ok
13:32:20.0846 3864 asc3350p - ok
13:32:20.0866 3864 asc3550 - ok
13:32:20.0957 3864 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:32:20.0967 3864 aspnet_state - ok
13:32:20.0987 3864 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:32:20.0997 3864 AsyncMac - ok
13:32:21.0017 3864 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:32:21.0027 3864 atapi - ok
13:32:21.0037 3864 Atdisk - ok
13:32:21.0097 3864 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:32:21.0117 3864 Ati HotKey Poller - ok
13:32:21.0177 3864 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
13:32:21.0197 3864 ATI Smart - ok
13:32:21.0317 3864 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:32:21.0427 3864 ati2mtag - ok
13:32:21.0477 3864 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:32:21.0477 3864 Atmarpc - ok
13:32:21.0507 3864 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:32:21.0507 3864 AudioSrv - ok
13:32:21.0547 3864 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:32:21.0547 3864 audstub - ok
13:32:21.0628 3864 [ 48AFE225A6A9BF9D2B57DE932AA0D3D7 ] AVerA706 C:\WINDOWS\system32\DRIVERS\AVerA706.sys
13:32:21.0668 3864 AVerA706 - ok
13:32:21.0728 3864 [ 598AA46847C66FBCEC039856A7F6A6FD ] AVerBDA3x C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys
13:32:21.0768 3864 AVerBDA3x - ok
13:32:21.0828 3864 [ A33C07F7527FC4CBC664C3137EB7D744 ] AVerRemote C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
13:32:21.0838 3864 AVerRemote - ok
13:32:21.0868 3864 [ B873ADD766CC4A3CC58EFF159861E649 ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
13:32:21.0888 3864 AVerScheduleService - ok
13:32:21.0948 3864 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:32:21.0948 3864 avgntflt - ok
13:32:21.0978 3864 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:32:21.0978 3864 avipbb - ok
13:32:22.0008 3864 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:32:22.0008 3864 avkmgr - ok
13:32:22.0058 3864 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:32:22.0058 3864 Beep - ok
13:32:22.0108 3864 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
13:32:22.0128 3864 BITS - ok
13:32:22.0178 3864 [ 218B3BBB1FAD634A84FB1A1BB030D956 ] Browser C:\WINDOWS\System32\browser.dll
13:32:22.0188 3864 Browser - ok
13:32:22.0218 3864 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:32:22.0218 3864 cbidf2k - ok
13:32:22.0268 3864 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:32:22.0268 3864 CCDECODE - ok
13:32:22.0289 3864 cd20xrnt - ok
13:32:22.0319 3864 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:32:22.0319 3864 Cdaudio - ok
13:32:22.0359 3864 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:32:22.0359 3864 Cdfs - ok
13:32:22.0379 3864 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:32:22.0389 3864 Cdrom - ok
13:32:22.0409 3864 Changer - ok
13:32:22.0439 3864 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:32:22.0449 3864 CiSvc - ok
13:32:22.0479 3864 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:32:22.0479 3864 ClipSrv - ok
13:32:22.0509 3864 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:22.0519 3864 clr_optimization_v2.0.50727_32 - ok
13:32:22.0589 3864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:22.0609 3864 clr_optimization_v4.0.30319_32 - ok
13:32:22.0629 3864 CmdIde - ok
13:32:22.0639 3864 COMSysApp - ok
13:32:22.0679 3864 Cpqarray - ok
13:32:22.0719 3864 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:32:22.0719 3864 CryptSvc - ok
13:32:22.0739 3864 dac2w2k - ok
13:32:22.0749 3864 dac960nt - ok
13:32:22.0809 3864 [ C0BD34A62508BA68F146E22CE45919F9 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:32:22.0819 3864 DcomLaunch - ok
13:32:22.0859 3864 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
13:32:22.0879 3864 dgderdrv - ok
13:32:22.0919 3864 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:32:22.0919 3864 Dhcp - ok
13:32:22.0959 3864 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:32:22.0969 3864 Disk - ok
13:32:22.0980 3864 dmadmin - ok
13:32:23.0030 3864 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:32:23.0050 3864 dmboot - ok
13:32:23.0070 3864 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:32:23.0080 3864 dmio - ok
13:32:23.0110 3864 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:32:23.0110 3864 dmload - ok
13:32:23.0140 3864 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:32:23.0140 3864 dmserver - ok
13:32:23.0170 3864 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:32:23.0170 3864 DMusic - ok
13:32:23.0220 3864 [ ADB285644A95431CCEDC7C706090936D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:32:23.0220 3864 Dnscache - ok
13:32:23.0250 3864 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:32:23.0250 3864 Dot3svc - ok
13:32:23.0270 3864 dpti2o - ok
13:32:23.0290 3864 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:32:23.0290 3864 drmkaud - ok
13:32:23.0320 3864 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:32:23.0330 3864 EapHost - ok
13:32:23.0370 3864 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:32:23.0370 3864 ERSvc - ok
13:32:23.0410 3864 [ A55DD7D8CED5D2624A9EE2DDA7BE0319 ] es1371 C:\WINDOWS\system32\drivers\es1371mp.sys
13:32:23.0420 3864 es1371 - ok
13:32:23.0460 3864 [ 3D107D45CCFDB266E91D84B52CD7F430 ] Eventlog C:\WINDOWS\system32\services.exe
13:32:23.0470 3864 Eventlog - ok
13:32:23.0500 3864 [ BE68EA4457E2E5717231CF91BE5448E0 ] EventSystem C:\WINDOWS\system32\es.dll
13:32:23.0500 3864 EventSystem - ok
13:32:23.0550 3864 [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat C:\WINDOWS\system32\drivers\exFat.sys
13:32:23.0550 3864 exFat - ok
13:32:23.0600 3864 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:32:23.0600 3864 Fastfat - ok
13:32:23.0630 3864 [ 54A6BF743E0517528A5064CEAEB40EA7 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:32:23.0630 3864 FastUserSwitchingCompatibility - ok
13:32:23.0660 3864 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:32:23.0660 3864 Fdc - ok
13:32:23.0681 3864 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:32:23.0681 3864 Fips - ok
13:32:23.0711 3864 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:32:23.0721 3864 Flpydisk - ok
13:32:23.0761 3864 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:32:23.0761 3864 FltMgr - ok
13:32:23.0831 3864 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:32:23.0831 3864 FontCache3.0.0.0 - ok
13:32:23.0861 3864 [ C865B83411D7347627A4BEEC22543FB1 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:32:23.0861 3864 Fs_Rec - ok
13:32:23.0891 3864 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:32:23.0891 3864 Ftdisk - ok
13:32:23.0941 3864 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:32:23.0941 3864 gameenum - ok
13:32:23.0971 3864 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
13:32:23.0971 3864 giveio - ok
13:32:23.0991 3864 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:32:24.0011 3864 Gpc - ok
13:32:24.0071 3864 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:32:24.0071 3864 helpsvc - ok
13:32:24.0121 3864 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:32:24.0121 3864 HidUsb - ok
13:32:24.0161 3864 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:32:24.0161 3864 hkmsvc - ok
13:32:24.0211 3864 [ 628DEAED75A8AA0B1F1DB6BE31B6A97A ] hotcore2 C:\WINDOWS\system32\drivers\hotcore2.sys
13:32:24.0211 3864 hotcore2 - ok
13:32:24.0221 3864 hpn - ok
13:32:24.0261 3864 [ B1EF0B98B06FA29E765A3D8FE8955079 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:32:24.0271 3864 HPZid412 - ok
13:32:24.0291 3864 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:32:24.0291 3864 HPZipr12 - ok
13:32:24.0331 3864 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:32:24.0331 3864 HPZius12 - ok
13:32:24.0361 3864 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:32:24.0372 3864 HTTP - ok
13:32:24.0412 3864 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:32:24.0422 3864 HTTPFilter - ok
13:32:24.0432 3864 i2omgmt - ok
13:32:24.0452 3864 i2omp - ok
13:32:24.0492 3864 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:32:24.0492 3864 i8042prt - ok
13:32:24.0562 3864 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:32:24.0592 3864 idsvc - ok
13:32:24.0622 3864 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:32:24.0622 3864 Imapi - ok
13:32:24.0652 3864 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:32:24.0662 3864 ImapiService - ok
13:32:24.0682 3864 ini910u - ok
13:32:24.0712 3864 IntelIde - ok
13:32:24.0742 3864 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:32:24.0742 3864 Ip6Fw - ok
13:32:24.0792 3864 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:32:24.0792 3864 IpFilterDriver - ok
13:32:24.0822 3864 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:32:24.0822 3864 IpInIp - ok
13:32:24.0852 3864 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:32:24.0862 3864 IpNat - ok
13:32:24.0892 3864 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:32:24.0892 3864 IPSec - ok
13:32:24.0942 3864 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:32:24.0942 3864 IRENUM - ok
13:32:24.0992 3864 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:32:24.0992 3864 isapnp - ok
13:32:25.0083 3864 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:32:25.0083 3864 JavaQuickStarterService - ok
13:32:25.0133 3864 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:32:25.0133 3864 Kbdclass - ok
13:32:25.0163 3864 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:32:25.0163 3864 kmixer - ok
13:32:25.0193 3864 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:32:25.0193 3864 KSecDD - ok
13:32:25.0233 3864 [ 111A41B749F0E8CD7566B4FFD613CFFE ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:32:25.0243 3864 LanmanServer - ok
13:32:25.0293 3864 [ 9A2E7EE3989AAC0079E9D23555545D52 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:32:25.0293 3864 lanmanworkstation - ok
13:32:25.0313 3864 lbrtfdc - ok
13:32:25.0363 3864 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:32:25.0363 3864 LmHosts - ok
13:32:25.0393 3864 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:32:25.0393 3864 Messenger - ok
13:32:25.0433 3864 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:32:25.0443 3864 mnmdd - ok
13:32:25.0473 3864 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:32:25.0473 3864 mnmsrvc - ok
13:32:25.0513 3864 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:32:25.0513 3864 Modem - ok
13:32:25.0563 3864 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:32:25.0563 3864 Mouclass - ok
13:32:25.0593 3864 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:32:25.0593 3864 MountMgr - ok
13:32:25.0613 3864 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
13:32:25.0623 3864 MPE - ok
13:32:25.0633 3864 mraid35x - ok
13:32:25.0663 3864 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:32:25.0673 3864 MRxDAV - ok
13:32:25.0713 3864 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:32:25.0723 3864 MRxSmb - ok
13:32:25.0764 3864 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:32:25.0764 3864 MSDTC - ok
13:32:25.0804 3864 Msfs - ok
13:32:25.0824 3864 MSIServer - ok
13:32:25.0854 3864 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:32:25.0854 3864 MSKSSRV - ok
13:32:25.0884 3864 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:32:25.0884 3864 MSPCLOCK - ok
13:32:25.0904 3864 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:32:25.0904 3864 MSPQM - ok
13:32:25.0944 3864 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:32:25.0944 3864 mssmbios - ok
13:32:25.0974 3864 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:32:25.0974 3864 MSTEE - ok
13:32:26.0004 3864 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
13:32:26.0004 3864 ms_mpu401 - ok
13:32:26.0024 3864 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:32:26.0034 3864 Mup - ok
13:32:26.0074 3864 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:32:26.0074 3864 NABTSFEC - ok
13:32:26.0104 3864 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:32:26.0124 3864 napagent - ok
13:32:26.0154 3864 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:32:26.0154 3864 NDIS - ok
13:32:26.0184 3864 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:32:26.0184 3864 NdisIP - ok
13:32:26.0204 3864 [ 091735A5F20ACB1DC147383A905AE002 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:32:26.0204 3864 NdisTapi - ok
13:32:26.0224 3864 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:32:26.0234 3864 Ndisuio - ok
13:32:26.0254 3864 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:32:26.0254 3864 NdisWan - ok
13:32:26.0274 3864 [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:32:26.0274 3864 NDProxy - ok
13:32:26.0304 3864 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:32:26.0304 3864 NetBIOS - ok
13:32:26.0334 3864 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:32:26.0344 3864 NetBT - ok
13:32:26.0374 3864 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
13:32:26.0384 3864 NetDDE - ok
13:32:26.0404 3864 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:32:26.0404 3864 NetDDEdsdm - ok
13:32:26.0444 3864 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:32:26.0444 3864 Netlogon - ok
13:32:26.0485 3864 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
13:32:26.0495 3864 Netman - ok
13:32:26.0535 3864 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:26.0545 3864 NetTcpPortSharing - ok
13:32:26.0585 3864 [ B6CEC406351EA5EF131416D5F52D006F ] Nla C:\WINDOWS\System32\mswsock.dll
13:32:26.0595 3864 Nla - ok
13:32:26.0655 3864 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
13:32:26.0665 3864 NMSAccess - ok
13:32:26.0765 3864 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:32:26.0765 3864 Npfs - ok
13:32:26.0795 3864 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:32:26.0815 3864 Ntfs - ok
13:32:26.0855 3864 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:32:26.0855 3864 NtLmSsp - ok
13:32:26.0925 3864 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:32:26.0935 3864 NtmsSvc - ok
13:32:26.0975 3864 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:32:26.0975 3864 Null - ok
13:32:27.0015 3864 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:32:27.0015 3864 NwlnkFlt - ok
13:32:27.0045 3864 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:32:27.0045 3864 NwlnkFwd - ok
13:32:27.0115 3864 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:27.0115 3864 ose - ok
13:32:27.0146 3864 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:32:27.0156 3864 Parport - ok
13:32:27.0176 3864 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:32:27.0186 3864 PartMgr - ok
13:32:27.0226 3864 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:32:27.0226 3864 ParVdm - ok
13:32:27.0256 3864 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:32:27.0256 3864 PCI - ok
13:32:27.0276 3864 PCIDump - ok
13:32:27.0296 3864 PCIIde - ok
13:32:27.0346 3864 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:32:27.0346 3864 Pcmcia - ok
13:32:27.0366 3864 PDCOMP - ok
13:32:27.0386 3864 PDFRAME - ok
13:32:27.0406 3864 PDRELI - ok
13:32:27.0416 3864 PDRFRAME - ok
13:32:27.0436 3864 perc2 - ok
13:32:27.0456 3864 perc2hib - ok
13:32:27.0516 3864 [ 3D107D45CCFDB266E91D84B52CD7F430 ] PlugPlay C:\WINDOWS\system32\services.exe
13:32:27.0516 3864 PlugPlay - ok
13:32:27.0556 3864 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
13:32:27.0566 3864 Pml Driver HPZ12 - ok
13:32:27.0576 3864 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:32:27.0576 3864 PolicyAgent - ok
13:32:27.0616 3864 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:32:27.0626 3864 PptpMiniport - ok
13:32:27.0656 3864 [ 18D9789A4664BF417EEA944D2776091A ] prodrv06 C:\WINDOWS\System32\drivers\prodrv06.sys
13:32:27.0656 3864 prodrv06 - ok
13:32:27.0706 3864 [ 8CC9671A7ED2902E747EE0892E1C8575 ] prohlp02 C:\WINDOWS\system32\drivers\prohlp02.sys
13:32:27.0706 3864 prohlp02 - ok
13:32:27.0736 3864 [ 960BCE3ED38761B446AABAC06C76BADF ] prosync1 C:\WINDOWS\system32\drivers\prosync1.sys
13:32:27.0736 3864 prosync1 - ok
13:32:27.0756 3864 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:32:27.0756 3864 ProtectedStorage - ok
13:32:27.0776 3864 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:32:27.0786 3864 PSched - ok
13:32:27.0806 3864 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:32:27.0816 3864 Ptilink - ok
13:32:27.0826 3864 [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:32:27.0826 3864 PxHelp20 - ok
13:32:27.0836 3864 ql1080 - ok
13:32:27.0857 3864 Ql10wnt - ok
13:32:27.0877 3864 ql12160 - ok
13:32:27.0887 3864 ql1240 - ok
13:32:27.0907 3864 ql1280 - ok
13:32:27.0947 3864 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:32:27.0947 3864 RasAcd - ok
13:32:27.0977 3864 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:32:27.0987 3864 RasAuto - ok
13:32:28.0017 3864 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:32:28.0017 3864 Rasl2tp - ok
13:32:28.0057 3864 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:32:28.0067 3864 RasMan - ok
13:32:28.0087 3864 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:32:28.0087 3864 RasPppoe - ok
13:32:28.0107 3864 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:32:28.0107 3864 Raspti - ok
13:32:28.0127 3864 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:32:28.0137 3864 Rdbss - ok
13:32:28.0147 3864 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:32:28.0157 3864 RDPCDD - ok
13:32:28.0177 3864 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:32:28.0187 3864 rdpdr - ok
13:32:28.0237 3864 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:32:28.0237 3864 RDPWD - ok
13:32:28.0267 3864 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:32:28.0277 3864 RDSessMgr - ok
13:32:28.0327 3864 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:32:28.0327 3864 redbook - ok
13:32:28.0367 3864 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:32:28.0377 3864 RemoteAccess - ok
13:32:28.0417 3864 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:32:28.0427 3864 RemoteRegistry - ok
13:32:28.0457 3864 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:32:28.0457 3864 RpcLocator - ok
13:32:28.0497 3864 [ C0BD34A62508BA68F146E22CE45919F9 ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:32:28.0507 3864 RpcSs - ok
13:32:28.0548 3864 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:32:28.0548 3864 RSVP - ok
13:32:28.0588 3864 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:32:28.0588 3864 RTL8023xp - ok
13:32:28.0628 3864 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:32:28.0628 3864 rtl8139 - ok
13:32:28.0658 3864 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
13:32:28.0658 3864 SamSs - ok
13:32:28.0708 3864 [ 2E533021C19AD7BB05F61982D91917CF ] sbpci C:\WINDOWS\system32\drivers\sbpci.sys
13:32:28.0728 3864 sbpci - ok
13:32:28.0758 3864 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:32:28.0768 3864 SCardSvr - ok
13:32:28.0808 3864 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:32:28.0818 3864 Schedule - ok
13:32:28.0908 3864 [ D98E936BDD4A6CFE39535F3696D0EC6F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
13:32:28.0948 3864 SDScannerService - ok
13:32:29.0028 3864 [ 2D5088524613D1ED55D20195AF42DDC7 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:32:29.0078 3864 SDUpdateService - ok
13:32:29.0108 3864 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:32:29.0128 3864 Secdrv - ok
13:32:29.0148 3864 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:32:29.0148 3864 seclogon - ok
13:32:29.0178 3864 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
13:32:29.0178 3864 SENS - ok
13:32:29.0208 3864 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:32:29.0208 3864 Serial - ok
13:32:29.0289 3864 [ 462AEE0EA0481EA8BD45CAC876A4CCC4 ] sfhlp01 C:\WINDOWS\system32\drivers\sfhlp01.sys
13:32:29.0299 3864 sfhlp01 - ok
13:32:29.0319 3864 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:32:29.0319 3864 Sfloppy - ok
13:32:29.0369 3864 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:32:29.0379 3864 SharedAccess - ok
13:32:29.0409 3864 [ 54A6BF743E0517528A5064CEAEB40EA7 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:32:29.0409 3864 ShellHWDetection - ok
13:32:29.0429 3864 Simbad - ok
13:32:29.0479 3864 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:32:29.0479 3864 SkypeUpdate - ok
13:32:29.0509 3864 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:32:29.0519 3864 SLIP - ok
13:32:29.0549 3864 Sparrow - ok
13:32:29.0589 3864 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
13:32:29.0589 3864 speedfan - ok
13:32:29.0619 3864 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:32:29.0619 3864 splitter - ok
13:32:29.0669 3864 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:32:29.0669 3864 Spooler - ok
13:32:29.0719 3864 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
13:32:29.0719 3864 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
13:32:29.0719 3864 sptd ( LockedFile.Multi.Generic ) - warning
13:32:29.0719 3864 sptd - detected LockedFile.Multi.Generic (1)
13:32:29.0749 3864 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:32:29.0759 3864 sr - ok
13:32:29.0789 3864 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
13:32:29.0789 3864 srservice - ok
13:32:29.0819 3864 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:32:29.0829 3864 Srv - ok
13:32:29.0859 3864 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:32:29.0869 3864 SSDPSRV - ok
13:32:29.0909 3864 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:32:29.0909 3864 ssmdrv - ok
13:32:29.0950 3864 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
13:32:29.0950 3864 StarOpen - ok
13:32:30.0000 3864 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:32:30.0010 3864 stisvc - ok
13:32:30.0030 3864 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:32:30.0040 3864 streamip - ok
13:32:30.0080 3864 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:32:30.0080 3864 swenum - ok
13:32:30.0120 3864 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:32:30.0120 3864 swmidi - ok
13:32:30.0150 3864 SwPrv - ok
13:32:30.0160 3864 symc810 - ok
13:32:30.0180 3864 symc8xx - ok
13:32:30.0200 3864 sym_hi - ok
13:32:30.0220 3864 sym_u3 - ok
13:32:30.0250 3864 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:32:30.0250 3864 sysaudio - ok
13:32:30.0280 3864 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:32:30.0280 3864 SysmonLog - ok
13:32:30.0320 3864 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:32:30.0330 3864 TapiSrv - ok
13:32:30.0370 3864 [ AD978A1B783B5719720CFF204B666C8E ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:32:30.0400 3864 Tcpip - ok
13:32:30.0440 3864 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:32:30.0440 3864 TDPIPE - ok
13:32:30.0470 3864 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:32:30.0470 3864 TDTCP - ok
13:32:30.0610 3864 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files\TeamViewer\TeamViewer_Service.exe
13:32:30.0701 3864 TeamViewer7 - ok
13:32:30.0741 3864 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
13:32:30.0741 3864 teamviewervpn - ok
13:32:30.0771 3864 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:32:30.0771 3864 TermDD - ok
13:32:30.0801 3864 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
13:32:30.0811 3864 TermService - ok
13:32:30.0841 3864 [ 54A6BF743E0517528A5064CEAEB40EA7 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:32:30.0851 3864 Themes - ok
13:32:30.0891 3864 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:32:30.0901 3864 TlntSvr - ok
13:32:30.0921 3864 TosIde - ok
13:32:30.0961 3864 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:32:30.0961 3864 TrkWks - ok
13:32:31.0011 3864 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:32:31.0011 3864 Udfs - ok
13:32:31.0031 3864 ultra - ok
13:32:31.0061 3864 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:32:31.0081 3864 Update - ok
13:32:31.0111 3864 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
13:32:31.0121 3864 upnphost - ok
13:32:31.0151 3864 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
13:32:31.0161 3864 UPS - ok
13:32:31.0181 3864 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:32:31.0191 3864 usbccgp - ok
13:32:31.0211 3864 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:32:31.0221 3864 usbehci - ok
13:32:31.0241 3864 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:32:31.0241 3864 usbhub - ok
13:32:31.0271 3864 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:32:31.0271 3864 usbprint - ok
13:32:31.0322 3864 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:32:31.0322 3864 usbscan - ok
13:32:31.0352 3864 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:32:31.0352 3864 USBSTOR - ok
13:32:31.0392 3864 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:32:31.0402 3864 usbuhci - ok
13:32:31.0442 3864 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:32:31.0442 3864 VgaSave - ok
13:32:31.0482 3864 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:32:31.0482 3864 viaagp - ok
13:32:31.0522 3864 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
13:32:31.0522 3864 viaagp1 - ok
13:32:31.0542 3864 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\drivers\ViaIde.sys
13:32:31.0542 3864 ViaIde - ok
13:32:31.0582 3864 [ 4CC623591204ACD5FC89BD0DAD70E838 ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
13:32:31.0582 3864 videX32 - ok
13:32:31.0602 3864 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:32:31.0602 3864 VolSnap - ok
13:32:31.0642 3864 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
13:32:31.0652 3864 VSS - ok
13:32:31.0692 3864 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
13:32:31.0702 3864 W32Time - ok
13:32:31.0732 3864 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:32:31.0742 3864 Wanarp - ok
13:32:31.0792 3864 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:32:31.0802 3864 Wdf01000 - ok
13:32:31.0822 3864 WDICA - ok
13:32:31.0852 3864 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:32:31.0862 3864 wdmaud - ok
13:32:31.0882 3864 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:32:31.0892 3864 WebClient - ok
13:32:31.0972 3864 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:32:31.0982 3864 winmgmt - ok
13:32:32.0053 3864 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:32:32.0113 3864 WinRM - ok
13:32:32.0183 3864 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:32:32.0183 3864 WmdmPmSN - ok
13:32:32.0243 3864 [ 5975317DFD597A03F4DF14CF3A1C1521 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:32:32.0263 3864 Wmi - ok
13:32:32.0303 3864 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:32:32.0313 3864 WmiApSrv - ok
13:32:32.0393 3864 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:32:32.0413 3864 WMPNetworkSvc - ok
13:32:32.0463 3864 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:32:32.0463 3864 WpdUsb - ok
13:32:32.0543 3864 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:32:32.0563 3864 WPFFontCache_v0400 - ok
13:32:32.0613 3864 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:32:32.0613 3864 wscsvc - ok
13:32:32.0643 3864 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:32:32.0643 3864 WSTCODEC - ok
13:32:32.0683 3864 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:32:32.0693 3864 wuauserv - ok
13:32:32.0714 3864 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:32:32.0714 3864 WudfPf - ok
13:32:32.0754 3864 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:32:32.0754 3864 WudfRd - ok
13:32:32.0784 3864 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:32:32.0794 3864 WudfSvc - ok
13:32:32.0834 3864 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:32:32.0844 3864 WZCSVC - ok
13:32:32.0894 3864 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:32:32.0904 3864 xmlprov - ok
13:32:32.0944 3864 ================ Scan global ===============================
13:32:32.0974 3864 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
13:32:33.0024 3864 [ 6292D47CD15A479EF4144DE38E6AE7A9 ] C:\WINDOWS\system32\winsrv.dll
13:32:33.0054 3864 [ 6292D47CD15A479EF4144DE38E6AE7A9 ] C:\WINDOWS\system32\winsrv.dll
13:32:33.0084 3864 [ 3D107D45CCFDB266E91D84B52CD7F430 ] C:\WINDOWS\system32\services.exe
13:32:33.0084 3864 [Global] - ok
13:32:33.0094 3864 ================ Scan MBR ==================================
13:32:33.0114 3864 [ 10AE9EB13951B8E206480773F877A330 ] \Device\Harddisk0\DR0
13:32:33.0144 3864 \Device\Harddisk0\DR0 - ok
13:32:33.0154 3864 ================ Scan VBR ==================================
13:32:33.0164 3864 [ BB46039039B1D0623C8B79850F6F3F1F ] \Device\Harddisk0\DR0\Partition1
13:32:33.0164 3864 \Device\Harddisk0\DR0\Partition1 - ok
13:32:33.0194 3864 [ 1FB6AF8248B61020465B59A4880A616E ] \Device\Harddisk0\DR0\Partition2
13:32:33.0194 3864 \Device\Harddisk0\DR0\Partition2 - ok
13:32:33.0224 3864 [ B674676E83A8F57A5743592BA89B1C9F ] \Device\Harddisk0\DR0\Partition3
13:32:33.0224 3864 \Device\Harddisk0\DR0\Partition3 - ok
13:32:33.0254 3864 [ 73416C06872BD50CF61C571179F362D2 ] \Device\Harddisk0\DR0\Partition4
13:32:33.0254 3864 \Device\Harddisk0\DR0\Partition4 - ok
13:32:33.0284 3864 [ 71B5C30D6B18D13340C34D9E1AD5B444 ] \Device\Harddisk0\DR0\Partition5
13:32:33.0284 3864 \Device\Harddisk0\DR0\Partition5 - ok
13:32:33.0314 3864 [ E9092A1D5F7D6F839590A0C4AAB7DDE4 ] \Device\Harddisk0\DR0\Partition6
13:32:33.0314 3864 \Device\Harddisk0\DR0\Partition6 - ok
13:32:33.0324 3864 ============================================================
13:32:33.0324 3864 Scan finished
13:32:33.0324 3864 ============================================================
13:32:33.0354 2928 Detected object count: 1
13:32:33.0354 2928 Actual detected object count: 1
13:33:59.0508 2928 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:33:59.0508 2928 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:34:01.0912 3084 Deinitialize success

Musky80 · Příspěvekod **Musky80** » 05 říj 2012 14:03

Combofix
hlásilo to aviru - ale byla vypnuta reatime ochrana
ComboFix 12-10-04.02 - Tomas 05.10.2012 13:49:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.618 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tomas\162.pdb
c:\windows\msmqinst.log
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET150.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-05 do 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 09:19 . 2012-10-05 09:19 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\Malwarebytes
2012-10-05 09:19 . 2012-10-05 09:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-10-05 09:19 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-05 09:19 . 2012-10-05 09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-05 08:05 . 2012-10-05 08:05 388096 ----a-r- c:\documents and settings\Tomas\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-05 08:05 . 2012-10-05 08:05 -------- d-----w- c:\program files\Trend Micro
2012-10-05 07:43 . 2012-10-05 07:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-10-05 07:42 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-10-05 07:42 . 2012-10-05 10:11 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-10-05 07:39 . 2012-10-05 07:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-10-05 07:39 . 2010-01-10 16:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-10-05 07:39 . 2012-10-05 07:41 -------- d-----w- c:\program files\SpywareBlaster
2012-10-04 10:41 . 2012-10-04 10:41 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\IsolatedStorage
2012-10-04 10:30 . 2012-10-04 10:45 -------- d-----w- c:\program files\COL10861
2012-10-04 10:18 . 2012-10-04 10:18 -------- d-----w- c:\windows\ShellNew
2012-10-04 10:16 . 2012-10-04 10:18 -------- d-----w- c:\program files\LibreOffice 3.6
2012-10-02 16:34 . 2012-10-02 16:34 -------- d-----w- C:\found.000
2012-09-30 11:23 . 2012-09-30 11:23 -------- d-----w- c:\documents and settings\Dan\Data aplikací\gtk-2.0
2012-09-29 17:23 . 2012-09-30 11:24 -------- d-----w- c:\documents and settings\Dan\.gimp-2.6
2012-09-29 16:52 . 2012-10-02 06:19 -------- d-----w- c:\documents and settings\Tomas\.gimp-2.6
2012-09-29 16:51 . 2012-09-29 16:51 -------- d-----w- c:\program files\GIMP-2.0
2012-09-29 16:45 . 2012-09-29 16:45 -------- d-----w- c:\program files\GTK2-Runtime
2012-09-29 16:35 . 2012-09-29 16:35 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\fontconfig
2012-09-29 16:35 . 2012-09-29 16:48 -------- d-----w- c:\documents and settings\Tomas\.gimp-2.8
2012-09-29 16:35 . 2012-09-29 16:35 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\gegl-0.2
2012-09-29 16:18 . 2012-09-29 16:18 64570 ----a-w- c:\windows\BricoPackUninst.cmd
2012-09-29 16:09 . 2012-09-29 16:18 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2012-09-29 16:04 . 2012-09-29 16:04 -------- d-----w- c:\windows\BricoPacks
2012-09-28 16:50 . 2012-09-29 18:42 -------- d-----w- c:\documents and settings\Dan\Data aplikací\.minecraft
2012-09-26 18:57 . 2012-09-26 18:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-26 18:57 . 2012-09-26 18:57 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-09-19 13:10 . 2012-09-19 13:10 -------- d-----w- c:\program files\JAP
2012-09-19 13:02 . 2012-09-19 13:02 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\HP
2012-09-19 12:46 . 2012-09-19 12:46 -------- d-----w- C:\SBPCI
2012-09-19 12:39 . 2012-09-19 12:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DriverGenius
2012-09-19 11:57 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-09-19 11:53 . 2012-09-19 11:53 -------- d-----w- c:\program files\Android
2012-09-15 09:40 . 2012-09-15 10:11 -------- d-----w- C:\Fraps
2012-09-15 08:43 . 2012-09-15 08:43 -------- d-----w- c:\program files\KompoZer
2012-09-12 12:05 . 2012-09-12 12:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-09-10 13:44 . 2012-09-19 12:41 -------- d-----w- c:\program files\DupDetector
2012-09-10 13:44 . 2012-09-10 13:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-09-05 18:19 . 2012-09-05 18:19 -------- d-----w- c:\documents and settings\Generali\temp
2012-09-05 14:03 . 2012-09-19 10:16 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 16:18 . 2008-04-14 00:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2012-09-26 18:57 . 2012-02-29 14:25 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-09-26 18:57 . 2012-02-29 10:17 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-09-26 18:57 . 2012-02-29 14:25 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-09-26 18:57 . 2012-02-29 14:25 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-09-24 11:32 . 2012-03-30 11:24 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 11:32 . 2012-02-29 11:20 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:17 . 2012-01-13 09:56 920064 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17 . 2012-01-13 09:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17 . 2012-01-13 09:55 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2012-01-13 09:55 385024 ----a-w- c:\windows\system32\html.iec
2012-08-14 16:00 . 2012-08-14 16:00 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-07 10:36 . 2012-02-29 13:41 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-07-20 15:33 . 2012-07-20 15:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-02 . F073C4D80F73BFEADAF42AE7896DDC1B . 69144 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe
[-] 2012-06-02 . F073C4D80F73BFEADAF42AE7896DDC1B . 69144 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-01-17 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\ASC\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-01-18 128512]
.
c:\documents and settings\Dan\Nabídka Start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Zástupce - sfBot.lnk - e:\dan\DaS\sfBot.exe [2012-2-29 20002816]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlý začátek s aplikací HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlý začátek s aplikací HP Photosmart Premier.lnk
backup=c:\windows\pss\Rychlý začátek s aplikací HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomas^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiCalc
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\ASC\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-08-08 17:27 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-04 21:13 136176 ----atw- c:\documents and settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 08:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-09-26 18:58 580096 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-09-28 18:18 842680 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-09-28 18:18 965560 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-09-28 18:18 309688 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-08-30 12:11 3904536 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2011-10-27 01:35 2920517 ----a-w- c:\program files\Software Informer\softinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiXkill]
2010-03-10 08:41 143360 ----a-w- c:\program files\WiXkill\WiXkill.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\eclipse-php\\eclipse-php.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [20.7.2012 19:15 30808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.7.2012 17:33 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29.2.2012 11:50 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29.2.2012 11:50 86224]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [5.10.2012 9:42 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [5.10.2012 9:42 1358360]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\TeamViewer_Service.exe [31.8.2012 16:02 2754984]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [29.2.2012 15:41 25088]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\ASC\ASCService.exe [4.10.2012 13:27 913792]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [29.2.2012 13:48 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [29.2.2012 13:48 405504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 13:24 250288]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [29.2.2012 13:22 1169920]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [17.1.2010 16:51 1171456]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [29.2.2012 16:25 20032]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:32]
.
2012-10-05 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-10-05 12:11]
.
2012-10-05 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\Game Booster\AutoUpdate.exe [2012-08-04 15:57]
.
2012-10-05 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-10-05 12:10]
.
2012-10-05 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-10-05 12:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Otevřít soubor v PhotoME... - c:\program files\PhotoMEBeta\iemenuext.html
Trusted Zone: mit.edu\beta.appinventor
TCP: DhcpNameServer = 10.70.238.221 10.70.237.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 13:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-10-05 14:00:30
ComboFix-quarantined-files.txt 2012-10-05 12:00
.
Před spuštěním: Volných bajtů: 17 568 194 560
Po spuštění: Volných bajtů: 17 714 741 248
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - E959BB6D0EA4844ECF175CDE3F6A461D

Příspěvekod **Žbeky** » 05 říj 2012 16:24

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy 2
c:\program files\SpywareBlaster
c:\documents and settings\All Users\Data aplikací\McAfee
c:\program files\Skype\Updater

File::
c:\windows\system32\sdnclean.exe
c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
c:\windows\Tasks\Game_Booster_AutoUpdate.job
c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=-
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=-
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=-
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=-

Driver::
SDScannerService
SDUpdateService
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Musky80 · Příspěvekod **Musky80** » 06 říj 2012 20:37

ComboFix 12-10-04.02 - Tomas 06.10.2012 20:04:25.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.478 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\sdnclean.exe"
"c:\windows\Tasks\Game_Booster_AutoUpdate.job"
"c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job"
"c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job"
"c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\program files\Spybot - Search & Destroy 2
c:\program files\Spybot - Search & Destroy 2\AWMOIAC.scr
c:\program files\Spybot - Search & Destroy 2\blindman.exe
c:\program files\Spybot - Search & Destroy 2\borlndmm.dll
c:\program files\Spybot - Search & Destroy 2\DEC150.bpl
c:\program files\Spybot - Search & Destroy 2\DelZip190.dll
c:\program files\Spybot - Search & Destroy 2\explorer.exe
c:\program files\Spybot - Search & Destroy 2\FRRBEE.scr
c:\program files\Spybot - Search & Destroy 2\Help\License-CE.rtf
c:\program files\Spybot - Search & Destroy 2\Help\License-PE.rtf
c:\program files\Spybot - Search & Destroy 2\Help\Spybot2.chm
c:\program files\Spybot - Search & Destroy 2\Includes\AdvWhite.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\Adware.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\AdwareC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Browserpages.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\CLSIDs.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\Cookies.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Cookies.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\Dialer.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\DialerC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Domains.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\FileScan.csbi
c:\program files\Spybot - Search & Destroy 2\Includes\GoodBanks.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\GoodBankScripts.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\HeavyDuty.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Hijackers.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\HijackersC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\HintOfTheDay.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\iPhone.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Keyloggers.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\KeyloggersC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\LASSHes.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\Logs.uts
c:\program files\Spybot - Search & Destroy 2\Includes\Malware.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\MalwareC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\OperaPlugins.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\PosOS.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\PUPS.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\PUPSC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\RegDFLinks.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\RegWatch.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\RegXLinks.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\Security.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\SecurityC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Services.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\Spybots.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\SpybotsC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Spyware.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\SpywareC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Tracks.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\Tracks.uti
c:\program files\Spybot - Search & Destroy 2\Includes\Trojans.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\TrojansC-02.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\TrojansC-03.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\TrojansC-04.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\TrojansC-05.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\TrojansC.sbi
c:\program files\Spybot - Search & Destroy 2\Includes\TTLASSH.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\URL-Blacklist.sbs
c:\program files\Spybot - Search & Destroy 2\Includes\X509White.sbs
c:\program files\Spybot - Search & Destroy 2\Jcl150.bpl
c:\program files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
c:\program files\Spybot - Search & Destroy 2\KeyInfoDB.txt
c:\program files\Spybot - Search & Destroy 2\license.key
c:\program files\Spybot - Search & Destroy 2\license.txt
c:\program files\Spybot - Search & Destroy 2\locale\ru\LC_MESSAGES\default.mo
c:\program files\Spybot - Search & Destroy 2\rtl150.bpl
c:\program files\Spybot - Search & Destroy 2\safer-networking-ius.cer
c:\program files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe
c:\program files\Spybot - Search & Destroy 2\SDECon32.dll
c:\program files\Spybot - Search & Destroy 2\SDEvents.dll
c:\program files\Spybot - Search & Destroy 2\SDFiles.exe
c:\program files\Spybot - Search & Destroy 2\SDFileScanHelper.exe
c:\program files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDHelper.dll
c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe
c:\program files\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll
c:\program files\Spybot - Search & Destroy 2\SDLists.dll
c:\program files\Spybot - Search & Destroy 2\SDLogReport.exe
c:\program files\Spybot - Search & Destroy 2\SDPhoneScan.exe
c:\program files\Spybot - Search & Destroy 2\SDPRE.exe
c:\program files\Spybot - Search & Destroy 2\SDPrepPos.exe
c:\program files\Spybot - Search & Destroy 2\SDQuarantine.exe
c:\program files\Spybot - Search & Destroy 2\SDResources.dll
c:\program files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
c:\program files\Spybot - Search & Destroy 2\SDScan.exe
c:\program files\Spybot - Search & Destroy 2\SDScanLibrary.dll
c:\program files\Spybot - Search & Destroy 2\SDSettings.exe
c:\program files\Spybot - Search & Destroy 2\SDShred.exe
c:\program files\Spybot - Search & Destroy 2\SDSysRepair.exe
c:\program files\Spybot - Search & Destroy 2\SDTasks.dll
c:\program files\Spybot - Search & Destroy 2\SDTools.exe
c:\program files\Spybot - Search & Destroy 2\SDTray.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDWelcome.exe
c:\program files\Spybot - Search & Destroy 2\SDWinLogon.dll
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\program files\Spybot - Search & Destroy 2\snlBase150.bpl
c:\program files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
c:\program files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
c:\program files\Spybot - Search & Destroy 2\sqlite3.dll
c:\program files\Spybot - Search & Destroy 2\TDOUVGE.scr
c:\program files\Spybot - Search & Destroy 2\Tools.dll
c:\program files\Spybot - Search & Destroy 2\unins000.dat
c:\program files\Spybot - Search & Destroy 2\unins000.exe
c:\program files\Spybot - Search & Destroy 2\unins000.msg
c:\program files\Spybot - Search & Destroy 2\UninsSrv.dll
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\AdvWhite.sbs-20101129.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\AdwareC.sbi-20120918.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\CLSIDs.sbs-20110301.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\MalwareC.sbi-20120917.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\SDHelper.dll-2.0.9.88.lzs
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\SDWSCSvc.exe-2.0.8.2.lzs
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\Spyware.sbi-20120905.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\SpywareC.sbi-20120904.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\Tracks.sbi-20110607.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\Tracks.uti-20100308.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\TrojansC-02.sbi-20120918.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\TrojansC-03.sbi-20120917.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\TrojansC-04.sbi-20120928.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\TrojansC-05.sbi-20120831.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\TrojansC.sbi-20120907.cab
c:\program files\Spybot - Search & Destroy 2\Updates\Downloads\updates.uid
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\AdvWhite.sbs
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\AdwareC.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\CLSIDs.sbs
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\MalwareC.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\SDHelper.dll
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\SDWSCSvc.exe
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\Spyware.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\SpywareC.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\Tracks.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\Tracks.uti
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\TrojansC-02.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\TrojansC-03.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\TrojansC-04.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\TrojansC-05.sbi
c:\program files\Spybot - Search & Destroy 2\Updates\Extracts\TrojansC.sbi
c:\program files\Spybot - Search & Destroy 2\vcl150.bpl
c:\program files\Spybot - Search & Destroy 2\vclie150.bpl
c:\program files\Spybot - Search & Destroy 2\vclimg150.bpl
c:\program files\Spybot - Search & Destroy 2\vclx150.bpl
c:\program files\Spybot - Search & Destroy 2\xcacls.exe
c:\program files\Spybot - Search & Destroy 2\ZMstr190DXE.bpl
c:\program files\SpywareBlaster
c:\program files\SpywareBlaster\ckdatabase.dtb
c:\program files\SpywareBlaster\license.txt
c:\program files\SpywareBlaster\MSCOMCTL.OCX
c:\program files\SpywareBlaster\readme.txt
c:\program files\SpywareBlaster\rsdatabase.dtb
c:\program files\SpywareBlaster\sbautoupdate.exe
c:\program files\SpywareBlaster\sbdatabase.dtb
c:\program files\SpywareBlaster\sbdatabase2.dtb
c:\program files\SpywareBlaster\sbdatabaseinf.dtb
c:\program files\SpywareBlaster\sbdatabaseinf2.dtb
c:\program files\SpywareBlaster\sbhelp.chm
c:\program files\SpywareBlaster\sbinfo.dtb
c:\program files\SpywareBlaster\sburlhelper.exe
c:\program files\SpywareBlaster\sbversion5.txt
c:\program files\SpywareBlaster\spywareblaster.exe
c:\program files\SpywareBlaster\SQLite3SB.dll
c:\program files\SpywareBlaster\unins000.dat
c:\program files\SpywareBlaster\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SDSCANNERSERVICE
-------\Legacy_SDUPDATESERVICE
-------\Legacy_SKYPEUPDATE
-------\Service_SDScannerService
-------\Service_SDUpdateService
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-06 do 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 17:25 . 2012-10-06 17:25 -------- d-----w- c:\documents and settings\Generali\Data aplikací\GHISLER
2012-10-05 09:19 . 2012-10-05 09:19 -------- d-----w- c:\documents and settings\Tomas\Data aplikací\Malwarebytes
2012-10-05 09:19 . 2012-10-05 09:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-10-05 09:19 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-05 09:19 . 2012-10-05 09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-05 08:05 . 2012-10-05 08:05 388096 ----a-r- c:\documents and settings\Tomas\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-05 08:05 . 2012-10-05 08:05 -------- d-----w- c:\program files\Trend Micro
2012-10-05 07:43 . 2012-10-05 07:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-10-05 07:42 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-10-05 07:39 . 2012-10-05 07:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-10-05 07:39 . 2010-01-10 16:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-10-04 10:41 . 2012-10-04 10:41 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\IsolatedStorage
2012-10-04 10:30 . 2012-10-04 10:45 -------- d-----w- c:\program files\COL10861
2012-10-04 10:18 . 2012-10-04 10:18 -------- d-----w- c:\windows\ShellNew
2012-10-04 10:16 . 2012-10-04 10:18 -------- d-----w- c:\program files\LibreOffice 3.6
2012-10-02 16:34 . 2012-10-02 16:34 -------- d-----w- C:\found.000
2012-09-30 11:23 . 2012-09-30 11:23 -------- d-----w- c:\documents and settings\Dan\Data aplikací\gtk-2.0
2012-09-29 17:23 . 2012-09-30 11:24 -------- d-----w- c:\documents and settings\Dan\.gimp-2.6
2012-09-29 16:52 . 2012-10-02 06:19 -------- d-----w- c:\documents and settings\Tomas\.gimp-2.6
2012-09-29 16:51 . 2012-09-29 16:51 -------- d-----w- c:\program files\GIMP-2.0
2012-09-29 16:45 . 2012-09-29 16:45 -------- d-----w- c:\program files\GTK2-Runtime
2012-09-29 16:35 . 2012-09-29 16:35 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\fontconfig
2012-09-29 16:35 . 2012-09-29 16:48 -------- d-----w- c:\documents and settings\Tomas\.gimp-2.8
2012-09-29 16:35 . 2012-09-29 16:35 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\gegl-0.2
2012-09-29 16:18 . 2012-09-29 16:18 64570 ----a-w- c:\windows\BricoPackUninst.cmd
2012-09-29 16:09 . 2012-09-29 16:18 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2012-09-29 16:04 . 2012-09-29 16:04 -------- d-----w- c:\windows\BricoPacks
2012-09-28 16:50 . 2012-09-29 18:42 -------- d-----w- c:\documents and settings\Dan\Data aplikací\.minecraft
2012-09-26 18:57 . 2012-09-26 18:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-26 18:57 . 2012-09-26 18:57 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-09-19 13:10 . 2012-09-19 13:10 -------- d-----w- c:\program files\JAP
2012-09-19 13:02 . 2012-09-19 13:02 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\HP
2012-09-19 12:46 . 2012-09-19 12:46 -------- d-----w- C:\SBPCI
2012-09-19 12:39 . 2012-09-19 12:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DriverGenius
2012-09-19 11:57 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-09-19 11:53 . 2012-09-19 11:53 -------- d-----w- c:\program files\Android
2012-09-15 09:40 . 2012-09-15 10:11 -------- d-----w- C:\Fraps
2012-09-15 08:43 . 2012-09-15 08:43 -------- d-----w- c:\program files\KompoZer
2012-09-12 12:05 . 2012-09-12 12:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-09-10 13:44 . 2012-09-19 12:41 -------- d-----w- c:\program files\DupDetector
2012-09-10 13:44 . 2012-09-10 13:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 16:18 . 2008-04-14 00:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2012-09-26 18:57 . 2012-02-29 14:25 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-09-26 18:57 . 2012-02-29 10:17 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-09-26 18:57 . 2012-02-29 14:25 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-09-26 18:57 . 2012-02-29 14:25 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-09-24 11:32 . 2012-03-30 11:24 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 11:32 . 2012-02-29 11:20 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:17 . 2012-01-13 09:56 920064 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17 . 2012-01-13 09:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17 . 2012-01-13 09:55 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2012-01-13 09:55 385024 ----a-w- c:\windows\system32\html.iec
2012-08-14 16:00 . 2012-08-14 16:00 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-08-07 10:36 . 2012-02-29 13:41 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-07-20 15:33 . 2012-07-20 15:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-02 . F073C4D80F73BFEADAF42AE7896DDC1B . 69144 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe
[-] 2012-06-02 . F073C4D80F73BFEADAF42AE7896DDC1B . 69144 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-01-17 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\ASC\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-01-18 128512]
.
c:\documents and settings\Dan\Nabídka Start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Zástupce - sfBot.lnk - e:\dan\DaS\sfBot.exe [2012-2-29 20002816]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlý začátek s aplikací HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlý začátek s aplikací HP Photosmart Premier.lnk
backup=c:\windows\pss\Rychlý začátek s aplikací HP Photosmart Premier.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomas^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\ASC\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-08-08 17:27 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-04 21:13 136176 ----atw- c:\documents and settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 08:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-09-26 18:58 580096 ----a-w- c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-09-28 18:18 842680 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-09-28 18:18 965560 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-09-28 18:18 309688 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2011-10-27 01:35 2920517 ----a-w- c:\program files\Software Informer\softinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiXkill]
2010-03-10 08:41 143360 ----a-w- c:\program files\WiXkill\WiXkill.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\eclipse-php\\eclipse-php.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [20.7.2012 19:15 30808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.7.2012 17:33 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29.2.2012 11:50 36000]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\ASC\ASCService.exe [4.10.2012 13:27 913792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29.2.2012 11:50 86224]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [29.2.2012 13:48 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [29.2.2012 13:48 405504]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\TeamViewer_Service.exe [31.8.2012 16:02 2754984]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [29.2.2012 15:41 25088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 13:24 250288]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [29.2.2012 13:22 1169920]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [17.1.2010 16:51 1171456]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [29.2.2012 16:25 20032]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:32]
.
2012-10-06 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\Game Booster\AutoUpdate.exe [2012-08-04 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Otevřít soubor v PhotoME... - c:\program files\PhotoMEBeta\iemenuext.html
Trusted Zone: mit.edu\beta.appinventor
TCP: DhcpNameServer = 10.70.238.221 10.70.237.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-SpywareBlaster_is1 - c:\program files\SpywareBlaster\unins000.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 - c:\program files\Spybot - Search & Destroy 2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Celkový čas: 2012-10-06 20:35:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-06 18:34
ComboFix2.txt 2012-10-05 12:00
.
Před spuštěním: Volných bajtů: 17 703 960 576
Po spuštění: Volných bajtů: 17 494 298 624
.
- - End Of File - - 1E86A2684E69155BD42251EA857BE4C5

Příspěvekod **Žbeky** » 06 říj 2012 23:05

Odinstaluj Spybot

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online