avast! a Centrum zabezpečení systému Windows - VIR?

Rostex77 · Příspěvekod **Rostex77** » 30 říj 2012 16:24

Zdravím, dnes po zapnutí PC mi vyskočila hláška z Centra zabezpečení systému Windows, že nebyla nalezena ochrana proti virům. Avast neaktualizoval program, jen databázi, tak jsem to chtěl udělat za něj, ale nepodařilo se to - hláška zůstala. Pak jsem spustil placený a registrovaný účetní program, ale ten mi nenajel (tím vás nechci otravovat, zadám to k nim do tech. podpory). Vše ostatní zdá se funguje jak má. Mám dotaz, zda se nemůže jednat o nějaký vir, který se případně spustil se změnou času, nebo já nevím nejsem odborník, ale od soboty do dnes na PC nikdo nebyl. Díval jsem se zde na nějaká doporučení tak jsem udělal toto: projel jsem PC postupně těmito programy Malwarebytes Anti-Malware, tdsskiller, ComboFix a HiJackThis. A rád bych Vás poprosil, zda se můžete podívat na jejich logy a případně mi doporučit co dělat. Děkuji za informace.
PS: Jak účetní program tak avast jsem odinstaloval, proto nebudou v těch lozích uváděny.

Log z Malwarebytes Anti-Malware:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.10.30.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
rosta :: ATHLON [administrátor]

30.10.2012 14:31:38
mbam-log-2012-10-30 (14-31-38).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 227363
Uplynulý čas: 2 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Log z tdsskiller:
14:34:40.0609 2888 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:34:40.0625 2888 ============================================================
14:34:40.0625 2888 Current date / time: 2012/10/30 14:34:40.0625
14:34:40.0625 2888 SystemInfo:
14:34:40.0625 2888
14:34:40.0625 2888 OS Version: 5.1.2600 ServicePack: 3.0
14:34:40.0625 2888 Product type: Workstation
14:34:40.0625 2888 ComputerName: ATHLON
14:34:40.0625 2888 UserName: rosta
14:34:40.0625 2888 Windows directory: C:\WINDOWS
14:34:40.0625 2888 System windows directory: C:\WINDOWS
14:34:40.0625 2888 Processor architecture: Intel x86
14:34:40.0625 2888 Number of processors: 2
14:34:40.0625 2888 Page size: 0x1000
14:34:40.0625 2888 Boot type: Normal boot
14:34:40.0625 2888 ============================================================
14:34:41.0578 2888 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:34:41.0578 2888 ============================================================
14:34:41.0578 2888 \Device\Harddisk0\DR0:
14:34:41.0578 2888 MBR partitions:
14:34:41.0578 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
14:34:41.0593 2888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x124F6BF3
14:34:41.0609 2888 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AB95209, BlocksNum 0xF7EBB77
14:34:41.0609 2888 ============================================================
14:34:41.0640 2888 C: <-> \Device\Harddisk0\DR0\Partition1
14:34:41.0656 2888 D: <-> \Device\Harddisk0\DR0\Partition2
14:34:41.0687 2888 E: <-> \Device\Harddisk0\DR0\Partition3
14:34:41.0734 2888 ============================================================
14:34:41.0734 2888 Initialize success
14:34:41.0734 2888 ============================================================
14:34:45.0359 2908 ============================================================
14:34:45.0359 2908 Scan started
14:34:45.0359 2908 Mode: Manual;
14:34:45.0359 2908 ============================================================
14:34:46.0218 2908 ================ Scan system memory ========================
14:34:46.0218 2908 System memory - ok
14:34:46.0218 2908 ================ Scan services =============================
14:34:46.0328 2908 Abiosdsk - ok
14:34:46.0328 2908 abp480n5 - ok
14:34:46.0359 2908 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:34:46.0359 2908 ACPI - ok
14:34:46.0390 2908 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:34:46.0390 2908 ACPIEC - ok
14:34:46.0468 2908 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:34:46.0468 2908 AdobeFlashPlayerUpdateSvc - ok
14:34:46.0484 2908 adpu160m - ok
14:34:46.0562 2908 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:34:46.0562 2908 aec - ok
14:34:46.0609 2908 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
14:34:46.0609 2908 Afc - ok
14:34:46.0687 2908 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:34:46.0687 2908 AFD - ok
14:34:46.0687 2908 Aha154x - ok
14:34:46.0687 2908 aic78u2 - ok
14:34:46.0703 2908 aic78xx - ok
14:34:46.0734 2908 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:34:46.0734 2908 Alerter - ok
14:34:46.0750 2908 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
14:34:46.0750 2908 ALG - ok
14:34:46.0750 2908 AliIde - ok
14:34:46.0781 2908 [ FCFFA85CFD4BF7A4711012847048DCA3 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:34:46.0781 2908 AmdK8 - ok
14:34:46.0781 2908 amsint - ok
14:34:46.0812 2908 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:34:46.0812 2908 AppMgmt - ok
14:34:46.0828 2908 asc - ok
14:34:46.0828 2908 asc3350p - ok
14:34:46.0828 2908 asc3550 - ok
14:34:46.0890 2908 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:34:46.0890 2908 aspnet_state - ok
14:34:46.0906 2908 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:34:46.0906 2908 AsyncMac - ok
14:34:46.0921 2908 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:34:46.0937 2908 atapi - ok
14:34:46.0937 2908 Atdisk - ok
14:34:46.0968 2908 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
14:34:46.0968 2908 atksgt - ok
14:34:46.0984 2908 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:34:46.0984 2908 Atmarpc - ok
14:34:47.0015 2908 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:34:47.0015 2908 AudioSrv - ok
14:34:47.0031 2908 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:34:47.0031 2908 audstub - ok
14:34:47.0062 2908 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:34:47.0062 2908 Beep - ok
14:34:47.0078 2908 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
14:34:47.0078 2908 BITS - ok
14:34:47.0109 2908 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
14:34:47.0109 2908 Browser - ok
14:34:47.0218 2908 catchme - ok
14:34:47.0250 2908 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:34:47.0250 2908 cbidf2k - ok
14:34:47.0250 2908 cd20xrnt - ok
14:34:47.0265 2908 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:34:47.0265 2908 Cdaudio - ok
14:34:47.0281 2908 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:34:47.0281 2908 Cdfs - ok
14:34:47.0281 2908 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:34:47.0281 2908 Cdrom - ok
14:34:47.0281 2908 Changer - ok
14:34:47.0312 2908 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:34:47.0312 2908 CiSvc - ok
14:34:47.0328 2908 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:34:47.0328 2908 ClipSrv - ok
14:34:47.0359 2908 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:34:47.0359 2908 clr_optimization_v2.0.50727_32 - ok
14:34:47.0375 2908 CmdIde - ok
14:34:47.0375 2908 COMSysApp - ok
14:34:47.0375 2908 Cpqarray - ok
14:34:47.0421 2908 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:34:47.0421 2908 CryptSvc - ok
14:34:47.0484 2908 [ F054744F67576A01139885173392502B ] CrystalSysInfo D:\Program Files\MediaCoder\SysInfo.sys
14:34:47.0484 2908 CrystalSysInfo - ok
14:34:47.0484 2908 dac2w2k - ok
14:34:47.0500 2908 dac960nt - ok
14:34:47.0531 2908 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:34:47.0531 2908 DcomLaunch - ok
14:34:47.0562 2908 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:34:47.0562 2908 DgiVecp - ok
14:34:47.0578 2908 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:34:47.0578 2908 Dhcp - ok
14:34:47.0578 2908 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:34:47.0578 2908 Disk - ok
14:34:47.0593 2908 dmadmin - ok
14:34:47.0640 2908 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:34:47.0640 2908 dmboot - ok
14:34:47.0656 2908 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:34:47.0656 2908 dmio - ok
14:34:47.0671 2908 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:34:47.0671 2908 dmload - ok
14:34:47.0687 2908 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:34:47.0687 2908 dmserver - ok
14:34:47.0703 2908 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:34:47.0703 2908 DMusic - ok
14:34:47.0718 2908 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:34:47.0718 2908 Dnscache - ok
14:34:47.0734 2908 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:34:47.0734 2908 Dot3svc - ok
14:34:47.0750 2908 dpti2o - ok
14:34:47.0765 2908 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:34:47.0765 2908 drmkaud - ok
14:34:47.0796 2908 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
14:34:47.0796 2908 dtsoftbus01 - ok
14:34:47.0796 2908 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:34:47.0796 2908 EapHost - ok
14:34:47.0828 2908 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:34:47.0828 2908 ERSvc - ok
14:34:47.0859 2908 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
14:34:47.0859 2908 Eventlog - ok
14:34:47.0890 2908 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
14:34:47.0890 2908 EventSystem - ok
14:34:47.0906 2908 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:34:47.0906 2908 Fastfat - ok
14:34:47.0937 2908 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:34:47.0937 2908 FastUserSwitchingCompatibility - ok
14:34:47.0953 2908 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:34:47.0953 2908 Fdc - ok
14:34:47.0953 2908 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:34:47.0953 2908 Fips - ok
14:34:47.0968 2908 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:34:47.0968 2908 Flpydisk - ok
14:34:48.0015 2908 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:34:48.0015 2908 FltMgr - ok
14:34:48.0062 2908 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:34:48.0062 2908 FontCache3.0.0.0 - ok
14:34:48.0062 2908 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:34:48.0062 2908 Fs_Rec - ok
14:34:48.0078 2908 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:34:48.0078 2908 Ftdisk - ok
14:34:48.0078 2908 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:34:48.0078 2908 Gpc - ok
14:34:48.0171 2908 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:34:48.0171 2908 gupdate - ok
14:34:48.0171 2908 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:34:48.0171 2908 gupdatem - ok
14:34:48.0203 2908 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:34:48.0203 2908 HDAudBus - ok
14:34:48.0250 2908 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:34:48.0250 2908 helpsvc - ok
14:34:48.0281 2908 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:34:48.0281 2908 HidServ - ok
14:34:48.0281 2908 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:34:48.0281 2908 hidusb - ok
14:34:48.0296 2908 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:34:48.0312 2908 hkmsvc - ok
14:34:48.0312 2908 hpn - ok
14:34:48.0343 2908 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:34:48.0343 2908 HPZid412 - ok
14:34:48.0359 2908 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:34:48.0359 2908 HPZipr12 - ok
14:34:48.0359 2908 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:34:48.0359 2908 HPZius12 - ok
14:34:48.0390 2908 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:34:48.0406 2908 HTTP - ok
14:34:48.0421 2908 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:34:48.0421 2908 HTTPFilter - ok
14:34:48.0421 2908 i2omgmt - ok
14:34:48.0437 2908 i2omp - ok
14:34:48.0468 2908 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:34:48.0468 2908 i8042prt - ok
14:34:48.0546 2908 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:34:48.0546 2908 IDriverT - ok
14:34:48.0593 2908 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:34:48.0593 2908 idsvc - ok
14:34:48.0609 2908 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:34:48.0609 2908 Imapi - ok
14:34:48.0640 2908 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:34:48.0640 2908 ImapiService - ok
14:34:48.0640 2908 ini910u - ok
14:34:48.0640 2908 IntelIde - ok
14:34:48.0671 2908 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:34:48.0671 2908 Ip6Fw - ok
14:34:48.0703 2908 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:34:48.0703 2908 IpFilterDriver - ok
14:34:48.0718 2908 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:34:48.0718 2908 IpInIp - ok
14:34:48.0734 2908 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:34:48.0734 2908 IpNat - ok
14:34:48.0750 2908 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:34:48.0750 2908 IPSec - ok
14:34:48.0765 2908 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:34:48.0765 2908 IRENUM - ok
14:34:48.0781 2908 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:34:48.0781 2908 isapnp - ok
14:34:48.0843 2908 [ 09417134F248DFCEEA15C72BCC87F592 ] JavaQuickStarterService C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
14:34:48.0843 2908 JavaQuickStarterService - ok
14:34:48.0859 2908 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:34:48.0859 2908 Kbdclass - ok
14:34:48.0875 2908 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:34:48.0875 2908 kmixer - ok
14:34:48.0906 2908 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:34:48.0906 2908 KSecDD - ok
14:34:48.0937 2908 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:34:48.0937 2908 lanmanserver - ok
14:34:48.0968 2908 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:34:48.0968 2908 lanmanworkstation - ok
14:34:48.0984 2908 Lbd - ok
14:34:48.0984 2908 lbrtfdc - ok
14:34:49.0000 2908 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
14:34:49.0000 2908 lirsgt - ok
14:34:49.0015 2908 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:34:49.0015 2908 LmHosts - ok
14:34:49.0046 2908 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:34:49.0046 2908 Messenger - ok
14:34:49.0062 2908 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:34:49.0062 2908 mnmdd - ok
14:34:49.0062 2908 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:34:49.0062 2908 mnmsrvc - ok
14:34:49.0078 2908 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:34:49.0078 2908 Modem - ok
14:34:49.0109 2908 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
14:34:49.0125 2908 monfilt - ok
14:34:49.0140 2908 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:34:49.0140 2908 Mouclass - ok
14:34:49.0140 2908 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:34:49.0140 2908 mouhid - ok
14:34:49.0140 2908 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:34:49.0140 2908 MountMgr - ok
14:34:49.0156 2908 mraid35x - ok
14:34:49.0156 2908 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:34:49.0156 2908 MRxDAV - ok
14:34:49.0187 2908 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:34:49.0203 2908 MRxSmb - ok
14:34:49.0218 2908 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:34:49.0218 2908 MSDTC - ok
14:34:49.0250 2908 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:34:49.0250 2908 Msfs - ok
14:34:49.0250 2908 MSIServer - ok
14:34:49.0265 2908 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:34:49.0265 2908 MSKSSRV - ok
14:34:49.0265 2908 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:34:49.0265 2908 MSPCLOCK - ok
14:34:49.0281 2908 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:34:49.0281 2908 MSPQM - ok
14:34:49.0281 2908 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:34:49.0281 2908 mssmbios - ok
14:34:49.0296 2908 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:34:49.0312 2908 MTsensor - ok
14:34:49.0312 2908 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:34:49.0328 2908 Mup - ok
14:34:49.0343 2908 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:34:49.0343 2908 napagent - ok
14:34:49.0359 2908 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:34:49.0359 2908 NDIS - ok
14:34:49.0375 2908 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:34:49.0375 2908 NdisTapi - ok
14:34:49.0390 2908 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:34:49.0390 2908 Ndisuio - ok
14:34:49.0406 2908 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:34:49.0406 2908 NdisWan - ok
14:34:49.0421 2908 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:34:49.0421 2908 NDProxy - ok
14:34:49.0500 2908 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:34:49.0500 2908 Nero BackItUp Scheduler 4.0 - ok
14:34:49.0531 2908 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:34:49.0531 2908 Net Driver HPZ12 - ok
14:34:49.0546 2908 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:34:49.0546 2908 NetBIOS - ok
14:34:49.0546 2908 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:34:49.0546 2908 NetBT - ok
14:34:49.0578 2908 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:34:49.0578 2908 NetDDE - ok
14:34:49.0578 2908 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:34:49.0578 2908 NetDDEdsdm - ok
14:34:49.0609 2908 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:34:49.0609 2908 Netlogon - ok
14:34:49.0625 2908 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
14:34:49.0625 2908 Netman - ok
14:34:49.0656 2908 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:34:49.0656 2908 NetTcpPortSharing - ok
14:34:49.0687 2908 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
14:34:49.0687 2908 Nla - ok
14:34:49.0703 2908 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:34:49.0703 2908 Npfs - ok
14:34:49.0718 2908 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:34:49.0718 2908 Ntfs - ok
14:34:49.0718 2908 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:34:49.0718 2908 NtLmSsp - ok
14:34:49.0750 2908 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:34:49.0750 2908 NtmsSvc - ok
14:34:49.0765 2908 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:34:49.0765 2908 Null - ok
14:34:50.0000 2908 [ 68B8C35782FFD20973524F748234B5A9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:34:50.0062 2908 nv - ok
14:34:50.0078 2908 [ 70217A23470F4BB4C8FB4ABE06813081 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:34:50.0078 2908 NVENETFD - ok
14:34:50.0109 2908 [ BE8513730653384939A4D2D977C81027 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:34:50.0109 2908 nvnetbus - ok
14:34:50.0125 2908 [ FFD30DAAF62D605069F6EB42D2E807C3 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
14:34:50.0140 2908 NVSvc - ok
14:34:50.0203 2908 [ 210EE09CB9C2655E55BD48D851369DC1 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:34:50.0203 2908 nvUpdatusService - ok
14:34:50.0234 2908 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:34:50.0234 2908 NwlnkFlt - ok
14:34:50.0250 2908 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:34:50.0250 2908 NwlnkFwd - ok
14:34:50.0296 2908 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
14:34:50.0296 2908 OpenVPNService - ok
14:34:50.0343 2908 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:34:50.0343 2908 ose - ok
14:34:50.0343 2908 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:34:50.0343 2908 Parport - ok
14:34:50.0359 2908 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:34:50.0359 2908 PartMgr - ok
14:34:50.0375 2908 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:34:50.0390 2908 ParVdm - ok
14:34:50.0390 2908 pccsmcfd - ok
14:34:50.0390 2908 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:34:50.0390 2908 PCI - ok
14:34:50.0406 2908 PCIDump - ok
14:34:50.0421 2908 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:34:50.0421 2908 PCIIde - ok
14:34:50.0437 2908 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:34:50.0437 2908 Pcmcia - ok
14:34:50.0437 2908 PDCOMP - ok
14:34:50.0453 2908 PDFRAME - ok
14:34:50.0453 2908 PDRELI - ok
14:34:50.0453 2908 PDRFRAME - ok
14:34:50.0468 2908 perc2 - ok
14:34:50.0468 2908 perc2hib - ok
14:34:50.0515 2908 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
14:34:50.0515 2908 PLFlash DeviceIoControl Service - ok
14:34:50.0531 2908 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
14:34:50.0531 2908 PlugPlay - ok
14:34:50.0546 2908 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:34:50.0546 2908 Pml Driver HPZ12 - ok
14:34:50.0546 2908 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:34:50.0546 2908 PolicyAgent - ok
14:34:50.0546 2908 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:34:50.0546 2908 PptpMiniport - ok
14:34:50.0562 2908 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:34:50.0562 2908 Processor - ok
14:34:50.0578 2908 [ 44486ECB7433CE606A2B3742B73A09B3 ] prodrv06 C:\WINDOWS\System32\drivers\prodrv06.sys
14:34:50.0578 2908 prodrv06 - ok
14:34:50.0593 2908 [ B30DFDE3429418ED53B354EF7ABEF5B5 ] prohlp02 C:\WINDOWS\system32\drivers\prohlp02.sys
14:34:50.0593 2908 prohlp02 - ok
14:34:50.0593 2908 [ 1626F275F026FB7808DE35EF0762539F ] prosync1 C:\WINDOWS\system32\drivers\prosync1.sys
14:34:50.0593 2908 prosync1 - ok
14:34:50.0609 2908 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:34:50.0609 2908 ProtectedStorage - ok
14:34:50.0609 2908 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:34:50.0609 2908 PSched - ok
14:34:50.0625 2908 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:34:50.0625 2908 Ptilink - ok
14:34:50.0640 2908 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:34:50.0640 2908 PxHelp20 - ok
14:34:50.0656 2908 ql1080 - ok
14:34:50.0656 2908 Ql10wnt - ok
14:34:50.0656 2908 ql12160 - ok
14:34:50.0656 2908 ql1240 - ok
14:34:50.0671 2908 ql1280 - ok
14:34:50.0671 2908 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:34:50.0671 2908 RasAcd - ok
14:34:50.0687 2908 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:34:50.0687 2908 RasAuto - ok
14:34:50.0703 2908 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:34:50.0703 2908 Rasl2tp - ok
14:34:50.0734 2908 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:34:50.0734 2908 RasMan - ok
14:34:50.0750 2908 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:34:50.0750 2908 RasPppoe - ok
14:34:50.0750 2908 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:34:50.0750 2908 Raspti - ok
14:34:50.0765 2908 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:34:50.0765 2908 Rdbss - ok
14:34:50.0765 2908 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:34:50.0765 2908 RDPCDD - ok
14:34:50.0781 2908 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:34:50.0781 2908 rdpdr - ok
14:34:50.0812 2908 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:34:50.0812 2908 RDPWD - ok
14:34:50.0843 2908 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:34:50.0843 2908 RDSessMgr - ok
14:34:50.0859 2908 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:34:50.0859 2908 redbook - ok
14:34:50.0890 2908 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:34:50.0890 2908 RemoteAccess - ok
14:34:50.0906 2908 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:34:50.0906 2908 RemoteRegistry - ok
14:34:50.0921 2908 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
14:34:50.0921 2908 RpcLocator - ok
14:34:50.0937 2908 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:34:50.0953 2908 RpcSs - ok
14:34:50.0968 2908 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:34:50.0968 2908 RSVP - ok
14:34:50.0968 2908 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
14:34:50.0968 2908 SamSs - ok
14:34:50.0984 2908 SBRE - ok
14:34:51.0000 2908 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:34:51.0000 2908 SCardSvr - ok
14:34:51.0031 2908 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:34:51.0031 2908 Schedule - ok
14:34:51.0046 2908 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:34:51.0046 2908 Secdrv - ok
14:34:51.0078 2908 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:34:51.0078 2908 seclogon - ok
14:34:51.0109 2908 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
14:34:51.0109 2908 SENS - ok
14:34:51.0109 2908 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:34:51.0109 2908 serenum - ok
14:34:51.0125 2908 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:34:51.0125 2908 Serial - ok
14:34:51.0125 2908 Sfloppy - ok
14:34:51.0156 2908 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:34:51.0156 2908 SharedAccess - ok
14:34:51.0171 2908 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:34:51.0171 2908 ShellHWDetection - ok
14:34:51.0171 2908 Simbad - ok
14:34:51.0203 2908 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:34:51.0203 2908 SkypeUpdate - ok
14:34:51.0203 2908 Sparrow - ok
14:34:51.0218 2908 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:34:51.0218 2908 splitter - ok
14:34:51.0250 2908 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:34:51.0250 2908 Spooler - ok
14:34:51.0250 2908 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:34:51.0250 2908 sr - ok
14:34:51.0281 2908 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
14:34:51.0281 2908 srservice - ok
14:34:51.0312 2908 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:34:51.0312 2908 Srv - ok
14:34:51.0328 2908 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:34:51.0343 2908 SSDPSRV - ok
14:34:51.0343 2908 SSPORT - ok
14:34:51.0359 2908 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:34:51.0359 2908 stisvc - ok
14:34:51.0359 2908 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:34:51.0359 2908 swenum - ok
14:34:51.0359 2908 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:34:51.0359 2908 swmidi - ok
14:34:51.0375 2908 SwPrv - ok
14:34:51.0375 2908 symc810 - ok
14:34:51.0375 2908 symc8xx - ok
14:34:51.0390 2908 sym_hi - ok
14:34:51.0390 2908 sym_u3 - ok
14:34:51.0421 2908 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:34:51.0421 2908 sysaudio - ok
14:34:51.0437 2908 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:34:51.0437 2908 SysmonLog - ok
14:34:51.0453 2908 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
14:34:51.0453 2908 tap0901 - ok
14:34:51.0468 2908 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:34:51.0468 2908 TapiSrv - ok
14:34:51.0515 2908 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:34:51.0515 2908 Tcpip - ok
14:34:51.0531 2908 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:34:51.0531 2908 TDPIPE - ok
14:34:51.0531 2908 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:34:51.0531 2908 TDTCP - ok
14:34:51.0531 2908 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:34:51.0531 2908 TermDD - ok
14:34:51.0546 2908 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
14:34:51.0562 2908 TermService - ok
14:34:51.0562 2908 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:34:51.0578 2908 Themes - ok
14:34:51.0593 2908 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:34:51.0593 2908 TlntSvr - ok
14:34:51.0593 2908 TosIde - ok
14:34:51.0609 2908 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:34:51.0625 2908 TrkWks - ok
14:34:51.0625 2908 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:34:51.0625 2908 Udfs - ok
14:34:51.0640 2908 ultra - ok
14:34:51.0671 2908 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:34:51.0671 2908 Update - ok
14:34:51.0687 2908 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
14:34:51.0687 2908 upnphost - ok
14:34:51.0687 2908 upperdev - ok
14:34:51.0703 2908 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
14:34:51.0703 2908 UPS - ok
14:34:51.0734 2908 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:34:51.0734 2908 usbccgp - ok
14:34:51.0765 2908 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:34:51.0765 2908 usbehci - ok
14:34:51.0765 2908 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:34:51.0765 2908 usbhub - ok
14:34:51.0765 2908 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:34:51.0765 2908 usbohci - ok
14:34:51.0796 2908 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:34:51.0796 2908 usbprint - ok
14:34:51.0828 2908 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:34:51.0828 2908 usbscan - ok
14:34:51.0843 2908 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:34:51.0843 2908 USBSTOR - ok
14:34:51.0859 2908 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:34:51.0859 2908 VgaSave - ok
14:34:51.0875 2908 [ 80ED26C12AF05779A3F897B9BADF6F28 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
14:34:51.0875 2908 VIAHdAudAddService - ok
14:34:51.0890 2908 ViaIde - ok
14:34:51.0890 2908 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:34:51.0890 2908 VolSnap - ok
14:34:51.0906 2908 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
14:34:51.0921 2908 VSS - ok
14:34:51.0937 2908 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
14:34:51.0937 2908 W32Time - ok
14:34:51.0953 2908 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:34:51.0953 2908 Wanarp - ok
14:34:51.0984 2908 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
14:34:51.0984 2908 Wdf01000 - ok
14:34:51.0984 2908 WDICA - ok
14:34:52.0000 2908 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:34:52.0000 2908 wdmaud - ok
14:34:52.0015 2908 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:34:52.0015 2908 WebClient - ok
14:34:52.0062 2908 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:34:52.0062 2908 winmgmt - ok
14:34:52.0093 2908 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:34:52.0093 2908 WmdmPmSN - ok
14:34:52.0125 2908 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:34:52.0125 2908 Wmi - ok
14:34:52.0140 2908 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:34:52.0140 2908 WmiApSrv - ok
14:34:52.0156 2908 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:34:52.0156 2908 WpdUsb - ok
14:34:52.0187 2908 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:34:52.0187 2908 WS2IFSL - ok
14:34:52.0218 2908 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:34:52.0218 2908 wscsvc - ok
14:34:52.0250 2908 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:34:52.0250 2908 wuauserv - ok
14:34:52.0281 2908 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:34:52.0281 2908 WudfPf - ok
14:34:52.0312 2908 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:34:52.0312 2908 WudfRd - ok
14:34:52.0328 2908 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:34:52.0343 2908 WudfSvc - ok
14:34:52.0375 2908 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:34:52.0375 2908 WZCSVC - ok
14:34:52.0406 2908 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:34:52.0406 2908 xmlprov - ok
14:34:52.0406 2908 ================ Scan global ===============================
14:34:52.0421 2908 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
14:34:52.0453 2908 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
14:34:52.0468 2908 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
14:34:52.0515 2908 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
14:34:52.0515 2908 [Global] - ok
14:34:52.0515 2908 ================ Scan MBR ==================================
14:34:52.0531 2908 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
14:34:52.0671 2908 \Device\Harddisk0\DR0 - ok
14:34:52.0671 2908 ================ Scan VBR ==================================
14:34:52.0671 2908 [ C1300DEC8E0CA7417700D21B6E5B6ED4 ] \Device\Harddisk0\DR0\Partition1
14:34:52.0671 2908 \Device\Harddisk0\DR0\Partition1 - ok
14:34:52.0687 2908 [ E254D487B85F8F281BEC50F47F2B4982 ] \Device\Harddisk0\DR0\Partition2
14:34:52.0687 2908 \Device\Harddisk0\DR0\Partition2 - ok
14:34:52.0703 2908 [ 461E6A1B5AB546276310309EDB2BC49C ] \Device\Harddisk0\DR0\Partition3
14:34:52.0703 2908 \Device\Harddisk0\DR0\Partition3 - ok
14:34:52.0703 2908 ============================================================
14:34:52.0703 2908 Scan finished
14:34:52.0703 2908 ============================================================
14:34:52.0718 2900 Detected object count: 0
14:34:52.0718 2900 Actual detected object count: 0
14:35:12.0093 2884 Deinitialize success

Log z ComboFix:
ComboFix 12-10-29.05 - rosta 30.10.2012 14:37:19.2.2 - x86
Spuštěný z: c:\documents and settings\rosta\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-28 do 2012-10-30 )))))))))))))))))))))))))))))))
.
.
2012-10-30 09:48 . 2012-10-30 09:48 388096 ----a-r- c:\documents and settings\rosta\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-30 09:48 . 2012-10-30 09:48 -------- d-----w- c:\program files\Trend Micro
2012-10-30 09:09 . 2012-10-30 09:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 06:18 . 2012-10-30 06:18 -------- d-----w- c:\documents and settings\rosta\Data aplikací\Malwarebytes
2012-10-30 06:18 . 2012-10-30 06:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-10-30 06:18 . 2012-10-30 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-30 06:18 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 15:10 . 2012-10-28 15:15 -------- d-----w- c:\program files\UBISOFT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 08:48 . 2012-04-04 14:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 08:48 . 2011-05-24 06:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-23 14:28 . 2012-09-14 09:46 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-23 14:28 . 2012-09-14 09:46 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-23 14:28 . 2012-05-25 12:15 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-05-25 12:15 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-05-25 12:15 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-05-25 12:15 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2008-05-02 22:46 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2008-05-02 22:46 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2008-05-02 22:46 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2008-05-02 22:46 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2008-05-02 22:46 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2008-05-02 22:46 335872 -c--a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2008-05-02 22:46 282624 -c--a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2008-05-02 22:46 270336 -c--a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2008-05-02 22:46 286720 -c--a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2008-05-02 22:46 229376 -c--a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2008-05-02 22:46 335872 -c--a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2008-05-02 22:46 282624 -c--a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2008-05-02 22:46 282624 -c--a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2008-05-02 22:46 249856 -c--a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2008-05-02 22:46 266240 -c--a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2008-05-02 22:46 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2008-05-02 22:46 270336 -c--a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2008-05-02 22:46 249856 -c--a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2008-05-02 22:46 278528 -c--a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2008-05-02 22:46 262144 -c--a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:09 . 2008-05-02 22:46 126976 -c--a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:04 . 2008-05-02 22:46 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2008-05-02 22:46 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2008-05-02 22:46 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2008-05-02 22:46 143720 -c--a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2008-05-02 22:46 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-28 15:18 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 15:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 15:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-17 15:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-05 618496]
"4600 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4600\Scan2pc.exe" [2009-09-10 1968640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4600\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4600\\Sscan2io.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 23567906
*Deregistered* - 23567906
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:48]
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 14:14]
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 14:14]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-30 14:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2012-10-30 14:43:52
ComboFix-quarantined-files.txt 2012-10-30 13:43
ComboFix2.txt 2012-10-30 09:45
.
Před spuštěním: Volných bajtů: 64 018 677 760
Po spuštění: Volných bajtů: 64 001 495 040
.
- - End Of File - - 5F61E6AA22AE1A14E42A6FAE0BF61D0E

Reklama

Rostex77 · Příspěvekod **Rostex77** » 30 říj 2012 16:30

Log z HiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:45:35, on 30.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\SCX4600\Scan2pc.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_16\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_16\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [4600 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX4600\Scan2pc.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-854245398-682003330-839522115-1003\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-854245398-682003330-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\rosta\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6808 bytes

Ještě bych měl dotaz na ten program ComboFix. Můžete mi jen vysvětlit, k čemu je dobrý, při restartu PC to hází na vteřinku černou obrazovku s možnostma najetí PC, pak ale automaticky naskočí klasika Window XP Profesional. Já jen abych věděl, co tam mám. Ještě jednou děkuji moc za informace, Rosťa.

Příspěvekod **memphisto** » 30 říj 2012 16:30

Nic tam není. Jen pár zbytečností. Později dodám skript na Combofix. Jinak kdo ti to poradil? CF nemáš sám co pouštět! Můžeš být rád, žes něco nepokonil.

Rostex77 · Příspěvekod **Rostex77** » 30 říj 2012 16:39

Ahoj, o ComboFix jsem četl zde: viewtopic.php?f=47&t=90773&sid=4b0e00498e583ab0c1d85ff45988a61b#p680277
Pokud bych tam tedy neměl vir, tak mám asi poškozený OS Win XP, jestli to dobře chápu? Ani ten HiJackthis nic nenašel? Díky moc.

Příspěvekod **memphisto** » 31 říj 2012 09:59

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Driver::
Lbd
gupdate
gupdatem
SkypeUpdate

Folder::
c:\program files\Google\Update
c:\program files\Skype\Updater

File::
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Rostex77 · Příspěvekod **Rostex77** » 31 říj 2012 17:02

Zdravím, přeposílám log z ComboFix:

ComboFix 12-10-31.03 - rosta 31.10.2012 16:47:00.3.2 - x86
Spuštěný z: c:\documents and settings\rosta\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\rosta\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\program files\Google\Update\Download\{7DF7DD7F-4AF5-4C52-B075-B9F900027629}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\22.0.1229.96\22.0.1229.96_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_LBD
-------\Legacy_SKYPEUPDATE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_Lbd
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-28 do 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-30 13:53 . 2012-10-23 11:18 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 13:53 . 2012-10-23 11:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 13:53 . 2012-10-23 11:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 13:53 . 2012-10-23 11:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 13:53 . 2012-10-23 11:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 13:53 . 2012-10-23 11:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 13:53 . 2012-10-23 11:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 13:53 . 2012-10-23 11:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 13:53 . 2012-10-23 11:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 13:53 . 2012-10-23 11:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 13:53 . 2012-10-30 13:53 -------- d-----w- c:\program files\AVAST Software
2012-10-30 09:48 . 2012-10-30 09:48 388096 ----a-r- c:\documents and settings\rosta\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-30 09:48 . 2012-10-30 09:48 -------- d-----w- c:\program files\Trend Micro
2012-10-30 09:09 . 2012-10-30 09:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-30 06:18 . 2012-10-30 06:18 -------- d-----w- c:\documents and settings\rosta\Data aplikací\Malwarebytes
2012-10-30 06:18 . 2012-10-30 06:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-10-30 06:18 . 2012-10-30 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-30 06:18 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 15:10 . 2012-10-28 15:15 -------- d-----w- c:\program files\UBISOFT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 08:48 . 2012-04-04 14:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 08:48 . 2011-05-24 06:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-23 14:28 . 2012-09-14 09:46 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-23 14:28 . 2012-09-14 09:46 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-23 14:28 . 2012-05-25 12:15 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-05-25 12:15 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-05-25 12:15 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-05-25 12:15 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2008-05-02 22:46 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2008-05-02 22:46 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2008-05-02 22:46 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2008-05-02 22:46 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2008-05-02 22:46 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2008-05-02 22:46 335872 -c--a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2008-05-02 22:46 282624 -c--a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2008-05-02 22:46 270336 -c--a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2008-05-02 22:46 286720 -c--a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2008-05-02 22:46 229376 -c--a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2008-05-02 22:46 335872 -c--a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2008-05-02 22:46 258048 -c--a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2008-05-02 22:46 282624 -c--a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2008-05-02 22:46 282624 -c--a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2008-05-02 22:46 249856 -c--a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2008-05-02 22:46 266240 -c--a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2008-05-02 22:46 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2008-05-02 22:46 270336 -c--a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2008-05-02 22:46 249856 -c--a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2008-05-02 22:46 278528 -c--a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2008-05-02 22:46 274432 -c--a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2008-05-02 22:46 262144 -c--a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2008-05-02 22:46 253952 -c--a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:09 . 2008-05-02 22:46 126976 -c--a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:04 . 2008-05-02 22:46 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2008-05-02 22:46 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2008-05-02 22:46 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2008-05-02 22:46 143720 -c--a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2008-05-02 22:46 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-28 15:18 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 15:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 15:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-17 15:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 11:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-05 618496]
"4600 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4600\Scan2pc.exe" [2009-09-10 1968640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4600\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4600\\Sscan2io.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:48]
.
2012-10-31 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-30 11:17]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 62.129.50.20 85.135.32.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-31 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(324)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre1.6.0_16\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Celkový čas: 2012-10-31 16:58:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-31 15:58
ComboFix2.txt 2012-10-30 09:45
.
Před spuštěním: Volných bajtů: 63 894 646 784
Po spuštění: Volných bajtů: 63 859 634 176
.
- - End Of File - - 3905B794895FC368F889F5054943BB2C

Příspěvekod **jaro3** » 31 říj 2012 23:26

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT+ info o problémech.

Rostex77 · Příspěvekod **Rostex77** » 01 lis 2012 10:09

Zdravím, tak jsem provedl všechny úkony a posílám info o problémech a níže pak logy. Centrum zabezpečení systému Windows stále hlásí, že není nainstalovaný avast!, přitom mám nainstalovaný avast verze 7.0.14.73, teď zjišťuji, že je tam už novější verze pro program, ale zatím to nechávám tak. Pro jistotu posílám info i z technické podpory k placenému a řádně registrovanému účetnímu programu MoneyS3, cituji: doporučji zkontrolovat nastvení antiviru na PC. Při aktualizaci by se mohly zrušit výjimky na Money S3. Správně by měly být nastaveny výjimky na adresář CÍGLER SOFTWARE standardně jej najdete v C:\Program Files\. Pokud antivir umožňuje zrušte kontrolu souborů *.dat *.ini. Jestliže se ani po nastavení výjimek neprojiví změna doporučuji alespoň dočasně antivir odinstalovat a vyzkoušet spouštění programu.. O tom, že mi blbne antivir, jsem se jim vůbec nezmiňoval, ale píšou co píšou, tak mi přijde, že ten avast vykopu pryč a nechám si od Vás poradit jiný free antivir. Ještě tedy musím dodat, že vůbec netuším, kde bych měl případně do avastu uvádět výjimky pro adresář či soubory typu *.dat, *.ini. Poslední věc, nezkoušel jsem ani odinstalovat avast a rozjet účetní program. Počkám na Vaše případné další informace po přečtení logů. Zatím moc děkuji.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-01 09:13:07
-----------------------------
09:13:07.500 OS Version: Windows 5.1.2600 Service Pack 3
09:13:07.500 Number of processors: 2 586 0x6B02
09:13:07.500 ComputerName: ATHLON UserName: rosta
09:13:08.640 Initialize success
09:13:08.750 AVAST engine defs: 12103101
09:14:08.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
09:14:08.890 Disk 0 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
09:14:08.906 Disk 0 MBR read successfully
09:14:08.906 Disk 0 MBR scan
09:14:08.906 Disk 0 Windows XP default MBR code
09:14:08.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199996 MB offset 63
09:14:08.906 Disk 0 Partition - 00 0F Extended LBA 276932 MB offset 409593240
09:14:08.921 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149997 MB offset 409593303
09:14:08.921 Disk 0 Partition - 00 05 Extended 126935 MB offset 716788170
09:14:08.937 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 126935 MB offset 716788233
09:14:08.937 Disk 0 scanning sectors +976752000
09:14:08.984 Disk 0 scanning C:\WINDOWS\system32\drivers
09:14:14.031 Service scanning
09:14:21.687 Modules scanning
09:14:25.062 Disk 0 trace - called modules:
09:14:25.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
09:14:25.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae12ab8]
09:14:25.078 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8adf49e8]
09:14:25.078 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8addb940]
09:14:25.078 \Driver\atapi[0x8addd030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xb85ae61d]
09:14:25.593 AVAST engine scan C:\WINDOWS
09:14:30.453 AVAST engine scan C:\WINDOWS\system32
09:16:00.859 AVAST engine scan C:\WINDOWS\system32\drivers
09:16:14.953 AVAST engine scan C:\Documents and Settings\rosta
09:21:59.625 AVAST engine scan C:\Documents and Settings\All Users
09:22:22.515 Scan finished successfully
09:22:51.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\rosta\Plocha\Logy\MBR.dat"
09:22:51.625 The log file has been saved successfully to "C:\Documents and Settings\rosta\Plocha\Logy\aswMBR.txt"

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:32, on 1.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\SCX4600\Scan2pc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_16\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_16\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [4600 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX4600\Scan2pc.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-854245398-682003330-839522115-1003\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-854245398-682003330-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-854245398-682003330-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\rosta\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe

--
End of file - 7232 bytes

Příspěvekod **jaro3** » 01 lis 2012 18:20

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\rosta\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Mrkni se , zda tam máš tento soubor C:\WINDOWS\system32\drivers\prosync1.sys ( nebo v jiném, umístění) , pokud ano , dej ho na virustotal.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

Stáhni AVP Tools
na svojí plochu.

Zaškrtni :
Hidden startup objects
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
A jiné , např. Flash disky , které máš připojeny.

Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.

Pokud se Ti log nezobrazí:
Pokud máš AVPtool stále zapnutý, zkus zmáčknout tlačítko Zpráva (Report).
Pokud se Ti zobrazí tabulka, klikni na ní pravým myšítkem a dej Maximalize a měli by se Ti zobrazit výsledky.

http://www.sosej.cz/Download/Kaspersky- ... nload.html

Rostex77 · Příspěvekod **Rostex77** » 02 lis 2012 13:50

Zdravím, posílám odkazy a logy.

https://www.virustotal.com/file/8463444 ... 351843952/
http://r.virscan.org/report/24385d0cd4a ... a6dba.html

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware verze 1.65.1.1000
CCleaner
Java(TM) 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Z programu AVPtool vyšel KAS.txt o rozměrech 66MB, ale detekce viru tam není žádná. Ještě dodám pro info, že centrum zabezpečení stále hlásí, že nemám antivir i přesto, že je tam ten avast!. Zatím děkuji a čekám.

Rostex77 · Příspěvekod **Rostex77** » 02 lis 2012 14:29

Ještě jedna věc, teď jsem chtěl jít na Operu a vyskočila mi z avastu hláška, tak ji přeposílám v příloze.

Příspěvekod **memphisto** » 02 lis 2012 14:43

Ta hláška se může objevit pokud na některé z dříve navštívených stránek se vyskytl odkaz, banner, apod. nějaké podvodné stránky. Zkus Avast kompletně přeinstalovat. odinstaluj, pročisti registry CCleanerem a pak nainstaluj znovu nejnovější verzi z webu AVASTU

avast! a Centrum zabezpečení systému Windows - VIR?

avast! a Centrum zabezpečení systému Windows - VIR?

ještě tedy Log z HiJackThis a dotaz na Combofix

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Re: avast! a Centrum zabezpečení systému Windows - VIR?

Kdo je online