Viry dle Antiviru

Zpráva

MihhC · #1 Příspěvek od **MihhC** » 12 pro 2011 20:16

Zdravím,
prosím někoho o rady.

Používám CCleaner, defragmentaci a superantispyware párkrát když si vzpomenu, pak opět vyhodím, a jsem i v celku opatrný ... každopádně vrátím se domů a někdo mi tu nechal dáreček s virem. Tak spustím raději hloubokovou kontrolu celého disku, 4 zlikviduje ale 3 neprolomil. Nativirák: Eset SS 4.

Mám ještě otázečku offtopic: Stáhl jsem si ze stránek AVG jejich BOOT kontrolu a vypálil, nemáte někdo zkušenosti? Podle mě by to mělo stačit(virová databáze myslim léto), ale raději píšu sem a ujištuji se. ???

Dále tedy dle instrukcí vkládám log a rád bych Vás poprosil o pomoc.(Píši zde vceméně poprvé, takže se omlouvám zapomněl-li jsem ně něco)

Děkuju Mihh.

________________________________________________________________________________________________

Logfile of random's system information tool 1.09 (written by random/random)
Run by N_PC at 2011-12-12 20:07:27
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 45 GB (59%) free of 76 GB
Total RAM: 3326 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:07:29, on 12.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\N_PC\Downloads\RSIT.exe
C:\Program Files\trend micro\N_PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HDVid Web Player v.0.91 - {C9C42511-9B41-42c1-9DCD-7282A2D07C65} - C:\Program Files\HDVid Web Player\HDVid091.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5796 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{3ef7f254-8bcc-48d6-b1bb-980964a775d0}"=C:\Program Files\HDVid Web Player\HDVidFF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default\extensions\
{33e0daa6-3af3-d8b5-6752-10e949c61516}

C:\Users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default\searchplugins\
absearch-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42511-9B41-42c1-9DCD-7282A2D07C65}]
HDVid Web Player v.0.91 - C:\Program Files\HDVid Web Player\HDVid091.dll [2011-09-27 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-09-24 56712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-08 3076144]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.6\ICQ.exe [2011-10-10 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-12-12 20:00:46 ----D---- C:\Program Files\trend micro
2011-12-12 20:00:44 ----D---- C:\rsit
2011-12-04 00:53:36 ----D---- C:\Users\N_PC\AppData\Roaming\Quark
2011-12-04 00:51:31 ----D---- C:\Program Files\Quark
2011-11-29 00:38:26 ----D---- C:\Program Files\JDownloader
2011-11-25 12:17:20 ----D---- C:\Users\N_PC\AppData\Roaming\Might & Magic Heroes VI
2011-11-25 12:09:16 ----D---- C:\Program Files\Ubisoft
2011-11-23 16:33:06 ----D---- C:\Users\N_PC\AppData\Roaming\Auslogics
2011-11-22 22:38:54 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-11-22 22:38:54 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-11-22 22:38:50 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-11-22 22:38:46 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-11-22 22:38:46 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-11-22 22:38:45 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-11-22 22:38:45 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-11-22 22:38:44 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-11-22 22:38:44 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-11-22 22:38:43 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-11-22 22:38:40 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-11-22 22:38:40 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-11-22 22:38:39 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-11-22 22:38:39 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-11-22 22:38:38 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-11-22 22:38:37 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-11-22 22:38:35 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-11-22 22:38:35 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-11-22 22:38:34 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-11-22 22:38:34 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-11-22 22:38:34 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-11-22 22:38:33 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-11-22 22:38:33 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-11-22 22:38:32 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-11-22 22:38:31 ----A---- C:\Windows\system32\xinput1_3.dll
2011-11-22 22:38:31 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-11-22 22:38:30 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-11-22 22:38:30 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-11-22 22:38:29 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-11-22 22:38:28 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-11-22 22:38:27 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-11-22 22:38:27 ----A---- C:\Windows\system32\d3dx10.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-22 22:38:24 ----A---- C:\Windows\system32\xinput1_2.dll
2011-11-22 22:38:24 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-11-22 22:38:23 ----A---- C:\Windows\system32\xinput1_1.dll
2011-11-22 22:38:23 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-11-22 22:38:06 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-11-22 22:38:05 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-11-22 22:38:05 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-11-22 22:38:02 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-11-22 22:38:01 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-11-22 22:37:58 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-11-22 22:37:53 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-11-22 22:37:52 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-11-22 22:37:51 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-11-22 17:27:15 ----D---- C:\Users\N_PC\AppData\Roaming\Adobe Mini Bridge CS5
2011-11-22 17:27:14 ----D---- C:\Users\N_PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-18 20:06:27 ----D---- C:\ProgramData\McAfee
2011-11-17 01:35:20 ----D---- C:\ProgramData\SUPERAntiSpyware.com

======List of files/folders modified in the last 1 month======

2011-12-12 20:07:29 ----D---- C:\Windows\Temp
2011-12-12 20:00:57 ----D---- C:\Windows\Prefetch
2011-12-12 20:00:46 ----RD---- C:\Program Files
2011-12-12 15:00:30 ----D---- C:\Windows\System32
2011-12-12 15:00:30 ----D---- C:\Windows\inf
2011-12-12 15:00:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-12 14:57:01 ----D---- C:\Windows\system32\config
2011-12-11 19:46:39 ----D---- C:\Users\N_PC\AppData\Roaming\ICQ
2011-12-10 22:03:24 ----D---- C:\Windows
2011-12-10 20:54:45 ----SHD---- C:\System Volume Information
2011-12-10 20:34:35 ----HD---- C:\ProgramData
2011-12-04 16:27:51 ----D---- C:\Windows\winsxs
2011-12-04 15:30:36 ----D---- C:\Windows\system32\catroot2
2011-12-04 15:19:56 ----SHD---- C:\Windows\Installer
2011-12-04 15:19:34 ----D---- C:\Program Files\Common Files\Adobe
2011-12-04 15:19:33 ----D---- C:\Program Files\Common Files
2011-12-04 15:18:48 ----D---- C:\Program Files\Adobe
2011-12-04 15:12:40 ----D---- C:\Program Files\CCleaner
2011-12-04 14:52:00 ----RSD---- C:\Windows\Fonts
2011-12-04 00:57:19 ----SD---- C:\ProgramData\Microsoft
2011-11-29 22:54:48 ----D---- C:\Windows\Minidump
2011-11-29 00:37:03 ----D---- C:\Program Files\Mozilla Firefox
2011-11-25 14:42:29 ----D---- C:\Users\N_PC\AppData\Roaming\DAEMON Tools Lite
2011-11-25 14:42:27 ----D---- C:\Windows\Logs
2011-11-25 12:11:16 ----RSD---- C:\Windows\assembly
2011-11-25 12:06:31 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-23 18:31:13 ----D---- C:\Windows\SoftwareDistribution
2011-11-23 15:05:28 ----D---- C:\Program Files\Microsoft Office
2011-11-22 23:23:32 ----D---- C:\Windows\LiveKernelReports
2011-11-22 22:31:26 ----D---- C:\Windows\system32\drivers
2011-11-22 17:21:20 ----D---- C:\Users\N_PC\AppData\Roaming\Adobe
2011-11-22 11:18:32 ----D---- C:\Windows\system32\NDF
2011-11-20 11:37:00 ----D---- C:\Users\N_PC\AppData\Roaming\TeamViewer
2011-11-19 11:44:06 ----AD---- C:\ProgramData\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-06 232512]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-06 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 12 pro 2011 20:31

Zdravim a pekny vecer preji

Nedavejte logy do code, spatne se to lusti

avg je parodie na antiviry

kdyz pouzivate cracknuty ESS, tak se nedivte ze tam mate havet. Pravidla fora hovori ale o nelegalni SW jasne, takze co s tim udelame

MihhC · #3 Příspěvek od **MihhC** » 12 pro 2011 21:11

Zdravím,

klidně ho zlikviduji, obzvláště jestliže skrz něj cosi prolézá.
Omluva.

Mohu přesto prosit rady?

M

#4 Příspěvek od **vyosek** » 12 pro 2011 21:15

Kde ten ESS udajne naleza tu neznicitelnou havet

Odinstalujte ESS, nainstalujte free reseni (Avast, Avira ci MSE)

Dejte novy log z RSIT

MihhC · #5 Příspěvek od **MihhC** » 12 pro 2011 21:41

Tak jsem tam hodil MSE.(úvaha: Nebylo by ho lepší instalovat až po vyčištění, aby ho "cosi" neodpojilo, rád se poučím.)

V příloze report ESS4. Asi to je 3x totéž.

Nový log:
______________________________________________________________________________________________________

Logfile of random's system information tool 1.09 (written by random/random)
Run by N_PC at 2011-12-12 21:35:40
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 45 GB (58%) free of 76 GB
Total RAM: 3326 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:02, on 12.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\N_PC\Downloads\RSIT.exe
C:\Program Files\trend micro\N_PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HDVid Web Player v.0.91 - {C9C42511-9B41-42c1-9DCD-7282A2D07C65} - C:\Program Files\HDVid Web Player\HDVid091.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5600 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{3ef7f254-8bcc-48d6-b1bb-980964a775d0}"=C:\Program Files\HDVid Web Player\HDVidFF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default\extensions\
{33e0daa6-3af3-d8b5-6752-10e949c61516}

C:\Users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default\searchplugins\
absearch-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42511-9B41-42c1-9DCD-7282A2D07C65}]
HDVid Web Player v.0.91 - C:\Program Files\HDVid Web Player\HDVid091.dll [2011-09-27 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-09-24 56712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.6\ICQ.exe [2011-10-10 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-12-12 21:31:51 ----D---- C:\Program Files\Microsoft Security Client
2011-12-12 20:00:46 ----D---- C:\Program Files\trend micro
2011-12-12 20:00:44 ----D---- C:\rsit
2011-12-04 00:53:36 ----D---- C:\Users\N_PC\AppData\Roaming\Quark
2011-12-04 00:51:31 ----D---- C:\Program Files\Quark
2011-11-29 00:38:26 ----D---- C:\Program Files\JDownloader
2011-11-25 12:17:20 ----D---- C:\Users\N_PC\AppData\Roaming\Might & Magic Heroes VI
2011-11-25 12:09:16 ----D---- C:\Program Files\Ubisoft
2011-11-23 16:33:06 ----D---- C:\Users\N_PC\AppData\Roaming\Auslogics
2011-11-22 22:38:54 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-11-22 22:38:54 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-11-22 22:38:53 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-11-22 22:38:52 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-11-22 22:38:51 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-11-22 22:38:50 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-11-22 22:38:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-11-22 22:38:48 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-11-22 22:38:47 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-11-22 22:38:46 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-11-22 22:38:46 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-11-22 22:38:45 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-11-22 22:38:45 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-11-22 22:38:44 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-11-22 22:38:44 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-11-22 22:38:43 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-11-22 22:38:42 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-11-22 22:38:40 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-11-22 22:38:40 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-11-22 22:38:39 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-11-22 22:38:39 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-11-22 22:38:38 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-11-22 22:38:37 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-11-22 22:38:35 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-11-22 22:38:35 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-11-22 22:38:34 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-11-22 22:38:34 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-11-22 22:38:34 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-11-22 22:38:33 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-11-22 22:38:33 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-11-22 22:38:32 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-11-22 22:38:31 ----A---- C:\Windows\system32\xinput1_3.dll
2011-11-22 22:38:31 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-11-22 22:38:30 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-11-22 22:38:30 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-11-22 22:38:29 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-11-22 22:38:28 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-11-22 22:38:27 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-11-22 22:38:27 ----A---- C:\Windows\system32\d3dx10.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-11-22 22:38:25 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-22 22:38:24 ----A---- C:\Windows\system32\xinput1_2.dll
2011-11-22 22:38:24 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-11-22 22:38:23 ----A---- C:\Windows\system32\xinput1_1.dll
2011-11-22 22:38:23 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-11-22 22:38:06 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-11-22 22:38:05 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-11-22 22:38:05 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-11-22 22:38:02 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-11-22 22:38:01 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-11-22 22:37:58 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-11-22 22:37:53 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-11-22 22:37:52 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-11-22 22:37:51 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-11-22 17:27:15 ----D---- C:\Users\N_PC\AppData\Roaming\Adobe Mini Bridge CS5
2011-11-22 17:27:14 ----D---- C:\Users\N_PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-18 20:06:27 ----D---- C:\ProgramData\McAfee
2011-11-17 01:35:20 ----D---- C:\ProgramData\SUPERAntiSpyware.com

======List of files/folders modified in the last 1 month======

2011-12-12 21:34:59 ----D---- C:\Windows\Temp
2011-12-12 21:34:19 ----D---- C:\Windows\Prefetch
2011-12-12 21:34:17 ----D---- C:\Windows\System32
2011-12-12 21:34:17 ----D---- C:\Windows\inf
2011-12-12 21:34:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-12 21:33:42 ----SHD---- C:\System Volume Information
2011-12-12 21:32:30 ----D---- C:\Windows
2011-12-12 21:32:21 ----SHD---- C:\Windows\Installer
2011-12-12 21:32:07 ----D---- C:\Windows\system32\config
2011-12-12 21:32:06 ----D---- C:\Windows\system32\drivers
2011-12-12 21:32:06 ----D---- C:\Windows\system32\catroot
2011-12-12 21:32:03 ----SD---- C:\ProgramData\Microsoft
2011-12-12 21:31:51 ----RD---- C:\Program Files
2011-12-12 21:25:45 ----HD---- C:\ProgramData
2011-12-12 21:24:59 ----D---- C:\Windows\system32\DriverStore
2011-12-11 19:46:39 ----D---- C:\Users\N_PC\AppData\Roaming\ICQ
2011-12-04 16:27:51 ----D---- C:\Windows\winsxs
2011-12-04 15:30:36 ----D---- C:\Windows\system32\catroot2
2011-12-04 15:19:34 ----D---- C:\Program Files\Common Files\Adobe
2011-12-04 15:19:33 ----D---- C:\Program Files\Common Files
2011-12-04 15:18:48 ----D---- C:\Program Files\Adobe
2011-12-04 15:12:40 ----D---- C:\Program Files\CCleaner
2011-12-04 14:52:00 ----RSD---- C:\Windows\Fonts
2011-11-29 22:54:48 ----D---- C:\Windows\Minidump
2011-11-29 00:37:03 ----D---- C:\Program Files\Mozilla Firefox
2011-11-25 14:42:29 ----D---- C:\Users\N_PC\AppData\Roaming\DAEMON Tools Lite
2011-11-25 14:42:27 ----D---- C:\Windows\Logs
2011-11-25 12:11:16 ----RSD---- C:\Windows\assembly
2011-11-25 12:06:31 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-23 18:31:13 ----D---- C:\Windows\SoftwareDistribution
2011-11-23 15:05:28 ----D---- C:\Program Files\Microsoft Office
2011-11-22 23:23:32 ----D---- C:\Windows\LiveKernelReports
2011-11-22 17:21:20 ----D---- C:\Users\N_PC\AppData\Roaming\Adobe
2011-11-22 11:18:32 ----D---- C:\Windows\system32\NDF
2011-11-20 11:37:00 ----D---- C:\Users\N_PC\AppData\Roaming\TeamViewer
2011-11-19 11:44:06 ----AD---- C:\ProgramData\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsldbf7780b;MpKsldbf7780b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AE93D21-F9F3-4B4C-B960-79F0CB496DD2}\MpKsldbf7780b.sys [2011-12-12 29904]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-06 232512]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-06 1343400]

-----------------EOF-----------------

#6 Příspěvek od **vyosek** » 12 pro 2011 21:44

Pokud antivir nainstalovat jde, tak jej tam nechame uzivatele dat dopredu. je to takovy zvyk a i pojistka ze user pak neutece. Pokud by jej havet mela vyradit, tak vyradi i ten co je nainstalovan

No je tam toho dooost

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

MihhC · #7 Příspěvek od **MihhC** » 12 pro 2011 21:59

No 1 sviˇ_i zlikvidoval už MSE.

Sken trval asi minuty a nic nenašel.
___________________________________________________________________________________________________________

21:49:54.0551 0312 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:49:54.0617 0312 ============================================================
21:49:54.0617 0312 Current date / time: 2011/12/12 21:49:54.0617
21:49:54.0617 0312 SystemInfo:
21:49:54.0617 0312
21:49:54.0617 0312 OS Version: 6.1.7601 ServicePack: 1.0
21:49:54.0617 0312 Product type: Workstation
21:49:54.0617 0312 ComputerName: N-PC
21:49:54.0617 0312 UserName: N_PC
21:49:54.0617 0312 Windows directory: C:\Windows
21:49:54.0617 0312 System windows directory: C:\Windows
21:49:54.0617 0312 Processor architecture: Intel x86
21:49:54.0617 0312 Number of processors: 2
21:49:54.0617 0312 Page size: 0x1000
21:49:54.0617 0312 Boot type: Normal boot
21:49:54.0617 0312 ============================================================
21:49:55.0909 0312 Initialize success
21:51:16.0890 3792 ============================================================
21:51:16.0890 3792 Scan started
21:51:16.0890 3792 Mode: Manual;
21:51:16.0890 3792 ============================================================
21:51:17.0389 3792 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:51:17.0391 3792 1394ohci - ok
21:51:17.0495 3792 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:51:17.0497 3792 ACPI - ok
21:51:17.0617 3792 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:51:17.0618 3792 AcpiPmi - ok
21:51:17.0727 3792 adfs - ok
21:51:17.0844 3792 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
21:51:17.0852 3792 adp94xx - ok
21:51:17.0952 3792 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
21:51:17.0960 3792 adpahci - ok
21:51:18.0064 3792 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
21:51:18.0065 3792 adpu320 - ok
21:51:18.0177 3792 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:51:18.0180 3792 AFD - ok
21:51:18.0278 3792 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:51:18.0279 3792 agp440 - ok
21:51:18.0383 3792 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
21:51:18.0384 3792 aic78xx - ok
21:51:18.0489 3792 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:51:18.0490 3792 aliide - ok
21:51:18.0600 3792 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:51:18.0601 3792 amdagp - ok
21:51:18.0693 3792 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:51:18.0693 3792 amdide - ok
21:51:18.0791 3792 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
21:51:18.0791 3792 AmdK8 - ok
21:51:18.0891 3792 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
21:51:18.0892 3792 AmdPPM - ok
21:51:18.0997 3792 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:51:18.0998 3792 amdsata - ok
21:51:19.0103 3792 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
21:51:19.0104 3792 amdsbs - ok
21:51:19.0202 3792 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:51:19.0203 3792 amdxata - ok
21:51:19.0306 3792 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:51:19.0306 3792 AppID - ok
21:51:19.0438 3792 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
21:51:19.0439 3792 arc - ok
21:51:19.0536 3792 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
21:51:19.0537 3792 arcsas - ok
21:51:19.0633 3792 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:19.0633 3792 AsyncMac - ok
21:51:19.0729 3792 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:51:19.0729 3792 atapi - ok
21:51:19.0938 3792 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
21:51:20.0056 3792 atikmdag - ok
21:51:20.0182 3792 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
21:51:20.0186 3792 b06bdrv - ok
21:51:20.0284 3792 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:51:20.0286 3792 b57nd60x - ok
21:51:20.0396 3792 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:51:20.0403 3792 Beep - ok
21:51:20.0512 3792 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:51:20.0512 3792 blbdrive - ok
21:51:20.0620 3792 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:51:20.0621 3792 bowser - ok
21:51:20.0713 3792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
21:51:20.0713 3792 BrFiltLo - ok
21:51:20.0809 3792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
21:51:20.0809 3792 BrFiltUp - ok
21:51:20.0940 3792 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:51:20.0948 3792 Brserid - ok
21:51:21.0044 3792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:51:21.0045 3792 BrSerWdm - ok
21:51:21.0141 3792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:51:21.0141 3792 BrUsbMdm - ok
21:51:21.0235 3792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:51:21.0235 3792 BrUsbSer - ok
21:51:21.0324 3792 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
21:51:21.0325 3792 BTHMODEM - ok
21:51:21.0449 3792 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:51:21.0450 3792 cdfs - ok
21:51:21.0576 3792 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:51:21.0577 3792 cdrom - ok
21:51:21.0756 3792 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
21:51:21.0757 3792 circlass - ok
21:51:21.0873 3792 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:51:21.0882 3792 CLFS - ok
21:51:21.0998 3792 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
21:51:21.0998 3792 CmBatt - ok
21:51:22.0092 3792 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:51:22.0093 3792 cmdide - ok
21:51:22.0186 3792 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:51:22.0194 3792 CNG - ok
21:51:22.0294 3792 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
21:51:22.0295 3792 Compbatt - ok
21:51:22.0399 3792 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:51:22.0400 3792 CompositeBus - ok
21:51:22.0495 3792 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
21:51:22.0496 3792 crcdisk - ok
21:51:22.0620 3792 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:51:22.0628 3792 CSC - ok
21:51:22.0767 3792 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:51:22.0768 3792 DfsC - ok
21:51:22.0864 3792 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:51:22.0864 3792 discache - ok
21:51:22.0963 3792 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
21:51:22.0964 3792 Disk - ok
21:51:23.0059 3792 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
21:51:23.0060 3792 dmvsc - ok
21:51:23.0173 3792 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:51:23.0173 3792 drmkaud - ok
21:51:23.0281 3792 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:51:23.0282 3792 dtsoftbus01 - ok
21:51:23.0386 3792 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:51:23.0391 3792 DXGKrnl - ok
21:51:23.0557 3792 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
21:51:23.0617 3792 ebdrv - ok
21:51:23.0736 3792 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
21:51:23.0752 3792 elxstor - ok
21:51:23.0853 3792 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:51:23.0853 3792 ErrDev - ok
21:51:23.0961 3792 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:51:23.0985 3792 exfat - ok
21:51:24.0086 3792 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:51:24.0103 3792 fastfat - ok
21:51:24.0207 3792 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
21:51:24.0208 3792 fdc - ok
21:51:24.0307 3792 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:51:24.0308 3792 FileInfo - ok
21:51:24.0400 3792 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:51:24.0401 3792 Filetrace - ok
21:51:24.0496 3792 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
21:51:24.0497 3792 flpydisk - ok
21:51:24.0598 3792 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:51:24.0600 3792 FltMgr - ok
21:51:24.0706 3792 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:51:24.0706 3792 FsDepends - ok
21:51:24.0795 3792 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:51:24.0803 3792 Fs_Rec - ok
21:51:24.0919 3792 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:51:24.0920 3792 fvevol - ok
21:51:25.0051 3792 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
21:51:25.0052 3792 gagp30kx - ok
21:51:25.0159 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:51:25.0160 3792 GEARAspiWDM - ok
21:51:25.0259 3792 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:51:25.0259 3792 hcw85cir - ok
21:51:25.0375 3792 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:51:25.0378 3792 HdAudAddService - ok
21:51:25.0477 3792 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:51:25.0478 3792 HDAudBus - ok
21:51:25.0571 3792 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
21:51:25.0572 3792 HidBatt - ok
21:51:25.0669 3792 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
21:51:25.0670 3792 HidBth - ok
21:51:25.0765 3792 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
21:51:25.0766 3792 HidIr - ok
21:51:25.0908 3792 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:51:25.0909 3792 HidUsb - ok
21:51:26.0012 3792 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:51:26.0013 3792 HpSAMD - ok
21:51:26.0117 3792 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:51:26.0134 3792 HTTP - ok
21:51:26.0234 3792 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:51:26.0234 3792 hwpolicy - ok
21:51:26.0330 3792 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:51:26.0331 3792 i8042prt - ok
21:51:26.0450 3792 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:51:26.0452 3792 iaStorV - ok
21:51:26.0558 3792 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
21:51:26.0559 3792 iirsp - ok
21:51:26.0683 3792 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:51:26.0684 3792 intelide - ok
21:51:26.0790 3792 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:51:26.0791 3792 intelppm - ok
21:51:26.0910 3792 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:26.0910 3792 IpFilterDriver - ok
21:51:27.0015 3792 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:51:27.0016 3792 IPMIDRV - ok
21:51:27.0116 3792 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:51:27.0117 3792 IPNAT - ok
21:51:27.0223 3792 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:51:27.0224 3792 IRENUM - ok
21:51:27.0313 3792 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:51:27.0314 3792 isapnp - ok
21:51:27.0411 3792 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:51:27.0414 3792 iScsiPrt - ok
21:51:27.0514 3792 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:51:27.0515 3792 kbdclass - ok
21:51:27.0612 3792 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:51:27.0612 3792 kbdhid - ok
21:51:27.0706 3792 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:51:27.0707 3792 KSecDD - ok
21:51:27.0790 3792 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:51:27.0791 3792 KSecPkg - ok
21:51:27.0905 3792 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:51:27.0906 3792 lltdio - ok
21:51:28.0019 3792 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
21:51:28.0020 3792 LSI_FC - ok
21:51:28.0133 3792 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
21:51:28.0134 3792 LSI_SAS - ok
21:51:28.0243 3792 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
21:51:28.0244 3792 LSI_SAS2 - ok
21:51:28.0342 3792 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
21:51:28.0343 3792 LSI_SCSI - ok
21:51:28.0452 3792 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:51:28.0454 3792 luafv - ok
21:51:28.0552 3792 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
21:51:28.0552 3792 megasas - ok
21:51:28.0664 3792 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
21:51:28.0667 3792 MegaSR - ok
21:51:28.0788 3792 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:51:28.0789 3792 Modem - ok
21:51:28.0893 3792 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:51:28.0893 3792 monitor - ok
21:51:29.0002 3792 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:51:29.0003 3792 mouclass - ok
21:51:29.0119 3792 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:51:29.0120 3792 mouhid - ok
21:51:29.0215 3792 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:51:29.0216 3792 mountmgr - ok
21:51:29.0343 3792 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:51:29.0344 3792 MpFilter - ok
21:51:29.0443 3792 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:51:29.0445 3792 mpio - ok
21:51:29.0584 3792 MpKsldbf7780b (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AE93D21-F9F3-4B4C-B960-79F0CB496DD2}\MpKsldbf7780b.sys
21:51:29.0584 3792 MpKsldbf7780b - ok
21:51:29.0702 3792 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:51:29.0702 3792 MpNWMon - ok
21:51:29.0800 3792 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:51:29.0801 3792 mpsdrv - ok
21:51:29.0906 3792 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:51:29.0908 3792 MRxDAV - ok
21:51:30.0025 3792 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:30.0026 3792 mrxsmb - ok
21:51:30.0143 3792 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:30.0145 3792 mrxsmb10 - ok
21:51:30.0245 3792 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:30.0246 3792 mrxsmb20 - ok
21:51:30.0341 3792 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:51:30.0342 3792 msahci - ok
21:51:30.0438 3792 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:51:30.0439 3792 msdsm - ok
21:51:30.0551 3792 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:51:30.0560 3792 Msfs - ok
21:51:30.0653 3792 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:51:30.0654 3792 mshidkmdf - ok
21:51:30.0750 3792 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:51:30.0750 3792 msisadrv - ok
21:51:30.0873 3792 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:51:30.0874 3792 MSKSSRV - ok
21:51:31.0008 3792 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:31.0008 3792 MSPCLOCK - ok
21:51:31.0118 3792 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:51:31.0118 3792 MSPQM - ok
21:51:31.0221 3792 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:51:31.0231 3792 MsRPC - ok
21:51:31.0334 3792 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:51:31.0335 3792 mssmbios - ok
21:51:31.0443 3792 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:51:31.0443 3792 MSTEE - ok
21:51:31.0541 3792 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
21:51:31.0542 3792 MTConfig - ok
21:51:31.0641 3792 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:51:31.0642 3792 Mup - ok
21:51:31.0756 3792 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:51:31.0765 3792 NativeWifiP - ok
21:51:31.0887 3792 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:51:31.0913 3792 NDIS - ok
21:51:32.0024 3792 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:51:32.0025 3792 NdisCap - ok
21:51:32.0124 3792 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:32.0125 3792 NdisTapi - ok
21:51:32.0226 3792 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:32.0227 3792 Ndisuio - ok
21:51:32.0325 3792 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:32.0326 3792 NdisWan - ok
21:51:32.0421 3792 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:51:32.0432 3792 NDProxy - ok
21:51:32.0555 3792 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:51:32.0555 3792 NetBIOS - ok
21:51:32.0657 3792 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:51:32.0659 3792 NetBT - ok
21:51:32.0808 3792 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
21:51:32.0809 3792 nfrd960 - ok
21:51:32.0914 3792 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:51:32.0915 3792 NisDrv - ok
21:51:33.0038 3792 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:51:33.0048 3792 Npfs - ok
21:51:33.0153 3792 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:51:33.0154 3792 nsiproxy - ok
21:51:33.0274 3792 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:51:33.0379 3792 Ntfs - ok
21:51:33.0468 3792 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:51:33.0475 3792 Null - ok
21:51:33.0584 3792 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:51:33.0585 3792 nvraid - ok
21:51:33.0685 3792 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:51:33.0686 3792 nvstor - ok
21:51:33.0779 3792 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:51:33.0780 3792 nv_agp - ok
21:51:33.0871 3792 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:51:33.0872 3792 ohci1394 - ok
21:51:33.0987 3792 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:51:33.0988 3792 Parport - ok
21:51:34.0094 3792 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:51:34.0094 3792 partmgr - ok
21:51:34.0187 3792 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:51:34.0188 3792 Parvdm - ok
21:51:34.0294 3792 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:51:34.0296 3792 pci - ok
21:51:34.0389 3792 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:51:34.0390 3792 pciide - ok
21:51:34.0490 3792 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
21:51:34.0491 3792 pcmcia - ok
21:51:34.0585 3792 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:51:34.0586 3792 pcw - ok
21:51:34.0689 3792 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:51:34.0722 3792 PEAUTH - ok
21:51:34.0864 3792 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:51:34.0865 3792 PptpMiniport - ok
21:51:34.0962 3792 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
21:51:34.0963 3792 Processor - ok
21:51:35.0076 3792 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:51:35.0077 3792 Psched - ok
21:51:35.0196 3792 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
21:51:35.0222 3792 ql2300 - ok
21:51:35.0323 3792 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
21:51:35.0324 3792 ql40xx - ok
21:51:35.0425 3792 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:51:35.0426 3792 QWAVEdrv - ok
21:51:35.0522 3792 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:51:35.0523 3792 RasAcd - ok
21:51:35.0616 3792 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:51:35.0616 3792 RasAgileVpn - ok
21:51:35.0726 3792 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:35.0727 3792 Rasl2tp - ok
21:51:35.0837 3792 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:35.0838 3792 RasPppoe - ok
21:51:35.0944 3792 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:51:35.0945 3792 RasSstp - ok
21:51:36.0050 3792 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:51:36.0052 3792 rdbss - ok
21:51:36.0150 3792 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:51:36.0150 3792 rdpbus - ok
21:51:36.0235 3792 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:36.0236 3792 RDPCDD - ok
21:51:36.0341 3792 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:51:36.0343 3792 RDPDR - ok
21:51:36.0445 3792 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:51:36.0446 3792 RDPENCDD - ok
21:51:36.0548 3792 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:51:36.0548 3792 RDPREFMP - ok
21:51:36.0643 3792 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
21:51:36.0644 3792 RdpVideoMiniport - ok
21:51:36.0739 3792 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:51:36.0753 3792 RDPWD - ok
21:51:36.0880 3792 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:51:36.0882 3792 rdyboost - ok
21:51:37.0023 3792 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:51:37.0023 3792 rspndr - ok
21:51:37.0128 3792 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:51:37.0130 3792 RTL8167 - ok
21:51:37.0260 3792 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:51:37.0260 3792 s3cap - ok
21:51:37.0377 3792 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:51:37.0378 3792 sbp2port - ok
21:51:37.0480 3792 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:51:37.0480 3792 scfilter - ok
21:51:37.0585 3792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:51:37.0595 3792 secdrv - ok
21:51:37.0716 3792 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:51:37.0716 3792 Serenum - ok
21:51:37.0809 3792 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:51:37.0810 3792 Serial - ok
21:51:37.0913 3792 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
21:51:37.0913 3792 sermouse - ok
21:51:38.0021 3792 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:51:38.0021 3792 sffdisk - ok
21:51:38.0116 3792 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:51:38.0117 3792 sffp_mmc - ok
21:51:38.0214 3792 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:51:38.0215 3792 sffp_sd - ok
21:51:38.0310 3792 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
21:51:38.0310 3792 sfloppy - ok
21:51:38.0414 3792 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:51:38.0415 3792 sisagp - ok
21:51:38.0522 3792 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
21:51:38.0522 3792 SiSRaid2 - ok
21:51:38.0619 3792 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
21:51:38.0620 3792 SiSRaid4 - ok
21:51:38.0719 3792 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:51:38.0720 3792 Smb - ok
21:51:38.0860 3792 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:51:38.0867 3792 spldr - ok
21:51:38.0976 3792 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:51:38.0979 3792 srv - ok
21:51:39.0080 3792 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:51:39.0088 3792 srv2 - ok
21:51:39.0182 3792 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:51:39.0184 3792 srvnet - ok
21:51:39.0296 3792 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
21:51:39.0297 3792 stexstor - ok
21:51:39.0406 3792 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:51:39.0407 3792 storflt - ok
21:51:39.0516 3792 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:51:39.0517 3792 storvsc - ok
21:51:39.0610 3792 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:51:39.0611 3792 swenum - ok
21:51:39.0729 3792 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
21:51:39.0730 3792 Synth3dVsc - ok
21:51:39.0877 3792 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:51:39.0884 3792 Tcpip - ok
21:51:40.0027 3792 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:51:40.0034 3792 TCPIP6 - ok
21:51:40.0130 3792 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:51:40.0131 3792 tcpipreg - ok
21:51:40.0224 3792 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:51:40.0225 3792 TDPIPE - ok
21:51:40.0318 3792 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:51:40.0319 3792 TDTCP - ok
21:51:40.0417 3792 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:51:40.0418 3792 tdx - ok
21:51:40.0521 3792 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
21:51:40.0522 3792 TermDD - ok
21:51:40.0624 3792 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
21:51:40.0624 3792 terminpt - ok
21:51:40.0757 3792 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:40.0758 3792 tssecsrv - ok
21:51:40.0861 3792 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:51:40.0862 3792 TsUsbFlt - ok
21:51:40.0963 3792 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
21:51:40.0964 3792 TsUsbGD - ok
21:51:41.0062 3792 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
21:51:41.0063 3792 tsusbhub - ok
21:51:41.0179 3792 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:51:41.0180 3792 tunnel - ok
21:51:41.0281 3792 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
21:51:41.0282 3792 uagp35 - ok
21:51:41.0387 3792 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:51:41.0390 3792 udfs - ok
21:51:41.0502 3792 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:51:41.0503 3792 uliagpkx - ok
21:51:41.0618 3792 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:51:41.0619 3792 umbus - ok
21:51:41.0721 3792 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
21:51:41.0722 3792 UmPass - ok
21:51:41.0836 3792 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:51:41.0836 3792 USBAAPL - ok
21:51:41.0937 3792 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:41.0938 3792 usbccgp - ok
21:51:42.0033 3792 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:51:42.0035 3792 usbcir - ok
21:51:42.0134 3792 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:51:42.0135 3792 usbehci - ok
21:51:42.0251 3792 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:51:42.0254 3792 usbhub - ok
21:51:42.0352 3792 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:51:42.0353 3792 usbohci - ok
21:51:42.0457 3792 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:51:42.0458 3792 usbprint - ok
21:51:42.0572 3792 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
21:51:42.0573 3792 usbser - ok
21:51:42.0696 3792 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:42.0697 3792 USBSTOR - ok
21:51:42.0796 3792 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:51:42.0797 3792 usbuhci - ok
21:51:42.0907 3792 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:51:42.0907 3792 vdrvroot - ok
21:51:43.0017 3792 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:43.0018 3792 vga - ok
21:51:43.0122 3792 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:51:43.0122 3792 VgaSave - ok
21:51:43.0197 3792 VGPU - ok
21:51:43.0307 3792 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:51:43.0309 3792 vhdmp - ok
21:51:43.0421 3792 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:51:43.0422 3792 viaagp - ok
21:51:43.0527 3792 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
21:51:43.0528 3792 ViaC7 - ok
21:51:43.0627 3792 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:51:43.0628 3792 viaide - ok
21:51:43.0741 3792 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:51:43.0743 3792 vmbus - ok
21:51:43.0839 3792 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:51:43.0840 3792 VMBusHID - ok
21:51:43.0933 3792 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:51:43.0934 3792 volmgr - ok
21:51:44.0041 3792 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:51:44.0044 3792 volmgrx - ok
21:51:44.0147 3792 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:51:44.0149 3792 volsnap - ok
21:51:44.0254 3792 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
21:51:44.0256 3792 vsmraid - ok
21:51:44.0361 3792 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:51:44.0362 3792 vwifibus - ok
21:51:44.0462 3792 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
21:51:44.0463 3792 WacomPen - ok
21:51:44.0572 3792 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:44.0573 3792 WANARP - ok
21:51:44.0577 3792 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:44.0577 3792 Wanarpv6 - ok
21:51:44.0719 3792 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
21:51:44.0720 3792 Wd - ok
21:51:44.0836 3792 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:51:44.0852 3792 Wdf01000 - ok
21:51:44.0986 3792 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:51:44.0987 3792 WfpLwf - ok
21:51:45.0087 3792 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:51:45.0088 3792 WIMMount - ok
21:51:45.0237 3792 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:51:45.0238 3792 WinUsb - ok
21:51:45.0353 3792 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:51:45.0354 3792 WmiAcpi - ok
21:51:45.0476 3792 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:51:45.0476 3792 ws2ifsl - ok
21:51:45.0591 3792 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:51:45.0592 3792 WudfPf - ok
21:51:45.0707 3792 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:45.0709 3792 WUDFRd - ok
21:51:45.0738 3792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:51:45.0742 3792 \Device\Harddisk1\DR1 - ok
21:51:45.0750 3792 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:51:45.0754 3792 \Device\Harddisk0\DR0 - ok
21:51:45.0757 3792 Boot (0x1200) (4ef3cb7fbb6bd733e1a4ee6468057cdf) \Device\Harddisk1\DR1\Partition0
21:51:45.0758 3792 \Device\Harddisk1\DR1\Partition0 - ok
21:51:45.0767 3792 Boot (0x1200) (e72cb8c3921e9f1c24a0eb175d45ca8d) \Device\Harddisk0\DR0\Partition0
21:51:45.0768 3792 \Device\Harddisk0\DR0\Partition0 - ok
21:51:45.0768 3792 ============================================================
21:51:45.0768 3792 Scan finished
21:51:45.0768 3792 ============================================================
21:51:45.0776 1476 Detected object count: 0
21:51:45.0776 1476 Actual detected object count: 0

#8 Příspěvek od **vyosek** » 12 pro 2011 22:01

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

MihhC · #9 Příspěvek od **MihhC** » 12 pro 2011 22:42

Smazáno lde návodu, oskenováno, výsledek níže:

______________________________________________________________________

ComboFix 11-12-12.02 - N_PC 12.12.2011 22:28:59.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3326.2284 [GMT 1:00]
Spuštěný z: c:\users\N_PC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\7Loader.TAG
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-12 do 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 21:34 . 2011-12-12 21:34 -------- d-----w- c:\users\N_PC\AppData\Local\temp
2011-12-12 21:34 . 2011-12-12 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-12 20:34 . 2011-12-12 20:34 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53AA3F5D-F1CF-4E9D-AE97-6CC9B689B861}\gapaengine.dll
2011-12-12 20:34 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AE93D21-F9F3-4B4C-B960-79F0CB496DD2}\mpengine.dll
2011-12-12 20:31 . 2011-12-12 20:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-12 19:00 . 2011-12-12 20:35 -------- d-----w- c:\program files\trend micro
2011-12-12 19:00 . 2011-12-12 19:01 -------- d-----w- C:\rsit
2011-12-09 13:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67A64440-58AE-45F3-A956-618460F4B0E2}\mpengine.dll
2011-12-03 23:53 . 2011-12-03 23:53 -------- d-----w- c:\users\N_PC\AppData\Roaming\Quark
2011-12-03 23:53 . 2011-12-03 23:53 -------- d-----w- c:\users\N_PC\AppData\Local\Quark
2011-12-03 23:51 . 2011-12-03 23:51 -------- d-----w- c:\program files\Quark
2011-11-28 23:38 . 2011-11-28 23:43 -------- d-----w- c:\program files\JDownloader
2011-11-25 11:17 . 2011-11-25 13:07 -------- d-----w- c:\users\N_PC\AppData\Roaming\Might & Magic Heroes VI
2011-11-25 11:17 . 2011-11-25 11:17 -------- d-----w- c:\users\N_PC\AppData\Local\Ubisoft Game Launcher
2011-11-25 11:09 . 2011-11-25 11:09 -------- d-----w- c:\program files\Ubisoft
2011-11-23 15:33 . 2011-11-23 15:33 -------- d-----w- c:\users\N_PC\AppData\Roaming\Auslogics
2011-11-22 21:37 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-11-22 16:27 . 2011-11-22 16:27 -------- d-----w- c:\users\N_PC\AppData\Roaming\Adobe Mini Bridge CS5
2011-11-22 16:27 . 2011-11-22 16:27 -------- d-----w- c:\users\N_PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-18 19:06 . 2011-11-18 19:06 -------- d-----w- c:\programdata\McAfee
2011-11-17 00:35 . 2011-11-17 00:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 19:06 . 2011-09-06 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 16:03 . 2011-11-09 00:02 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 00:02 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-09-24 09:11 . 2011-09-24 09:11 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-20 09:57 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-09-20 09:57 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-18 16:09 . 2011-09-18 16:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-10 12:11 . 2011-09-16 12:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9C42511-9B41-42c1-9DCD-7282A2D07C65}]
2011-09-27 15:02 81920 ----a-w- c:\program files\HDVid Web Player\HDVid091.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-10-10 17:00 127040 ----a-w- c:\program files\ICQ7.6\ICQ.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-06 1343400]
S1 MpKsl72ad5768;MpKsl72ad5768;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AE93D21-F9F3-4B4C-B960-79F0CB496DD2}\MpKsl72ad5768.sys [2011-12-12 29904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-06 232512]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL72AD5768
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 217.195.165.131 217.195.160.10
FF - ProfilePath - c:\users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4094041327-3294846798-1764797271-1001\Software\SecuROM\License information*]
"datasecu"=hex:7a,18,93,ab,d7,a7,10,99,14,33,6a,d2,33,5e,ee,7d,b0,e8,60,0f,ba,
61,71,9e,08,9f,ba,df,83,40,4b,07,42,1b,41,e7,b7,86,b0,b1,00,87,2b,e1,4f,4a,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-12-12 22:35:31
ComboFix-quarantined-files.txt 2011-12-12 21:35
.
Před spuštěním: Volných bajtů: 46 613 778 432
Po spuštění: Volných bajtů: 46 541 639 680
.
- - End Of File - - 648BA8124E85F983D3E3B26919018F6C

#10 Příspěvek od **vyosek** » 13 pro 2011 08:52

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
C:\Program Files\ESET

File::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"SunJavaUpdateSched"=-
"APSDaemon"=-
"iTunesHelper"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

RegNull::
[HKEY_USERS\S-1-5-21-4094041327-3294846798-1764797271-1001\Software\SecuROM\License information*]

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

MihhC · #11 Příspěvek od **MihhC** » 13 pro 2011 17:13

Přesně dle instrukcí:

_______________________________________________________________________________

ComboFix 11-12-12.02 - N_PC 13.12.2011 16:55:33.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3326.2339 [GMT 1:00]
Spuštěný z: c:\users\N_PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\N_PC\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-13 do 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-13 16:00 . 2011-12-13 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 13:15 . 2011-12-13 13:15 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16A33528-78BA-4501-8E8C-98D6E9ABD128}\MpKslfe3efbc8.sys
2011-12-13 13:15 . 2011-12-13 16:01 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16A33528-78BA-4501-8E8C-98D6E9ABD128}\offreg.dll
2011-12-12 22:34 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16A33528-78BA-4501-8E8C-98D6E9ABD128}\mpengine.dll
2011-12-12 21:34 . 2011-12-13 16:02 -------- d-----w- c:\users\N_PC\AppData\Local\temp
2011-12-12 20:34 . 2011-12-12 20:34 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53AA3F5D-F1CF-4E9D-AE97-6CC9B689B861}\gapaengine.dll
2011-12-12 20:31 . 2011-12-12 20:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-12 19:00 . 2011-12-12 20:35 -------- d-----w- c:\program files\trend micro
2011-12-12 19:00 . 2011-12-12 19:01 -------- d-----w- C:\rsit
2011-12-09 13:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67A64440-58AE-45F3-A956-618460F4B0E2}\mpengine.dll
2011-12-03 23:53 . 2011-12-03 23:53 -------- d-----w- c:\users\N_PC\AppData\Roaming\Quark
2011-12-03 23:53 . 2011-12-03 23:53 -------- d-----w- c:\users\N_PC\AppData\Local\Quark
2011-12-03 23:51 . 2011-12-03 23:51 -------- d-----w- c:\program files\Quark
2011-11-28 23:38 . 2011-11-28 23:43 -------- d-----w- c:\program files\JDownloader
2011-11-25 11:17 . 2011-11-25 13:07 -------- d-----w- c:\users\N_PC\AppData\Roaming\Might & Magic Heroes VI
2011-11-25 11:17 . 2011-11-25 11:17 -------- d-----w- c:\users\N_PC\AppData\Local\Ubisoft Game Launcher
2011-11-25 11:09 . 2011-11-25 11:09 -------- d-----w- c:\program files\Ubisoft
2011-11-23 15:33 . 2011-11-23 15:33 -------- d-----w- c:\users\N_PC\AppData\Roaming\Auslogics
2011-11-22 21:37 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-11-22 16:27 . 2011-11-22 16:27 -------- d-----w- c:\users\N_PC\AppData\Roaming\Adobe Mini Bridge CS5
2011-11-22 16:27 . 2011-11-22 16:27 -------- d-----w- c:\users\N_PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-18 19:06 . 2011-11-18 19:06 -------- d-----w- c:\programdata\McAfee
2011-11-17 00:35 . 2011-11-17 00:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 19:06 . 2011-09-06 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 16:03 . 2011-11-09 00:02 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 00:02 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-09-24 09:11 . 2011-09-24 09:11 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-20 09:57 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-09-20 09:57 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-18 16:09 . 2011-09-18 16:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-10 12:11 . 2011-09-16 12:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9C42511-9B41-42c1-9DCD-7282A2D07C65}]
2011-09-27 15:02 81920 ----a-w- c:\program files\HDVid Web Player\HDVid091.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-06 1343400]
S1 MpKslfe3efbc8;MpKslfe3efbc8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16A33528-78BA-4501-8E8C-98D6E9ABD128}\MpKslfe3efbc8.sys [2011-12-13 29904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-06 232512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 217.195.165.131 217.195.160.10
FF - ProfilePath - c:\users\N_PC\AppData\Roaming\Mozilla\Firefox\Profiles\80s22x0e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-12-13 17:05:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-13 16:05
ComboFix2.txt 2011-12-12 21:35
.
Před spuštěním: Volných bajtů: 45 670 658 048
Po spuštění: Volných bajtů: 45 644 791 808
.
- - End Of File - - 0CAEF20F4FE056EDB0586B0CD8555D15

#12 Příspěvek od **vyosek** » 13 pro 2011 17:17

Fajn, jak se chova nas pacient

MihhC · #13 Příspěvek od **MihhC** » 13 pro 2011 17:25

Dobrý, je rychlý a tichý, spíše rychlejší a tišší.

Ale pravda, že předtím taky víceméně fungoval v pohodě.
Mě se nedělo nic zásadního teda, typu restarty, padání, atp. Ačkoliv říkáte, že tam toho bylo nemálo

...

Pokud je to vše, tak Vám moc děkuju(snad ne předčasně).

Snad mohu otravovat s 2 offtpicy:
Jak poznám že je antivir odpojen?
Je nějaký návod(nebo spíše doporučení či zkušenost), jak tuto práci provést sám?

Děkuju M.

#14 Příspěvek od **vyosek** » 13 pro 2011 17:31

Ze neni antivir zcela v poradku se da poznat tak ze treba nebezi v procesech, nema ikonu v tray liste. Nebo pokud je vyrazena treba jen jeho cast, tak na to sam upozorni, jelikoz si vetsinou antivir jako celek kontroluje vsechny svoje soucasti.

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou dalsi problemy ci dotazy, je to z me strany vse

VIRY.CZ

Viry dle Antiviru

Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru

Re: Viry dle Antiviru