nefunkční prohlížení webu - kontrola logu z ComboFixu

Zpráva

morty · #1 Příspěvek od **morty** » 13 bře 2012 13:16

zdravím, fest zavirovaný notebook už jakž takž dejchá, ale nefunguje internet (na DNS, i číselnou adresu seznam.cz si pingnu, ale když dám přímo ping www.seznam.cz, tak jí nepřeloží. combofix spravil nemožnost načtení služeb brána firewall/sdílení připojení k internetu.. díky morty

log z ComboFixu zde:

ComboFix 12-03-12.03 - msi 13.03.2012 12:50:00.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2815.2516 [GMT 1:00]
Spuštěný z: c:\documents and settings\msi\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB15443$
c:\windows\$NtUninstallKB15443$\18386424
c:\windows\$NtUninstallKB15443$\2572835574\@
c:\windows\$NtUninstallKB15443$\2572835574\L\zaamqxei
c:\windows\$NtUninstallKB15443$\2572835574\loader.tlb
c:\windows\$NtUninstallKB15443$\2572835574\U\@00000001
c:\windows\$NtUninstallKB15443$\2572835574\U\@000000c0
c:\windows\$NtUninstallKB15443$\2572835574\U\@000000cb
c:\windows\$NtUninstallKB15443$\2572835574\U\@000000cf
c:\windows\$NtUninstallKB15443$\2572835574\U\@80000000
c:\windows\$NtUninstallKB15443$\2572835574\U\@800000c0
c:\windows\$NtUninstallKB15443$\2572835574\U\@800000cb
c:\windows\$NtUninstallKB15443$\2572835574\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4da0e206b95a810c.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\ce62216e390a6e65.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d61a9a23fc5ad19f.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\StillCam.dll
c:\windows\system32\tmp25.tmp
c:\windows\system32\tmp26.tmp
.
c:\windows\system32\drivers\afd.sys chyběl.
Obnovena kopie z - c:\windows\system32\dllcache\afd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_EMU10K1
-------\Legacy_NM
-------\Legacy_RADIOSVR
-------\Service_6to4
-------\Service_emu10k1
-------\Service_nm
-------\Service_radiosvr
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-11 17:14 . 2001-10-24 11:24 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-03-11 17:13 . 2008-04-13 22:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-03-11 17:12 . 2001-10-24 10:48 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2012-03-11 17:11 . 2001-10-24 10:51 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2012-03-11 17:10 . 2008-04-14 07:51 377984 -c--a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2012-03-10 19:15 . 2012-03-10 19:26 -------- d-----w- c:\documents and settings\Administrator
2012-03-10 17:30 . 2012-03-10 17:30 -------- d-----w- c:\documents and settings\msi\Data aplikací\Malwarebytes
2012-03-10 17:30 . 2012-03-10 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-10 17:30 . 2012-03-10 17:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-03-10 17:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 19:36 . 2012-03-09 19:36 -------- d-----w- c:\documents and settings\msi\Local Settings\Data aplikací\Ahead
2012-03-05 18:18 . 2012-03-05 18:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-03-04 20:49 . 2012-03-05 15:08 -------- d-sh--w- c:\documents and settings\msi\Local Settings\Data aplikací\995a5af6
2012-03-02 15:46 . 2012-03-02 15:46 -------- d-----r- c:\documents and settings\msi\Data aplikací\Brother
2012-02-21 17:45 . 2012-02-21 17:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-21 17:45 . 2012-02-21 17:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-21 17:45 . 2012-02-21 17:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-21 17:45 . 2012-02-21 17:45 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-17 18:44 . 2012-02-17 18:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-15 16:03 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 16:03 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 18:36 . 2012-02-13 18:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VST3 Presets
2012-02-13 17:46 . 2012-02-13 17:46 -------- d-----w- c:\program files\Common Files\Steinberg
2012-02-13 17:46 . 2012-02-13 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Steinberg
2012-02-13 17:44 . 2012-02-13 17:52 -------- d-----w- c:\documents and settings\msi\Data aplikací\Steinberg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:50 . 2011-06-10 06:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2008-04-14 05:45 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2008-04-14 06:52 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2012-02-21 17:45 . 2011-05-08 20:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2011-04-01 03:10 351448 ------w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-4-3 745472]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-23 15:10 140568 ------w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-23 16:58 906648 ------w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-02-10 09:03 745472 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 13:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative KSRun Persistence Module]
2010-08-03 04:22 25600 ------r- c:\windows\system32\KSRun.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTAPR2]
2008-08-07 14:50 61546 ------w- c:\program files\Creative\Sound Blaster X-Fi Go Pro\Console Launcher 3\Entertainment Console\CTAPR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 18:01 46368 ------w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-08 17:28 13594624 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-05-08 17:28 1650688 ------w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
2009-11-23 17:02 26624 ------w- c:\documents and settings\msi\Data aplikací\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 18:03 29984 ------w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-27 03:22 17567744 ------w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-23 15:05 2615624 ------w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2010-02-18 17:27 241789 ------w- c:\program files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"NVSvc"=2 (0x2)
"NitroReaderDriverReadSpool"=2 (0x2)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"CTAudSvcService"=2 (0x2)
"Creative Media Toolbox 6 Licensing Service"=3 (0x3)
"Creative Audio Engine Licensing Service"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [24.11.2009 0:37 45344]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.11.2009 0:40 1684736]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [25.2.2011 8:31 1210624]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [25.2.2011 8:31 2016640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.3.2012 18:30 20464]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [25.2.2011 8:29 79360]
S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [25.2.2011 8:49 79360]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.4.2011 17:22 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.4.2011 17:22 136176]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.3.2012 18:30 652360]
S4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14.1.2011 12:35 196912]
.
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
S3GIGP
sdcoreservice
autocomplete
ezplay
EIO
pdlncbas
ipodservice
G400DH
easdrv
epstnt01
WmHidLo
w810obex
bthenum
ctxhttp
hamachi
rtl8023
zebrmdm
comhost
atitunep
IASJet
arrayssl_vpn_service3,0,1,9
WmXlCore
se44mgmt
SNC
anbmservice
ntrtscan
dptrackerd
sfsync04
was
bc_ip_f
bwmservice
roxupnprenderer
FGDSCSI
SrvcTPIOMngr
pcradminserver
CTERFXFX.DLL
cpqvcagent
cpqdmi
tmesbs32
pavdrv
elbydelay
pcx1unic
U2SP
fsssvc
FontCache3.0.0.0.
pxfhbus
nalntservice
apache
oracle_load_balancer_60_client-forms6i
vzupsvc
aawservice
NWSLP
StMp3Rec
bc_filter
VirtualCam
netdevio
odclientservice
LHidFilt
W2acehid
U81xbus
dpc_srv_webcast
pdlndlpb
w200mgmt
PGPwded
3comtftp
sandradatasrv
zpjobq
s117unic
sonytvc
TVALG
ccpwdsvc
JavaQuickStarterService
tng-dts
Accelerometer
vmware
SprintRcAppSvc
imagedrv
FETNDISB
Anydlc
ntsyslog
TeamViewer
qkbfiltr
proxyhostservice
smcirda
RTLE8023xp
artourservice
SRS_SSCFilter
nisvcloc
bcoreusb
mferkdk
kl1
Via4in1
pdlnacom
CAMFLT
PAR1284
lemsgt
se59mdfl
symsnap
awlegacy
uclauncherservice
UimBus
mpfp
PSSdk21
defwatch
tvicport
FlexBios
DirectUpdate
TuneUp.Defrag
quickhealfirewall
protectionservice
ATIBTXBAR
incdpass
upperdev
puscsrvc
ksthunk
logonsvcid
cpqnicmgmt
dladresm
ASMMAP
wceusbsh
mcdbus
zppinger
statusagent
bdfdll
adpu320
clsched
efs
XUIF
nmwcdcm
mfetdik
ESDCR
remotelyanywhere
hidgame
AmdIde
atkdisplf
aswmon2
scdemu
ma763004
irsir
AMDPCI
atiavaiw
fingrd32
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
dcpflics
hdthermal
ntiopnp
TMMEmu
rtl8029
LCcfltr
RivaTuner32
SimpTcp
z525mdfl
sansaservice
blueservice
adminserver
rismxdp
hpzipr12
BRGSp50
unrealircd
PTproct
s117mdfl
dtscsi
rchost
tbaspi
ithsgt
SPFDRV
dlacdbhm
webupdate
hpwirelessmgr
trackcam4
rkhdrv31
UlSata
HSFHWALI
SiSRaid2
epgspooler
msftpsvc
s125bus
issuser
cvspydr2
nscirda
clmtomcatstartersvc
siskp
STV680m
cobbmservice
sony_ssm.sys
s116mdm
SaiMini
CTMSHD
apache2
cacheserver
vaiomediaplatform-integratedserver-appserver
AFGSp50
ICAM5USB
mirrorv3
guardian2
Machnm32
InCDsrvR
belmonitorservice
zfdwm
tapvpn
transactional
DevUpper
gdihook5
msvad_simple
crystaloutputfileserver
PTDCVsp
mgactrl
pavfnsvr
p2pgasvc
ultra66
mqdmmdfl
caili
Rawwan
zebrsce
wpshelper
enecbpth
tifm21
lxcd_device
procmon10
ovmsmaccessmanager
palmusbd
LVVI500A
snmptrapdservice
dcevt32
ni_nic
Wuser32
pciSd
cygserver
backupexecjobengine
xpadminserver
NWDHCP
pdlnepkt
viagfx
Evian
FVNETusb
bdftdif
pavatscheduler
avg7alrt
VAIOMediaPlatform-VideoServer-HTTP
wdm_au8820
SE2Bobex
milshieldcleaner
el90xbc
M2500
db2ntsecserver
netrcacm
spmd
cq_mem
tfsndres
bcm4sbxp
wampapache
emproxy
erecoveryservice
FsVga
pdfcreatormessages
awservice
IWCA
NetMsmqActivator
ixiaendpoint
gotomypc
EMCFILT
n558
dlapoolm
mfesmfk
MTC0001_ESB
MREMP50
w29n51
vetmsgnt
AppnBase
carboncopy32
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-25 16:22]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-25 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80093&lng=cs
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0A2861B4-74C7-46F8-9923-5D151BA79BED}: NameServer = 193.165.192.9
FF - ProfilePath - c:\documents and settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Celkový čas: 2012-03-13 12:59:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-13 11:59
.
Před spuštěním: Volných bajtů: 115 397 320 704
Po spuštění: Volných bajtů: 115 580 366 848
.
- - End Of File - - 1FB1AA6C709913C2D32FB307D2F90B43

morty · #2 Příspěvek od **morty** » 13 bře 2012 13:23

přikládám i log z RSITu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by msi at 2012-03-13 13:21:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 110 GB (69%) free of 160 GB
Total RAM: 2815 MB (87% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, toolbar@ask.com:3.9.1.14019, inboxcomtoolbar@inbox.com:1.0.0.44, {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.4, siteranker@siteranker.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"siteranker@siteranker.com"=C:\Program Files\SiteRanker\firefox\
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 12\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox 4.0 Beta 12\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 12\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-100.xml
icqplugin-101.xml
icqplugin-102.xml
icqplugin-103.xml
icqplugin-104.xml
icqplugin-105.xml
icqplugin-106.xml
icqplugin-107.xml
icqplugin-108.xml
icqplugin-109.xml
icqplugin-11.xml
icqplugin-110.xml
icqplugin-111.xml
icqplugin-112.xml
icqplugin-113.xml
icqplugin-114.xml
icqplugin-115.xml
icqplugin-116.xml
icqplugin-117.xml
icqplugin-118.xml
icqplugin-119.xml
icqplugin-12.xml
icqplugin-120.xml
icqplugin-121.xml
icqplugin-122.xml
icqplugin-123.xml
icqplugin-124.xml
icqplugin-125.xml
icqplugin-126.xml
icqplugin-127.xml
icqplugin-128.xml
icqplugin-129.xml
icqplugin-13.xml
icqplugin-130.xml
icqplugin-131.xml
icqplugin-132.xml
icqplugin-133.xml
icqplugin-134.xml
icqplugin-135.xml
icqplugin-136.xml
icqplugin-137.xml
icqplugin-138.xml
icqplugin-139.xml
icqplugin-14.xml
icqplugin-140.xml
icqplugin-141.xml
icqplugin-142.xml
icqplugin-143.xml
icqplugin-144.xml
icqplugin-145.xml
icqplugin-146.xml
icqplugin-147.xml
icqplugin-148.xml
icqplugin-149.xml
icqplugin-15.xml
icqplugin-150.xml
icqplugin-151.xml
icqplugin-152.xml
icqplugin-153.xml
icqplugin-154.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-27.xml
icqplugin-28.xml
icqplugin-29.xml
icqplugin-3.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
icqplugin-33.xml
icqplugin-34.xml
icqplugin-35.xml
icqplugin-36.xml
icqplugin-37.xml
icqplugin-38.xml
icqplugin-39.xml
icqplugin-4.xml
icqplugin-40.xml
icqplugin-41.xml
icqplugin-42.xml
icqplugin-43.xml
icqplugin-44.xml
icqplugin-45.xml
icqplugin-46.xml
icqplugin-47.xml
icqplugin-48.xml
icqplugin-49.xml
icqplugin-5.xml
icqplugin-50.xml
icqplugin-51.xml
icqplugin-52.xml
icqplugin-53.xml
icqplugin-54.xml
icqplugin-55.xml
icqplugin-56.xml
icqplugin-57.xml
icqplugin-58.xml
icqplugin-59.xml
icqplugin-6.xml
icqplugin-60.xml
icqplugin-61.xml
icqplugin-62.xml
icqplugin-63.xml
icqplugin-64.xml
icqplugin-65.xml
icqplugin-66.xml
icqplugin-67.xml
icqplugin-68.xml
icqplugin-69.xml
icqplugin-7.xml
icqplugin-70.xml
icqplugin-71.xml
icqplugin-72.xml
icqplugin-73.xml
icqplugin-74.xml
icqplugin-75.xml
icqplugin-76.xml
icqplugin-77.xml
icqplugin-78.xml
icqplugin-79.xml
icqplugin-8.xml
icqplugin-80.xml
icqplugin-81.xml
icqplugin-82.xml
icqplugin-83.xml
icqplugin-84.xml
icqplugin-85.xml
icqplugin-86.xml
icqplugin-87.xml
icqplugin-88.xml
icqplugin-89.xml
icqplugin-9.xml
icqplugin-90.xml
icqplugin-91.xml
icqplugin-92.xml
icqplugin-93.xml
icqplugin-94.xml
icqplugin-95.xml
icqplugin-96.xml
icqplugin-97.xml
icqplugin-98.xml
icqplugin-99.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2011-04-01 351448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Translat\WebIE.dll [2006-11-02 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Translat\WebIE.dll [2006-11-02 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-10-23 140568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-23 906648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2009-02-10 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-10-30 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative KSRun Persistence Module]
RunDll32 KSRun.dll,RunDLLEntry []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTAPR2]
C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Console Launcher 3\Entertainment Console\CTAPR2.exe [2008-08-07 61546]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-05-08 13594624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
C:\Documents and Settings\msi\Data aplikací\OETRN.EXE [2009-11-23 26624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-23 2615624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe [2010-02-18 241789]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"TryAndDecideService"=2
"NVSvc"=2
"NitroReaderDriverReadSpool"=2
"MDM"=2
"MBAMService"=2
"idsvc"=3
"gupdatem"=3
"gupdate"=2
"CTAudSvcService"=2
"Creative Media Toolbox 6 Licensing Service"=3
"Creative Audio Engine Licensing Service"=3
"avgwd"=2
"AVGIDSAgent"=2
"AcrSch2Svc"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll

======List of files/folders created in the last 1 month======

2012-03-13 13:21:25 ----D---- C:\rsit
2012-03-13 13:21:25 ----D---- C:\Program Files\trend micro
2012-03-13 12:59:34 ----D---- C:\WINDOWS\temp
2012-03-13 12:59:32 ----A---- C:\ComboFix.txt
2012-03-13 12:55:04 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2012-03-13 12:34:30 ----A---- C:\WINDOWS\zip.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\SWSC.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\SWREG.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\sed.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\PEV.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\MBR.exe
2012-03-13 12:34:30 ----A---- C:\WINDOWS\grep.exe
2012-03-13 12:28:14 ----D---- C:\WINDOWS\ERDNT
2012-03-13 12:28:11 ----D---- C:\Qoobox
2012-03-13 12:07:05 ----ASH---- C:\pagefile.sys
2012-03-10 20:27:37 ----D---- C:\WINDOWS\system32\appmgmt
2012-03-10 19:16:21 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-03-10 19:13:11 ----D---- C:\WINDOWS\CSC
2012-03-10 19:13:04 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-10 18:30:51 ----D---- C:\Documents and Settings\msi\Data aplikací\Malwarebytes
2012-03-10 18:30:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-10 18:30:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-03-10 18:30:44 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-03-10 18:01:49 ----D---- C:\WINDOWS\pss
2012-03-02 16:46:24 ----RD---- C:\Documents and Settings\msi\Data aplikací\Brother
2012-02-16 17:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 17:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 17:03:21 ----N---- C:\WINDOWS\system32\iacenc.dll

======List of files/folders modified in the last 1 month======

2012-03-13 13:21:25 ----RD---- C:\Program Files
2012-03-13 13:20:59 ----D---- C:\WINDOWS
2012-03-13 13:20:59 ----A---- C:\WINDOWS\MAILTRAN.INI
2012-03-13 13:00:21 ----D---- C:\WINDOWS\system32
2012-03-13 13:00:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-13 12:59:35 ----D---- C:\WINDOWS\system32\drivers
2012-03-13 12:58:41 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-13 12:56:40 ----A---- C:\WINDOWS\system.ini
2012-03-13 12:56:28 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-13 12:55:30 ----D---- C:\WINDOWS\system32\config
2012-03-13 12:55:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-13 12:53:31 ----D---- C:\WINDOWS\AppPatch
2012-03-13 12:53:29 ----D---- C:\Program Files\Common Files
2012-03-13 12:49:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-13 12:48:42 ----D---- C:\WINDOWS\security
2012-03-10 20:27:41 ----D---- C:\Config.Msi
2012-03-10 20:27:39 ----D---- C:\Program Files\Registry Mechanic
2012-03-10 20:27:38 ----SHD---- C:\WINDOWS\Installer
2012-03-10 20:27:29 ----HD---- C:\WINDOWS\inf
2012-03-10 20:26:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-03-10 20:15:54 ----D---- C:\Documents and Settings
2012-03-10 19:53:16 ----SH---- C:\boot.ini
2012-03-10 19:53:16 ----A---- C:\WINDOWS\win.ini
2012-03-10 19:04:35 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2012-03-10 19:04:33 ----SD---- C:\WINDOWS\Tasks
2012-03-06 16:24:38 ----SHD---- C:\System Volume Information
2012-03-03 03:30:08 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-02 16:46:24 ----A---- C:\WINDOWS\BRWMARK.INI
2012-02-21 18:46:20 ----D---- C:\Program Files\Mozilla Firefox
2012-02-16 21:35:41 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 21:28:14 ----RSD---- C:\WINDOWS\assembly
2012-02-16 17:07:30 ----D---- C:\WINDOWS\WinSxS
2012-02-16 17:02:06 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-16 17:02:01 ----A---- C:\WINDOWS\imsins.BAK
2012-02-16 17:01:43 ----D---- C:\Program Files\Internet Explorer
2012-02-16 17:01:26 ----D---- C:\WINDOWS\ie8updates
2012-02-16 17:01:17 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2009-11-23 129248]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2009-11-23 368736]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-03-27 1529600]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-05-08 6256064]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-07-07 54784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2008-12-22 45344]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-07-07 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-24 14208]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-02-04 24177]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-02-04 57372]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 ksaud;Creative USB Audio Driver; C:\WINDOWS\system32\drivers\ksaud.sys [2010-08-05 1210624]
S3 ksaudfl;ksaudfl; C:\WINDOWS\system32\drivers\ksaudfl.sys [2010-07-24 2016640]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 3comtftp;Dell1100_FUService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 aawservice;FA312; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Accelerometer;Lxbt_device; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 adminserver;RivaTuner32; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 adpu320;ONSIO; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AFGSp50;Bt3cser; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AmdIde;Proxyhostmirrordisplay; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AMDPCI;Vpcusb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 anbmservice;Hpzius12; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Anydlc;Mrvw245; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 apache;Pinnaclesys.mediaserver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 apache2;RAPIProtocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AppnBase;EmAudio; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 arrayssl_vpn_service3,0,1,9;Wacomkey; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 artourservice;Mcstrm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 atiavaiw;L1e; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATIBTXBAR;Winpowermonitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 atitunep;Ddxgb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 atkdisplf;Isdrv120; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 autocomplete;Ctdvda2k; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 avg7alrt;USBCamera; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 awservice;Gbpoll; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 backupexecjobengine;Mcupdmgr.exe; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bc_filter;Nwdls; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bc_ip_f;Rxmssync; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bcm4sbxp;GoogleDesktopManager-010708-104812; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bcoreusb;Issimon; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bdfdll;PCDRSRVC; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bdftdif;Nuvaud2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 belmonitorservice;Lxby_device; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 blueservice;Z525mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 BRGSp50;EACSys; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bthenum;Enum1394; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 bwmservice;Tfsncofs; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 caili;Winpower; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 CAMFLT;Dot4usb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 carboncopy32;WindrvNT; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ccpwdsvc;F700ius; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clmtomcatstartersvc;DivisCTS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clsched;Nvmpu401; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cobbmservice;Gdrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 comhost;Dvd43llh; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cpqdmi;Vsapint; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cpqnicmgmt;Rksample; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cpqvcagent;Pelmouse; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cq_mem;Npkcusb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 crystaloutputfileserver;PAC7302; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 CTERFXFX.DLL;Olcamsrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 CTMSHD;Winss; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ctxhttp;Mvwebserver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cvspydr2;Mi-raysat_3dsmax9_32; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cygserver;SECYPUSB; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 db2ntsecserver;Pnkbstrb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 dcevt32;Se45unic; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 dcpflics;Umwdf; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 defwatch;Pcctlcom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 DevUpper;Freepops; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 DirectUpdate;Rimusb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 dlacdbhm;Wintrust; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 dladresm;CnxTrLan; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 dlapoolm;Relational; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 dpc_srv_webcast;Ooclevercacheagent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 dptrackerd;LVVI500A; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 easdrv;Se59mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 efs;Ftsata2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 EIO;Osaio; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 el90xbc;Prismxl; \\.\globalroot\SystemRoot\system32\svchost.exe [2008-04-14 14336]
S2 elbydelay;S116nd5; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 EMCFILT;Oracleservicesecinst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 emproxy;CdaC15BA; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 enecbpth;Dlaopiom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 epgspooler;GTF32BUS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 epstnt01;Pdlndoem; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 erecoveryservice;Mdmxsdk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ESDCR;Lvhidsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Evian;LC7981; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ezplay;Pctfw1; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 FGDSCSI;GTSCSER; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 fingrd32;Avinitnt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 FlexBios;Mqdmserd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 FontCache3.0.0.0.;Pcnet; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 fsssvc;Smwdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 FsVga;CTEXFIFX.DLL; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 G400DH;Sstpsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gdihook5;Lmimirr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gotomypc;Contentindex; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 hamachi;Wscsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 hdthermal;Qconsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 hidgame;LPDSVC; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 hpwirelessmgr;Wacommousefilter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 hpzipr12;Hmonitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IASJet;Rt2500; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 imagedrv;MSCamSvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 incdpass;Cpqfcalm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 InCDsrvR;Oracleorahome90agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ipodservice;Interactivelogon; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 irsir;Spcflt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 issuser;CE3; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ithsgt;Trlokom_rmhsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IWCA;WD_FireWire_HID; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ixiaendpoint;Hap17v2k; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Hprfdev; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 kl1;VC6SecS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ksthunk;Mediaviewer; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 LCcfltr;DS1410D; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 lemsgt;Winpppoverethernet; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 LHidFilt;Ds1; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 logonsvcid;Softfax; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 LVVI500A;Vzcdbsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 lxcd_device;Symdns; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 M2500;Sprtsvc_ddoctorv2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ma763004;Prepdrvr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Machnm32;Backupexecagentbrowser; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 mcdbus;E1express; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 mferkdk;Se58mdfl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 mfesmfk;Scsiaccess; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 mfetdik;Eskerlicensecontrol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 mgactrl;Wap3gx; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 milshieldcleaner;GTPTSER; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 MREMP50;Knobserv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 msvad_simple;Mcpromgr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 MTC0001_ESB;OsaFsLoc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 n558;CoolerXPDriver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 nalntservice;Dot4; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 netdevio;Slee_503_service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NetMsmqActivator;IFP700; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 netrcacm;BCM43XV; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ni_nic;Ccevtmgr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 nisvcloc;Icdsptsv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 nmwcdcm;Papyjoy; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 nscirda;Iaantmon; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ntiopnp;Noipducservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ntrtscan;Lilsgt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ntsyslog;Symtdi; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NWDHCP;Wpsnuio; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NWSLP;Tnidriver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 odclientservice;Procdd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 oracle_load_balancer_60_client-forms6i;Int15; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 p2pgasvc;Epiusb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 palmusbd;W550mdfl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pavatscheduler;V124; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pavdrv;DCamUSBEMPIA; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pavfnsvr;USBMN1X1; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pciSd;Sgeclient; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pcradminserver;Invoker; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pcx1unic;Psadd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pdfcreatormessages;Utilman; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pdlnacom;Epsonbidirectionalagent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pdlncbas;Fgdxbus; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pdlndlpb;Vaiomediaplatform-integratedserver-appserver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pdlnepkt;Ghoststartservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PGPwded;LUsbFilt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 protectionservice;Ino_flpy; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 proxyhostservice;P2k; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PSSdk21;T6963C; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PTDCVsp;Ntpr_nic_service2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PTproct;PID_08A0; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 puscsrvc;Dlcq_device; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 pxfhbus;Tos_sps32; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 qkbfiltr;Msftesql; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 quickhealfirewall;Bc_ngn; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 remotelyanywhere;NWUSBPort; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 rchost;Dsbrokerservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 rismxdp;Nimdbgk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 RivaTuner32;Rtl8029; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 rkhdrv31;Euq_monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 roxupnprenderer;Wacomvhid; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 rtl8023;HPFXBULK; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 RTLE8023xp;UMPass; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 s116mdm;Clr_optimization_v2.0.50215_32; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 s117mdfl;Pdlnslea; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 s117unic;Vxsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 s125bus;FiltUSBEMPIA; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 S3GIGP;Vtserver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SaiMini;NETw3x32; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 sandradatasrv;Vpcnets2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 sansaservice;Cmdmon; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 scdemu;DN2AKNET; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 sdcoreservice;Hf30service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SE2Bobex;FreeTdi; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 se44mgmt;Nchssvad; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 se59mdfl;Penclass; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 sfsync04;VAIOMediaPlatform-VideoServer-HTTP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SimpTcp;S116unic; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 siskp;Rasirda; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SiSRaid2;MSSQL$MSSMLBIZ; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 smcirda;Ikhfile; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 snmptrapdservice;Rvscc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 sony_ssm.sys;DSI_SiUSBXp_3_1; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SPFDRV;Suservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 spmd;NMSSvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SprintRcAppSvc;Se45mdfl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SRS_SSCFilter;WinVd32; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SrvcTPIOMngr;WINUSB; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 statusagent;Video3D; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 StMp3Rec;Epsonstatusagent2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 symsnap;Backupclientsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 tapvpn;Cpqnicmgmt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 tbaspi;RMSvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-23 427288]
S4 ASMMAP;Askernel; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 aswmon2;Acsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 awlegacy;Artdhcp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 cacheserver;Agnfilt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-25 79360]
S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-02-25 79360]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
S4 dtscsi;Array_utility_service4,0,1,3; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 FETNDISB;Automate6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 FVNETusb;Athr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 guardian2;Aliadwdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-25 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-25 136176]
S4 HSFHWALI;Alcxsens; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ICAM5USB;Aolavupd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S4 mirrorv3;Aiclient; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 mpfp;ATKGFNEXSrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 mqdmmdfl;Hpdj; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 msftpsvc;Aswlsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-08 168005]
S4 ovmsmaccessmanager;Angel2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 PAR1284;AsIO; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Rawwan;Aslm75; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 rtl8029;Aamqdispatcher; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 SNC;AppnApi; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 sonytvc;Adsexpb; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 STV680m;Avgntflt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 13 bře 2012 13:31

Zdravim a pekny den preji

ComboFix se nepouziva bez doporuceni, muzete byt rad ze vam pri tomhle nespadl OS

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Mate tam peknou mrchu - zeroaccess - reknu to uprimne a i kolegove na zahranicnich forech se shoduji - tahle mrcha je zrala na format - nabori tolik veci v systemu, ze davat je do kupy je fakt "zazitek" s nejistym koncem

Takze se ptam, pustime se do toho nebo bude snazsi format

morty · #4 Příspěvek od **morty** » 13 bře 2012 13:37

dobra, s ComboFixem priste poseckam, nicmene, mozna bych to zkusil, precejen ten format se muze udelat vzdycky, ze ? ..

díky Morty

#5 Příspěvek od **vyosek** » 13 bře 2012 13:41

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

morty · #6 Příspěvek od **morty** » 13 bře 2012 13:46

tady to je:

13:44:37.0609 0372 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
13:44:37.0625 0372 ============================================================
13:44:37.0625 0372 Current date / time: 2012/03/13 13:44:37.0625
13:44:37.0625 0372 SystemInfo:
13:44:37.0625 0372
13:44:37.0625 0372 OS Version: 5.1.2600 ServicePack: 3.0
13:44:37.0625 0372 Product type: Workstation
13:44:37.0625 0372 ComputerName: XXX-2219E7FF4DD
13:44:37.0625 0372 UserName: msi
13:44:37.0625 0372 Windows directory: C:\WINDOWS
13:44:37.0625 0372 System windows directory: C:\WINDOWS
13:44:37.0625 0372 Processor architecture: Intel x86
13:44:37.0625 0372 Number of processors: 2
13:44:37.0625 0372 Page size: 0x1000
13:44:37.0625 0372 Boot type: Normal boot
13:44:37.0625 0372 ============================================================
13:44:39.0062 0372 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:44:39.0062 0372 \Device\Harddisk0\DR0:
13:44:39.0062 0372 MBR used
13:44:39.0062 0372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1387F72E
13:44:39.0078 0372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1387F7AC, BlocksNum 0x11BAA054
13:44:39.0156 0372 Initialize success
13:44:39.0156 0372 ============================================================
13:44:57.0656 3792 ============================================================
13:44:57.0656 3792 Scan started
13:44:57.0656 3792 Mode: Manual; SigCheck; TDLFS;
13:44:57.0656 3792 ============================================================
13:44:58.0046 3792 Abiosdsk - ok
13:44:58.0062 3792 abp480n5 - ok
13:44:58.0125 3792 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:44:58.0375 3792 ACPI - ok
13:44:58.0578 3792 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:44:58.0687 3792 ACPIEC - ok
13:44:58.0703 3792 adpu160m - ok
13:44:58.0750 3792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:44:58.0859 3792 aec - ok
13:44:58.0890 3792 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
13:44:59.0015 3792 AFD - ok
13:44:59.0031 3792 Aha154x - ok
13:44:59.0031 3792 aic78u2 - ok
13:44:59.0046 3792 aic78xx - ok
13:44:59.0062 3792 AliIde - ok
13:44:59.0140 3792 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:44:59.0281 3792 Ambfilt - ok
13:44:59.0343 3792 amsint - ok
13:44:59.0421 3792 AR5416 (d3e782ad9dca4d6215222a43345f43b0) C:\WINDOWS\system32\DRIVERS\athw.sys
13:44:59.0546 3792 AR5416 - ok
13:44:59.0578 3792 asc - ok
13:44:59.0593 3792 asc3350p - ok
13:44:59.0609 3792 asc3550 - ok
13:44:59.0656 3792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:44:59.0765 3792 AsyncMac - ok
13:44:59.0828 3792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:44:59.0937 3792 atapi - ok
13:44:59.0937 3792 Atdisk - ok
13:44:59.0984 3792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:45:00.0093 3792 Atmarpc - ok
13:45:00.0140 3792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:45:00.0250 3792 audstub - ok
13:45:00.0328 3792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:45:00.0437 3792 Beep - ok
13:45:00.0515 3792 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
13:45:00.0562 3792 BrScnUsb - ok
13:45:00.0593 3792 catchme - ok
13:45:00.0625 3792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:45:00.0750 3792 cbidf2k - ok
13:45:00.0781 3792 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:45:00.0906 3792 CCDECODE - ok
13:45:00.0921 3792 cd20xrnt - ok
13:45:00.0953 3792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:45:01.0078 3792 Cdaudio - ok
13:45:01.0125 3792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:45:01.0250 3792 Cdfs - ok
13:45:01.0296 3792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:45:01.0406 3792 Cdrom - ok
13:45:01.0421 3792 Changer - ok
13:45:01.0484 3792 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:45:01.0593 3792 CmBatt - ok
13:45:01.0609 3792 CmdIde - ok
13:45:01.0625 3792 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:45:01.0734 3792 Compbatt - ok
13:45:01.0750 3792 Cpqarray - ok
13:45:01.0796 3792 dac2w2k - ok
13:45:01.0812 3792 dac960nt - ok
13:45:01.0843 3792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:45:01.0953 3792 Disk - ok
13:45:02.0015 3792 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
13:45:02.0187 3792 dmboot - ok
13:45:02.0234 3792 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
13:45:02.0359 3792 dmio - ok
13:45:02.0390 3792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:45:02.0484 3792 dmload - ok
13:45:02.0515 3792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:45:02.0640 3792 DMusic - ok
13:45:02.0656 3792 dpti2o - ok
13:45:02.0687 3792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:45:02.0781 3792 drmkaud - ok
13:45:02.0875 3792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:45:03.0000 3792 Fastfat - ok
13:45:03.0031 3792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:45:03.0156 3792 Fdc - ok
13:45:03.0203 3792 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
13:45:03.0312 3792 Fips - ok
13:45:03.0328 3792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:45:03.0437 3792 Flpydisk - ok
13:45:03.0468 3792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:45:03.0578 3792 FltMgr - ok
13:45:03.0609 3792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:45:03.0718 3792 Fs_Rec - ok
13:45:03.0765 3792 FTDIBUS (f5475f8a28c2d67cdfe927db40c843fa) C:\WINDOWS\system32\drivers\ftdibus.sys
13:45:03.0781 3792 FTDIBUS ( UnsignedFile.Multi.Generic ) - warning
13:45:03.0781 3792 FTDIBUS - detected UnsignedFile.Multi.Generic (1)
13:45:03.0812 3792 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:45:03.0937 3792 Ftdisk - ok
13:45:03.0968 3792 FTSER2K (f415747e671198b4a39bdb2634f47917) C:\WINDOWS\system32\drivers\ftser2k.sys
13:45:03.0984 3792 FTSER2K ( UnsignedFile.Multi.Generic ) - warning
13:45:03.0984 3792 FTSER2K - detected UnsignedFile.Multi.Generic (1)
13:45:04.0046 3792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:45:04.0156 3792 Gpc - ok
13:45:04.0203 3792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:45:04.0312 3792 HDAudBus - ok
13:45:04.0375 3792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:45:04.0484 3792 HidUsb - ok
13:45:04.0484 3792 hpn - ok
13:45:04.0546 3792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:45:04.0593 3792 HTTP - ok
13:45:04.0593 3792 i2omgmt - ok
13:45:04.0609 3792 i2omp - ok
13:45:04.0656 3792 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:45:04.0765 3792 i8042prt - ok
13:45:04.0812 3792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:45:04.0937 3792 Imapi - ok
13:45:04.0953 3792 ini910u - ok
13:45:05.0109 3792 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:45:05.0296 3792 IntcAzAudAddService - ok
13:45:05.0296 3792 IntelIde - ok
13:45:05.0343 3792 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:45:05.0453 3792 intelppm - ok
13:45:05.0484 3792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:45:05.0609 3792 Ip6Fw - ok
13:45:05.0640 3792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:45:05.0765 3792 IpFilterDriver - ok
13:45:05.0781 3792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:45:05.0890 3792 IpInIp - ok
13:45:05.0906 3792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:45:06.0015 3792 IpNat - ok
13:45:06.0062 3792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:45:06.0171 3792 IPSec - ok
13:45:06.0203 3792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:45:06.0265 3792 IRENUM - ok
13:45:06.0312 3792 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:45:06.0437 3792 isapnp - ok
13:45:06.0468 3792 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:45:06.0593 3792 Kbdclass - ok
13:45:06.0640 3792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:45:06.0765 3792 kmixer - ok
13:45:06.0828 3792 ksaud (a0a0949de0eb045440016565ad028b9c) C:\WINDOWS\system32\drivers\ksaud.sys
13:45:06.0937 3792 ksaud - ok
13:45:07.0031 3792 ksaudfl (9d59a5666cc2603e0e524a8f7133d494) C:\WINDOWS\system32\drivers\ksaudfl.sys
13:45:07.0156 3792 ksaudfl - ok
13:45:07.0203 3792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:45:07.0250 3792 KSecDD - ok
13:45:07.0265 3792 lbrtfdc - ok
13:45:07.0328 3792 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:45:11.0968 3792 MBAMProtector - ok
13:45:12.0046 3792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:45:12.0171 3792 mnmdd - ok
13:45:12.0203 3792 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
13:45:12.0312 3792 Modem - ok
13:45:12.0375 3792 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
13:45:12.0484 3792 Monfilt - ok
13:45:12.0531 3792 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:45:12.0640 3792 Mouclass - ok
13:45:12.0687 3792 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:45:12.0812 3792 mouhid - ok
13:45:12.0843 3792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:45:12.0953 3792 MountMgr - ok
13:45:12.0968 3792 mraid35x - ok
13:45:12.0984 3792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:45:13.0093 3792 MRxDAV - ok
13:45:13.0140 3792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:45:13.0171 3792 MRxSmb - ok
13:45:13.0203 3792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:45:13.0328 3792 Msfs - ok
13:45:13.0375 3792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:45:13.0484 3792 MSKSSRV - ok
13:45:13.0515 3792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:45:13.0625 3792 MSPCLOCK - ok
13:45:13.0640 3792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:45:13.0750 3792 MSPQM - ok
13:45:13.0796 3792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:45:13.0890 3792 mssmbios - ok
13:45:13.0937 3792 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:45:14.0031 3792 MSTEE - ok
13:45:14.0093 3792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:45:14.0125 3792 Mup - ok
13:45:14.0156 3792 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:45:14.0281 3792 NABTSFEC - ok
13:45:14.0312 3792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:45:14.0421 3792 NDIS - ok
13:45:14.0468 3792 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:45:14.0578 3792 NdisIP - ok
13:45:14.0625 3792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:45:14.0656 3792 NdisTapi - ok
13:45:14.0781 3792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:45:15.0093 3792 Ndisuio - ok
13:45:15.0125 3792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:45:15.0234 3792 NdisWan - ok
13:45:15.0281 3792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:45:15.0312 3792 NDProxy - ok
13:45:15.0359 3792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:45:15.0468 3792 NetBIOS - ok
13:45:15.0500 3792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:45:15.0609 3792 NetBT - ok
13:45:15.0656 3792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:45:15.0750 3792 Npfs - ok
13:45:15.0812 3792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:45:15.0921 3792 Ntfs - ok
13:45:15.0984 3792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:45:16.0093 3792 Null - ok
13:45:16.0296 3792 nv (69cc3f6412875865db687a487c5af66e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:45:16.0609 3792 nv - ok
13:45:16.0640 3792 NVENETFD (28727d0f5ca6579890d0b6ad1598c935) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:45:16.0687 3792 NVENETFD - ok
13:45:16.0718 3792 NVHDA (ab899f1c08d01c2d2d14e45867a6982a) C:\WINDOWS\system32\drivers\nvhda32.sys
13:45:16.0734 3792 NVHDA - ok
13:45:16.0765 3792 nvnetbus (a3cd61af33e8b3cc2cc22bd37f867d54) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:45:16.0781 3792 nvnetbus - ok
13:45:16.0812 3792 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
13:45:16.0843 3792 nvsmu - ok
13:45:16.0890 3792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:45:17.0015 3792 NwlnkFlt - ok
13:45:17.0031 3792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:45:17.0125 3792 NwlnkFwd - ok
13:45:17.0187 3792 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
13:45:17.0296 3792 Parport - ok
13:45:17.0328 3792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:45:17.0421 3792 PartMgr - ok
13:45:17.0453 3792 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
13:45:17.0562 3792 ParVdm - ok
13:45:17.0593 3792 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
13:45:17.0687 3792 PCI - ok
13:45:17.0703 3792 PCIDump - ok
13:45:17.0718 3792 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:45:17.0843 3792 PCIIde - ok
13:45:17.0875 3792 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:45:17.0984 3792 Pcmcia - ok
13:45:18.0000 3792 PDCOMP - ok
13:45:18.0015 3792 PDFRAME - ok
13:45:18.0046 3792 PDRELI - ok
13:45:18.0046 3792 PDRFRAME - ok
13:45:18.0062 3792 perc2 - ok
13:45:18.0078 3792 perc2hib - ok
13:45:18.0140 3792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:45:18.0250 3792 PptpMiniport - ok
13:45:18.0296 3792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:45:18.0406 3792 PSched - ok
13:45:18.0437 3792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:45:18.0562 3792 Ptilink - ok
13:45:18.0578 3792 ql1080 - ok
13:45:18.0593 3792 Ql10wnt - ok
13:45:18.0609 3792 ql12160 - ok
13:45:18.0625 3792 ql1240 - ok
13:45:18.0625 3792 ql1280 - ok
13:45:18.0656 3792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:45:18.0765 3792 RasAcd - ok
13:45:18.0812 3792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:45:18.0937 3792 Rasl2tp - ok
13:45:18.0953 3792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:45:19.0046 3792 RasPppoe - ok
13:45:19.0062 3792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:45:19.0156 3792 Raspti - ok
13:45:19.0218 3792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:45:19.0328 3792 Rdbss - ok
13:45:19.0343 3792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:45:19.0453 3792 RDPCDD - ok
13:45:19.0500 3792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:45:19.0625 3792 rdpdr - ok
13:45:19.0671 3792 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:45:19.0703 3792 RDPWD - ok
13:45:19.0750 3792 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:45:19.0875 3792 redbook - ok
13:45:19.0906 3792 RSUSBSTOR - ok
13:45:19.0921 3792 RtsUIR - ok
13:45:20.0000 3792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:45:20.0062 3792 Secdrv - ok
13:45:20.0093 3792 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:45:20.0218 3792 Serenum - ok
13:45:20.0234 3792 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
13:45:20.0359 3792 Serial - ok
13:45:20.0375 3792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:45:20.0484 3792 Sfloppy - ok
13:45:20.0500 3792 Simbad - ok
13:45:20.0546 3792 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:45:20.0656 3792 SLIP - ok
13:45:20.0703 3792 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
13:45:20.0734 3792 snapman - ok
13:45:20.0765 3792 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:45:20.0890 3792 SONYPVU1 - ok
13:45:20.0906 3792 Sparrow - ok
13:45:20.0953 3792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:45:21.0078 3792 splitter - ok
13:45:21.0109 3792 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
13:45:21.0171 3792 sr - ok
13:45:21.0203 3792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:45:21.0250 3792 Srv - ok
13:45:21.0296 3792 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:45:21.0406 3792 streamip - ok
13:45:21.0453 3792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:45:21.0562 3792 swenum - ok
13:45:21.0609 3792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:45:21.0718 3792 swmidi - ok
13:45:21.0734 3792 symc810 - ok
13:45:21.0750 3792 symc8xx - ok
13:45:21.0765 3792 sym_hi - ok
13:45:21.0765 3792 sym_u3 - ok
13:45:21.0812 3792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:45:21.0921 3792 sysaudio - ok
13:45:21.0984 3792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:45:22.0000 3792 Tcpip - ok
13:45:22.0046 3792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:45:22.0156 3792 TDPIPE - ok
13:45:22.0203 3792 tdrpman (603d59923828c6c213b84b14cbf32083) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
13:45:22.0234 3792 tdrpman - ok
13:45:22.0281 3792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:45:22.0390 3792 TDTCP - ok
13:45:22.0437 3792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:45:22.0531 3792 TermDD - ok
13:45:22.0562 3792 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:45:22.0578 3792 tifsfilter - ok
13:45:22.0593 3792 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
13:45:22.0625 3792 timounter - ok
13:45:22.0640 3792 TosIde - ok
13:45:22.0718 3792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:45:22.0812 3792 Udfs - ok
13:45:22.0828 3792 ultra - ok
13:45:22.0875 3792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:45:22.0984 3792 Update - ok
13:45:23.0031 3792 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:45:23.0125 3792 usbaudio - ok
13:45:23.0187 3792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:45:23.0296 3792 usbccgp - ok
13:45:23.0296 3792 USBCCID - ok
13:45:23.0343 3792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:45:23.0453 3792 usbehci - ok
13:45:23.0500 3792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:45:23.0609 3792 usbhub - ok
13:45:23.0640 3792 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:45:23.0734 3792 usbohci - ok
13:45:23.0765 3792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:45:23.0890 3792 usbprint - ok
13:45:23.0921 3792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:45:24.0031 3792 USBSTOR - ok
13:45:24.0078 3792 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:45:24.0187 3792 usbvideo - ok
13:45:24.0234 3792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:45:24.0343 3792 VgaSave - ok
13:45:24.0359 3792 ViaIde - ok
13:45:24.0390 3792 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
13:45:24.0500 3792 VolSnap - ok
13:45:24.0546 3792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:45:24.0671 3792 Wanarp - ok
13:45:24.0687 3792 WDICA - ok
13:45:24.0734 3792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:45:24.0843 3792 wdmaud - ok
13:45:24.0921 3792 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:45:25.0015 3792 WmiAcpi - ok
13:45:25.0062 3792 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:45:25.0093 3792 WpdUsb - ok
13:45:25.0125 3792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:45:25.0250 3792 WS2IFSL - ok
13:45:25.0281 3792 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:45:25.0390 3792 WSTCODEC - ok
13:45:25.0437 3792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:45:25.0468 3792 WudfPf - ok
13:45:25.0500 3792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:45:25.0515 3792 WudfRd - ok
13:45:25.0578 3792 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
13:45:25.0828 3792 \Device\Harddisk0\DR0 - ok
13:45:25.0828 3792 Boot (0x1200) (708971fc2346cba1f5d629e66eec3b0f) \Device\Harddisk0\DR0\Partition0
13:45:25.0843 3792 \Device\Harddisk0\DR0\Partition0 - ok
13:45:25.0843 3792 Boot (0x1200) (e42af3ac1d963799bb041c338c82caaa) \Device\Harddisk0\DR0\Partition1
13:45:25.0843 3792 \Device\Harddisk0\DR0\Partition1 - ok
13:45:25.0843 3792 ============================================================
13:45:25.0843 3792 Scan finished
13:45:25.0843 3792 ============================================================
13:45:25.0953 3396 Detected object count: 2
13:45:25.0953 3396 Actual detected object count: 2
13:46:21.0687 3396 FTDIBUS ( UnsignedFile.Multi.Generic ) - skipped by user
13:46:21.0687 3396 FTDIBUS ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:46:21.0687 3396 FTSER2K ( UnsignedFile.Multi.Generic ) - skipped by user
13:46:21.0687 3396 FTSER2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

#7 Příspěvek od **vyosek** » 13 bře 2012 13:54

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

C:\WINDOWS\system32\drivers\ftdibus.sys
C:\WINDOWS\system32\drivers\ftser2k.sys
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

morty · #8 Příspěvek od **morty** » 13 bře 2012 13:57

no, jelikoz se z toho ntb nedostanu na web, tak muzu jedine ty soubory vykopirovat na druhy ntb a otestovat je tam..? mam to tak udelat ? diky Morty

#9 Příspěvek od **vyosek** » 13 bře 2012 14:10

Zabalte je do raru, rar zaheslujte a nekam mi je uploadnete

morty · #10 Příspěvek od **morty** » 13 bře 2012 14:19

http://leteckaposta.cz/981702766

heslo k raru by melo byt : provirustotal

#11 Příspěvek od **vyosek** » 13 bře 2012 15:26

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:files
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin*.xml
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

morty · #12 Příspěvek od **morty** » 13 bře 2012 15:33

All processes killed
========== FILES ==========
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-100.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-101.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-102.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-103.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-104.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-105.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-106.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-107.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-108.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-109.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-110.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-111.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-112.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-113.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-114.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-115.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-116.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-117.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-118.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-119.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-120.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-121.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-122.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-123.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-124.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-125.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-126.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-127.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-128.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-129.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-130.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-131.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-132.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-133.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-134.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-135.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-136.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-137.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-138.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-139.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-140.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-141.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-142.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-143.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-144.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-145.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-146.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-147.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-148.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-149.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-150.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-151.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-152.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-153.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-154.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-29.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-30.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-31.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-32.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-33.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-34.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-35.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-36.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-37.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-38.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-39.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-40.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-41.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-42.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-43.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-44.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-45.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-46.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-47.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-48.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-49.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-50.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-51.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-52.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-53.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-54.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-55.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-56.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-57.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-58.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-59.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-60.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-61.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-62.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-63.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-64.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-65.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-66.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-67.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-68.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-69.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-70.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-71.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-72.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-73.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-74.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-75.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-76.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-77.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-78.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-79.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-80.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-81.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-82.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-83.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-84.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-85.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-86.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-87.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-88.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-89.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-90.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-91.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-92.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-93.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-94.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-95.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-96.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-97.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-98.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin-99.xml moved successfully.
C:\Documents and Settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\searchplugins\icqplugin.xml moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 458819 bytes

User: msi
->Temp folder emptied: 1146 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->FireFox cache emptied: 38877928 bytes
->Flash cache emptied: 957 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: msi
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 03132012_153120

Files moved on Reboot...

Registry entries deleted on Reboot...

#13 Příspěvek od **vyosek** » 13 bře 2012 15:45

Stahnete si instalacku Recovery Konzole odsud http://vyosek.ic.cz/pro_usery/rc.exe a ulozte ji primo na disk c:\ tak at neni v zadne slozce - je to nutne, pac na ni odkazuje skript

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RecoveryConsole::
c:\rc.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative KSRun Persistence Module]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
  75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
  63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
  76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
  63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
  65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
  6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
  74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
  6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
  6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
  61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
  64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
  65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
  73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
  6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
  69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
  61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
  75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
  65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00

Folder::
c:\documents and settings\msi\Local Settings\Data aplikací\995a5af6

DDS::
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80093&lng=cs

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

morty · #14 Příspěvek od **morty** » 13 bře 2012 16:09

ComboFix 12-03-12.03 - msi 13.03.2012 16:00:33.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2815.2347 [GMT 1:00]
Spuštěný z: c:\documents and settings\msi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\msi\Plocha\CFScript.txt
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 14:57 . 2012-03-13 14:56 4631272 ----a-w- C:\rc.exe
2012-03-13 14:31 . 2012-03-13 14:31 -------- d-----w- C:\_OTM
2012-03-13 12:21 . 2012-03-13 12:21 -------- d-----w- C:\rsit
2012-03-13 12:21 . 2012-03-13 12:21 -------- d-----w- c:\program files\trend micro
2012-03-13 11:55 . 2008-04-13 22:49 138112 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-03-13 11:55 . 2008-04-13 22:49 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-11 17:18 . 2008-04-13 21:04 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2012-03-11 17:17 . 2001-08-17 20:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-03-11 17:16 . 2001-08-17 20:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2012-03-11 17:15 . 2008-04-14 07:51 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2012-03-11 17:14 . 2001-10-24 11:24 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-03-11 17:13 . 2008-04-13 22:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-03-11 17:12 . 2001-10-24 10:48 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2012-03-11 17:11 . 2001-10-24 10:51 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2012-03-11 17:10 . 2008-04-14 07:51 377984 -c--a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2012-03-10 19:15 . 2012-03-10 19:26 -------- d-----w- c:\documents and settings\Administrator
2012-03-10 17:30 . 2012-03-10 17:30 -------- d-----w- c:\documents and settings\msi\Data aplikací\Malwarebytes
2012-03-10 17:30 . 2012-03-10 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-10 17:30 . 2012-03-10 17:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-03-10 17:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 19:36 . 2012-03-09 19:36 -------- d-----w- c:\documents and settings\msi\Local Settings\Data aplikací\Ahead
2012-03-05 18:18 . 2012-03-05 18:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-03-04 20:49 . 2012-03-05 15:08 -------- d-sh--w- c:\documents and settings\msi\Local Settings\Data aplikací\995a5af6
2012-03-02 15:46 . 2012-03-02 15:46 -------- d-----r- c:\documents and settings\msi\Data aplikací\Brother
2012-02-21 17:45 . 2012-02-21 17:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-21 17:45 . 2012-02-21 17:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-21 17:45 . 2012-02-21 17:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-21 17:45 . 2012-02-21 17:45 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-17 18:44 . 2012-02-17 18:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-15 16:03 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 16:03 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 18:36 . 2012-02-13 18:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VST3 Presets
2012-02-13 17:46 . 2012-02-13 17:46 -------- d-----w- c:\program files\Common Files\Steinberg
2012-02-13 17:46 . 2012-02-13 17:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Steinberg
2012-02-13 17:44 . 2012-02-13 17:52 -------- d-----w- c:\documents and settings\msi\Data aplikací\Steinberg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:50 . 2011-06-10 06:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2008-04-14 05:45 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2008-04-14 06:52 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2012-02-21 17:45 . 2011-05-08 20:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_11.56.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 14:00 . 2012-03-13 11:58 67874 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2012-03-13 14:36 67874 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2012-03-13 11:58 78412 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2012-03-13 14:36 78412 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2012-03-13 14:36 432918 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2012-03-13 11:58 432918 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2012-03-13 14:36 429346 c:\windows\system32\perfh005.dat
- 2001-10-25 14:00 . 2012-03-13 11:58 429346 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2011-04-01 03:10 351448 ------w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-4-3 745472]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-23 15:10 140568 ------w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-23 16:58 906648 ------w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-02-10 09:03 745472 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 13:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTAPR2]
2008-08-07 14:50 61546 ------w- c:\program files\Creative\Sound Blaster X-Fi Go Pro\Console Launcher 3\Entertainment Console\CTAPR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 18:01 46368 ------w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-08 17:28 13594624 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-05-08 17:28 1650688 ------w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
2009-11-23 17:02 26624 ------w- c:\documents and settings\msi\Data aplikací\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 18:03 29984 ------w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-27 03:22 17567744 ------w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-23 15:05 2615624 ------w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2010-02-18 17:27 241789 ------w- c:\program files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"NVSvc"=2 (0x2)
"NitroReaderDriverReadSpool"=2 (0x2)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"CTAudSvcService"=2 (0x2)
"Creative Media Toolbox 6 Licensing Service"=3 (0x3)
"Creative Audio Engine Licensing Service"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [24.11.2009 0:37 45344]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.11.2009 0:40 1684736]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [25.2.2011 8:31 1210624]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [25.2.2011 8:31 2016640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.3.2012 18:30 20464]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [25.2.2011 8:29 79360]
S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [25.2.2011 8:49 79360]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.4.2011 17:22 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.4.2011 17:22 136176]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.3.2012 18:30 652360]
S4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14.1.2011 12:35 196912]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 10.0.130.1 193.165.254.9 193.165.192.9
FF - ProfilePath - c:\documents and settings\msi\Data aplikací\Mozilla\Firefox\Profiles\gisd5287.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-13 16:09:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-13 15:09
ComboFix2.txt 2012-03-13 11:59
.
Před spuštěním: Volných bajtů: 115 618 267 136
Po spuštění: Volných bajtů: 115 601 850 368
.
- - End Of File - - DB767714B9C3AE06D7F49F99A6AF9136

morty · #15 Příspěvek od **morty** » 13 bře 2012 19:40

internet zatim stale nefunguje

ping na ciselnou adresu ven (napr. seznam - 77.75.76.3) funguje, ale jakmile pingnu na www.seznam.cz, neprelozi adresu, a tim padem nefunguje ani prohlizeni webu pres prohlizec ..

VIRY.CZ

nefunkční prohlížení webu - kontrola logu z ComboFixu

nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu

Re: nefunkční prohlížení webu - kontrola logu z ComboFixu