Logfile of random's system information tool 1.09 (written by random/random)
Run by dom at 2012-04-23 21:03:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (75%) free of 66 GB
Total RAM: 2047 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:03:34, on 23.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\AEADISRV.EXE
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe
C:\Program Files\FarStone\RestoreIT 7\IBP\VBPTask.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Mozilla\firefox.exe
C:\Documents and Settings\dom\Plocha\RSIT.exe
C:\Program Files\trend micro\dom.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.2 openvpn-client.us.shieldexchange.com
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - (no file)
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-789336058-113007714-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DriveClone Network Client IBP - Unknown owner - C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6925 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\DriverScanner.job
C:\WINDOWS\tasks\One-Click Tweak.job
C:\WINDOWS\tasks\RegGenie Scheduler.job
C:\WINDOWS\tasks\RegGenie v3.0 - Step 1.job
C:\WINDOWS\tasks\RegGenie v3.0 - Step 2.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\
"{09F060FA-566D-42D7-BF79-97AB30863433}"=C:\Program Files\Steganos Privacy Suite 12\pfplugin
"{00F0643E-B367-4779-B45D-7046EBA37A88}"=C:\Program Files\Steganos Privacy Suite 12\spmplugin3
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.3.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin]
"Description"=SumatraPDF Browser Plugin
"Path"=C:\Program Files\SumatraPDF\npPdfViewer.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
D:\Mozilla\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
D:\Mozilla\components\
binary.manifest
browsercomps.dll
D:\Mozilla\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
D:\Mozilla\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\extensions\
firefox@ghostery.com
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL [2012-01-18 210360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2012-01-10 59272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9C65D12D-CF9D-454D-8049-61965D8C6FFF}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2012-03-01 488816]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AntiLogger"=C:\Program Files\AntiLogger\AntiLogger.exe [2012-02-02 2975688]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2009-11-02 906288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
C:\WINDOWS\system32\winlogon.exe [2008-04-14 507904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnVir Task Manager]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Security Scan]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
C:\Program Files\Cobian Backup 10\cbInterface.exe [2010-09-23 3154432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBHAgent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2009-11-02 1346000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe [2011-10-20 338296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [2011-12-26 743560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [2011-12-23 70792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files\KeePass Password Safe 2\KeePass.exe [2012-01-05 1823744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
NvMCTray.dll,NvTaskbarInit -login []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-03-01 1634112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2009-11-02 136544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2012-01-15 1310720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]
C:\Program Files\SugarSync\SugarSyncManager.exe -startInTray -usedelay=true []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-03-11 3905920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
D:\Instal\ALTERN~1\ALTERN~1.EXE [2012-02-23 420864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80347912.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\80347912.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe"="C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe"
"D:\Hry instal\PES2012\pes2012.exe"="D:\Hry instal\PES2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
======File associations======
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2012-04-23 21:03:23 ----D---- C:\rsit
2012-04-23 19:34:44 ----D---- C:\WINDOWS\LastGood
2012-04-23 19:24:52 ----D---- C:\Program Files\trend micro
2012-04-20 11:08:35 ----D---- C:\Program Files\SecurityKISS Tunnel
2012-04-19 14:08:53 ----A---- C:\WINDOWS\system32\drivers\L8042Kbd.sys
2012-04-17 14:02:28 ----D---- C:\Fraps
2012-04-14 17:45:59 ----D---- C:\Program Files\CleanUp!
2012-04-13 08:15:23 ----D---- C:\Program Files\Common Files\Steganos
2012-04-13 08:14:08 ----D---- C:\Documents and Settings\dom\Data aplikací\Steganos
2012-04-12 20:27:53 ----D---- C:\Program Files\iCare Data Recovery
2012-04-12 10:45:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-04-05 18:57:40 ----D---- C:\Program Files\Common Files\Skype
2012-04-05 09:11:35 ----D---- C:\Program Files\HitmanPro
2012-04-05 09:11:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2012-04-02 07:53:13 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-03-29 14:02:42 ----D---- C:\Program Files\FinalWire
======List of files/folders modified in the last 1 month======
2012-04-23 21:03:01 ----D---- C:\WINDOWS\Prefetch
2012-04-23 20:41:10 ----D---- C:\WINDOWS\system32\drivers
2012-04-23 20:33:41 ----A---- C:\WINDOWS\system32\sun_debug1.txt
2012-04-23 20:33:41 ----A---- C:\WINDOWS\system32\sun_debug.txt
2012-04-23 20:28:39 ----D---- C:\WINDOWS\Temp
2012-04-23 19:57:54 ----D---- C:\Documents and Settings\dom\Data aplikací\KeePass
2012-04-23 19:34:44 ----HD---- C:\WINDOWS\inf
2012-04-23 19:34:44 ----D---- C:\WINDOWS
2012-04-23 19:33:17 ----A---- C:\WINDOWS\wincmd.ini
2012-04-23 19:33:16 ----RD---- C:\Program Files
2012-04-23 19:31:36 ----SHD---- C:\WINDOWS\Installer
2012-04-23 19:31:34 ----D---- C:\WINDOWS\WinSxS
2012-04-23 19:30:23 ----SHD---- C:\Config.Msi
2012-04-23 19:30:18 ----D---- C:\Program Files\Common Files
2012-04-23 10:22:59 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-23 08:41:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-04-23 07:19:37 ----SHD---- C:\System Volume Information
2012-04-21 11:48:21 ----D---- C:\Documents and Settings\dom\Data aplikací\vlc
2012-04-20 11:46:57 ----D---- C:\Program Files\KeePass Password Safe 2
2012-04-20 11:44:25 ----A---- C:\WINDOWS\system32\ipconfig_results.txt
2012-04-19 14:08:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-04-18 16:38:15 ----D---- C:\Documents and Settings\dom\Data aplikací\uTorrent
2012-04-17 16:31:52 ----D---- C:\WINDOWS\Debug
2012-04-17 16:17:03 ----D---- C:\WINDOWS\system32
2012-04-17 16:00:56 ----D---- C:\Program Files\VITSOFT
2012-04-14 12:45:38 ----D---- C:\Documents and Settings\dom\Data aplikací\DAEMON Tools Lite
2012-04-13 08:04:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-12 10:58:58 ----RSD---- C:\WINDOWS\assembly
2012-04-12 10:58:58 ----D---- C:\WINDOWS\Microsoft.NET
2012-04-12 10:50:55 ----D---- C:\Program Files\Internet Explorer
2012-04-12 10:46:17 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-12 10:45:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-12 10:45:48 ----D---- C:\WINDOWS\ie8updates
2012-04-12 10:45:40 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-12 10:45:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-04-05 18:59:43 ----D---- C:\Documents and Settings\dom\Data aplikací\Skype
2012-04-05 18:57:40 ----RD---- C:\Program Files\Skype
2012-04-05 18:57:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-04-05 16:46:53 ----HD---- C:\VritualRoot
2012-04-04 14:26:21 ----D---- C:\Documents and Settings\dom\Data aplikací\Ashampoo
2012-04-04 14:23:01 ----D---- C:\Program Files\Ashampoo
2012-04-02 18:23:38 ----RASH---- C:\boot.ini
2012-04-02 07:53:13 ----SD---- C:\WINDOWS\Tasks
2012-03-27 17:59:50 ----D---- C:\WINDOWS\Minidump
2012-03-27 17:59:26 ----D---- C:\Program Files\CCleaner
2012-03-27 16:20:05 ----D---- C:\WINDOWS\system32\drivers\NAV
2012-03-27 10:49:04 ----D---- C:\Program Files\Opera
2012-03-27 10:38:29 ----D---- C:\Program Files\Symantec
2012-03-27 10:38:29 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 05732855;05732855; C:\WINDOWS\system32\DRIVERS\05732855.sys [2011-07-21 133208]
R0 14916961;14916961; C:\WINDOWS\system32\DRIVERS\14916961.sys [2011-11-16 133208]
R0 36775014;36775014; C:\WINDOWS\system32\DRIVERS\36775014.sys [2011-11-10 133208]
R0 94170487;94170487; C:\WINDOWS\system32\DRIVERS\94170487.sys [2012-03-08 133208]
R0 EUBAKUP;EUBAKUP; C:\WINDOWS\system32\drivers\eubakup.sys [2011-12-23 50312]
R0 EUBKMON;EUBKMON; C:\WINDOWS\system32\drivers\EUBKMON.sys [2011-12-23 43784]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]
R0 m5288;m5288; C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 210304]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-01-20 170464]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NAV\1306020.00A\SYMDS.SYS [2011-07-25 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1306020.00A\SYMEFA.SYS [2012-01-18 905336]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2011-07-26 368480]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2012-02-24 600928]
R0 VVBackd5;VVBackd5; C:\WINDOWS\system32\drivers\VVBackd5.sys [2011-08-04 141400]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 AntiLog32;AntiLog32; \??\C:\Program Files\AntiLogger\AntiLog32.sys []
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys []
R1 ccSet_NAV;Norton AntiVirus Settings Manager; C:\WINDOWS\system32\drivers\NAV\1306020.00A\ccSetx86.sys [2011-11-30 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-16 242240]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 EUDSKACS;EUDSKACS; \??\C:\WINDOWS\system32\drivers\eudskacs.sys []
R1 EUFDDISK;EUFDDISK; \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver]; \??\C:\WINDOWS\system32\drivers\Sleen17.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1306020.00A\SRTSPX.SYS [2012-01-18 32888]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NAV\1306020.00A\Ironx86.SYS [2012-01-18 149624]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1306020.00A\SYMTDI.SYS [2012-01-18 388216]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller; C:\WINDOWS\System32\Drivers\ALIEHCI.sys [2012-01-15 84471]
R2 HCDisk;HCDisk; C:\WINDOWS\system32\drivers\HCDisk.sys [2011-01-05 56920]
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2011-07-26 44384]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2012-01-15 380416]
R3 aliroothub;USB 2.0 Root Hub; C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2012-01-15 5304]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2012-03-01 284792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FARMNTIO;FARMNTIO; \??\c:\windows\system32\drivers\farmntio.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120420.001\IDSxpx86.sys []
R3 L8042Kbd;Logitech SetPoint Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2012-04-19 13440]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120423.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120423.002\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2012-03-01 13417632]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1306020.00A\SRTSP.SYS [2012-01-18 574584]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2011-07-01 26624]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2011-09-14 299424]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2011-10-13 441608]
S1 Uim_Vim;UIM Virtual Image Plugin; C:\WINDOWS\System32\Drivers\Uim_Vim.sys [2011-10-13 277576]
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2011-10-13 45240]
S3 alihub;Generic Hub on USB 2.0 Bus; C:\WINDOWS\system32\DRIVERS\AliHub.sys [2012-01-15 32118]
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\dom\LOCALS~1\Temp\ALSysIO.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2012-01-15 50688]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
S3 slicedisk.sys;slicedisk.sys; \??\C:\WINDOWS\system32\slicedisk.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2012-01-05 32768]
S3 tapoas;TAP-Win32 Adapter OAS; C:\WINDOWS\system32\DRIVERS\tapoas.sys [2011-08-19 26112]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AEADIFilters;Andrea ADI Filters Service; C:\WINDOWS\system32\AEADISRV.EXE [2012-01-15 90112]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 DriveClone Network Client IBP;DriveClone Network Client IBP; C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe [2009-08-18 126976]
R2 EaseUS Agent;EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
R2 Guard Agent;Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-02-23 161664]
R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-02-29 164160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2009-11-02 431456]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu(preventivka)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu(preventivka)
Zdravím!
Poprosím o log ComboFix.
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu(preventivka)
Děkuji za Váš čas,ale doufal sem,že je vše ŤipŤop a vy na mě hned s combofixem 
Jenom po skenu přestalo fungovat kolečko na myši.
Tady je ten log a jeste jednou diky.
ComboFix 12-04-25.01 - dom 25.04.2012 11:33:01.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1367 [GMT 2:00]
Spuštěný z: c:\documents and settings\dom\Plocha\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-25 do 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-24 13:55 . 2012-04-24 13:56 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-24 09:54 . 2011-08-02 18:48 2469248 ----a-w- c:\windows\system32\BootMan.exe
2012-04-24 09:54 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-24 09:54 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-04-23 19:03 . 2012-04-23 19:03 -------- d-----w- C:\rsit
2012-04-23 17:24 . 2012-04-23 19:03 -------- d-----w- c:\program files\trend micro
2012-04-20 09:08 . 2012-04-23 17:43 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-19 12:08 . 2012-04-19 12:08 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-17 12:02 . 2012-04-17 12:08 -------- d-----w- C:\Fraps
2012-04-14 15:45 . 2012-04-14 15:46 -------- d-----w- c:\program files\CleanUp!
2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\Common Files\Steganos
2012-04-13 06:14 . 2012-04-17 14:04 -------- d-----w- c:\documents and settings\dom\Data aplikací\Steganos
2012-04-12 18:27 . 2012-04-12 18:28 -------- d-----w- c:\program files\iCare Data Recovery
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\program files\Common Files\Skype
2012-04-05 07:11 . 2012-04-05 07:11 -------- d-----w- c:\program files\HitmanPro
2012-04-05 07:11 . 2012-04-05 07:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-04-02 05:53 . 2012-04-14 09:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 12:02 . 2012-03-29 12:41 -------- d-----w- c:\program files\FinalWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:42 . 2011-05-18 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-09 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 08:38 . 2012-02-11 14:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-27 08:38 . 2012-02-11 14:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 12:35 . 2002-09-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-11 21:13 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 17:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-09 11:37 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-12-28 23:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-08 20:09 . 2012-03-08 18:10 133208 ----a-w- c:\windows\system32\drivers\94170487.sys
2012-03-01 18:24 . 2012-01-15 07:31 115640 ----a-w- c:\windows\system32\Vxdif.dll
2012-03-01 18:24 . 2011-07-22 14:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-01 18:24 . 2012-01-15 07:31 284792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-03-01 10:59 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 10:50 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 10:50 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2011-02-23 06:27 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-02-23 06:27 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-02-23 06:27 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-02-23 06:27 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-02-23 06:27 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-06-28 16:43 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-06-28 16:43 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-06-28 16:43 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-06-28 16:43 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-04-07 20:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-04-07 20:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-04-07 20:16 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2011-04-07 20:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 14:10 . 2002-09-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-04-30 08:05 385024 ------w- c:\windows\system32\html.iec
2012-02-24 06:26 . 2011-06-06 20:58 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-16 08:12 . 2012-02-16 08:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 17:39 . 2011-12-29 10:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-02-03 09:57 . 2002-09-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-04 12:15 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-15 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-01 488816]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-02-02 2975688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
backup=c:\windows\pss\AdFender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
backup=c:\windows\pss\alternative flash player auto-updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
backup=c:\windows\pss\_uninst_14916961.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
backup=c:\windows\pss\_uninst_36775014.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnVir Task Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Security Scan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBHAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
2008-04-14 06:52 507904 ----a-w- c:\windows\system32\winlogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-10-20 13:43 338296 ----a-w- c:\progra~1\Uniblue\DRIVER~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 18:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 04:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-01-05 09:32 1823744 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-15 07:36 1310720 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-11 05:26 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"d:\\Hry instal\\PES2012\\pes2012.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 05732855;05732855;c:\windows\system32\drivers\05732855.sys [21.7.2011 20:49 133208]
R0 14916961;14916961;c:\windows\system32\drivers\14916961.sys [16.11.2011 10:48 133208]
R0 36775014;36775014;c:\windows\system32\drivers\36775014.sys [10.11.2011 21:37 133208]
R0 94170487;94170487;c:\windows\system32\drivers\94170487.sys [8.3.2012 20:10 133208]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22.1.2012 19:39 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22.1.2012 19:39 43784]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [8.5.2011 7:32 210304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [24.4.2012 15:56 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [24.4.2012 15:56 905336]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VvBackd5.sys [15.3.2012 10:15 141400]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.2.2012 11:31 58648]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [20.4.2012 7:56 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [24.4.2012 15:56 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 19:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 19:48 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 10:12 242240]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22.1.2012 19:39 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22.1.2012 19:39 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [17.2.2010 14:21 94560]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [24.4.2012 15:56 149624]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5.5.2011 20:53 84471]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [16.2.2012 9:09 67584]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [22.1.2012 19:37 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [22.1.2012 19:37 23176]
R2 HCDisk;HCDisk;c:\windows\system32\drivers\HCDisk.sys [15.3.2012 10:15 56920]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 15:55 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23.2.2012 11:16 2348352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5.5.2011 20:53 5304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15.3.2012 8:04 106104]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [15.3.2012 10:14 21592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSXpx86.sys [25.4.2012 11:24 356280]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4.6.2011 11:49 17792]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [13.10.2011 14:06 277576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\FsLoader.exe [15.3.2012 10:15 126976]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 7:53 253088]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [5.5.2011 20:53 32118]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.4.2012 11:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.4.2012 11:54 8456]
S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.8.2011 2:46 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:42]
.
2012-04-25 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-15 13:43]
.
2012-04-25 c:\windows\Tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.4.20
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-80347912.sys
SafeBoot-SolutoService
MSConfigStartUp-SugarSync - c:\program files\SugarSync\SugarSyncManager.exe
MSConfigStartUp-TrueImageMonitor - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 11:39
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC46 -> Harddisk2\DR2 -> \Device\Scsi\m52881Port2Path0Target2Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODLED04.00.00.01PRO"="98FC08969DF84E353516039E2D90EA8A2DCCE92F946457713F5F88C4B9284B4C28E43194E8A9C101AAB48DA9093C2F5DE55A360615BC8485039CA069F61983FA26925D121CF6E5A9BECD241DF15850909C10AEEB9B65156DD60DE5258AAFC98405C85F39599A2E73CB75277D01C0DE90AE71E15ED4F957DA3E4AB30D5768C9078ED0FBD5D690C384FC466AF26090202BCD0C50FA00DACD6811EDD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E667A9C6AECB7A5D1407694122DB19D651C02F62F1159AD8177FF19595902E6AE2596E45BCE0B2AC314303A494318D2C072788EB8608E8C93D84D96C865AEA7455765A6CF3720FB15BFA8E5D02A10773651247D5BDC82CC311A9DF679628823B215604BD81084CCB1DE78A8EA2AA2C55103D65D60F91D414467514749D1150D1AB6DB4FABD374EF32C899B6EED7D0952AC517E3EB650B75F15E0AB93375F109FDDA0DCFAC6C65876405208CA24008CB967EF5169B1280D1BB7D87FDAC293646224C70C27FCB397F51929B901474B8AB26DACC1CDC4EE7192ED3E8BF46560D2A76F34797E86309965F669C1841D2C3B36729059F2763065637CE5F11D082FC2D434A57E12CB9E500FA06250DC2F263891AD964377122A4C03AB18772455998421EAD3190A7918910EDFD6BDA4CB6D81E8D7AECE09A64E6FB5C4140471BEEFC71890E7EA1F01E899D2807D840D066BFBAF31BC70ED87457B989989A47CF6362298257F3AA0191385255582C457B3BEEC30FA1AC0FC4C6700187D9C0CD377A10DD82E2CF0EF38C9D79B34833FDBEDB701097D91F922CE4472F747680D987BA1E55E34F59C849E7677A2F6145D0694DBC62B8164FC5FAE1F294ED178A17F04D1ED0643D570E6CAB42FFB7ABB2754C766335CD7444D47CF6D63877ECDE65255884B00EC3940B78255ABBB21F44ED9EF431CB7525B1404595940E0B0DE1C6D76CB874FC40387A6CF5C80CA51AEA4BF3593BC2946C51B50B5C2C36D4F13A74434570E4B640963FB0083A36772CCA03F07AE36738F9154FC943B5515C6C792599E9BB12167949610A2B6F020F2A5DCA8971D0B2C8CC4D26D6989C391064E89470ABA294F6F6505D30E96A45BC58319DEDB9B22BC21574D1C6A273EF081EBDCBA0E0D0B2AA1ABBB475B77E251DF2638D88E9C47E3B23322139245D898AF598176871F57D9258E66826762B08EB9C141232FC5A9B2AABA4F7322C30D3C8D44114E17AE6DD8A7A7572ED213F974537B5E5B7D705D0FFAC079F11C3B37E89ACCC72C9F2F14F8D805848904FA0CB6ABEFDF3602AAD9B2930E6756C6F416FB5908868DC84A74DB6EA8076524BD985FCA2DB67A8534792B6B5E077D2EEECE28D27ED28381D99B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(5784)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(864)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-04-25 11:41:34
ComboFix-quarantined-files.txt 2012-04-25 09:41
.
Před spuštěním: Volných bajtů: 52 071 731 200
Po spuštění: Volných bajtů: 52 106 522 624
.
- - End Of File - - 6563B32130414306DD3055E013700F07
Jenom po skenu přestalo fungovat kolečko na myši.
Tady je ten log a jeste jednou diky.
ComboFix 12-04-25.01 - dom 25.04.2012 11:33:01.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1367 [GMT 2:00]
Spuštěný z: c:\documents and settings\dom\Plocha\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-25 do 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-24 13:55 . 2012-04-24 13:56 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-24 09:54 . 2011-08-02 18:48 2469248 ----a-w- c:\windows\system32\BootMan.exe
2012-04-24 09:54 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-24 09:54 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-04-23 19:03 . 2012-04-23 19:03 -------- d-----w- C:\rsit
2012-04-23 17:24 . 2012-04-23 19:03 -------- d-----w- c:\program files\trend micro
2012-04-20 09:08 . 2012-04-23 17:43 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-19 12:08 . 2012-04-19 12:08 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-17 12:02 . 2012-04-17 12:08 -------- d-----w- C:\Fraps
2012-04-14 15:45 . 2012-04-14 15:46 -------- d-----w- c:\program files\CleanUp!
2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\Common Files\Steganos
2012-04-13 06:14 . 2012-04-17 14:04 -------- d-----w- c:\documents and settings\dom\Data aplikací\Steganos
2012-04-12 18:27 . 2012-04-12 18:28 -------- d-----w- c:\program files\iCare Data Recovery
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\program files\Common Files\Skype
2012-04-05 07:11 . 2012-04-05 07:11 -------- d-----w- c:\program files\HitmanPro
2012-04-05 07:11 . 2012-04-05 07:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-04-02 05:53 . 2012-04-14 09:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 12:02 . 2012-03-29 12:41 -------- d-----w- c:\program files\FinalWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:42 . 2011-05-18 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-09 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 08:38 . 2012-02-11 14:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-27 08:38 . 2012-02-11 14:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 12:35 . 2002-09-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-11 21:13 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 17:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-09 11:37 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-12-28 23:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-08 20:09 . 2012-03-08 18:10 133208 ----a-w- c:\windows\system32\drivers\94170487.sys
2012-03-01 18:24 . 2012-01-15 07:31 115640 ----a-w- c:\windows\system32\Vxdif.dll
2012-03-01 18:24 . 2011-07-22 14:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-01 18:24 . 2012-01-15 07:31 284792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-03-01 10:59 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 10:50 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 10:50 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2011-02-23 06:27 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-02-23 06:27 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-02-23 06:27 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-02-23 06:27 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-02-23 06:27 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-06-28 16:43 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-06-28 16:43 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-06-28 16:43 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-06-28 16:43 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-04-07 20:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-04-07 20:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-04-07 20:16 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2011-04-07 20:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 14:10 . 2002-09-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-04-30 08:05 385024 ------w- c:\windows\system32\html.iec
2012-02-24 06:26 . 2011-06-06 20:58 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-16 08:12 . 2012-02-16 08:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 17:39 . 2011-12-29 10:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-02-03 09:57 . 2002-09-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-04 12:15 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-15 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-01 488816]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-02-02 2975688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
backup=c:\windows\pss\AdFender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
backup=c:\windows\pss\alternative flash player auto-updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
backup=c:\windows\pss\_uninst_14916961.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
backup=c:\windows\pss\_uninst_36775014.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnVir Task Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Security Scan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBHAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
2008-04-14 06:52 507904 ----a-w- c:\windows\system32\winlogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-10-20 13:43 338296 ----a-w- c:\progra~1\Uniblue\DRIVER~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 18:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 04:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-01-05 09:32 1823744 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-15 07:36 1310720 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-11 05:26 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"d:\\Hry instal\\PES2012\\pes2012.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 05732855;05732855;c:\windows\system32\drivers\05732855.sys [21.7.2011 20:49 133208]
R0 14916961;14916961;c:\windows\system32\drivers\14916961.sys [16.11.2011 10:48 133208]
R0 36775014;36775014;c:\windows\system32\drivers\36775014.sys [10.11.2011 21:37 133208]
R0 94170487;94170487;c:\windows\system32\drivers\94170487.sys [8.3.2012 20:10 133208]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22.1.2012 19:39 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22.1.2012 19:39 43784]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [8.5.2011 7:32 210304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [24.4.2012 15:56 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [24.4.2012 15:56 905336]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VvBackd5.sys [15.3.2012 10:15 141400]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.2.2012 11:31 58648]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [20.4.2012 7:56 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [24.4.2012 15:56 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 19:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 19:48 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 10:12 242240]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22.1.2012 19:39 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22.1.2012 19:39 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [17.2.2010 14:21 94560]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [24.4.2012 15:56 149624]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5.5.2011 20:53 84471]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [16.2.2012 9:09 67584]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [22.1.2012 19:37 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [22.1.2012 19:37 23176]
R2 HCDisk;HCDisk;c:\windows\system32\drivers\HCDisk.sys [15.3.2012 10:15 56920]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 15:55 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23.2.2012 11:16 2348352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5.5.2011 20:53 5304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15.3.2012 8:04 106104]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [15.3.2012 10:14 21592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSXpx86.sys [25.4.2012 11:24 356280]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4.6.2011 11:49 17792]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [13.10.2011 14:06 277576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\FsLoader.exe [15.3.2012 10:15 126976]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 7:53 253088]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [5.5.2011 20:53 32118]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.4.2012 11:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.4.2012 11:54 8456]
S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.8.2011 2:46 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:42]
.
2012-04-25 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-15 13:43]
.
2012-04-25 c:\windows\Tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.4.20
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-80347912.sys
SafeBoot-SolutoService
MSConfigStartUp-SugarSync - c:\program files\SugarSync\SugarSyncManager.exe
MSConfigStartUp-TrueImageMonitor - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 11:39
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC46 -> Harddisk2\DR2 -> \Device\Scsi\m52881Port2Path0Target2Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODLED04.00.00.01PRO"="98FC08969DF84E353516039E2D90EA8A2DCCE92F946457713F5F88C4B9284B4C28E43194E8A9C101AAB48DA9093C2F5DE55A360615BC8485039CA069F61983FA26925D121CF6E5A9BECD241DF15850909C10AEEB9B65156DD60DE5258AAFC98405C85F39599A2E73CB75277D01C0DE90AE71E15ED4F957DA3E4AB30D5768C9078ED0FBD5D690C384FC466AF26090202BCD0C50FA00DACD6811EDD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E667A9C6AECB7A5D1407694122DB19D651C02F62F1159AD8177FF19595902E6AE2596E45BCE0B2AC314303A494318D2C072788EB8608E8C93D84D96C865AEA7455765A6CF3720FB15BFA8E5D02A10773651247D5BDC82CC311A9DF679628823B215604BD81084CCB1DE78A8EA2AA2C55103D65D60F91D414467514749D1150D1AB6DB4FABD374EF32C899B6EED7D0952AC517E3EB650B75F15E0AB93375F109FDDA0DCFAC6C65876405208CA24008CB967EF5169B1280D1BB7D87FDAC293646224C70C27FCB397F51929B901474B8AB26DACC1CDC4EE7192ED3E8BF46560D2A76F34797E86309965F669C1841D2C3B36729059F2763065637CE5F11D082FC2D434A57E12CB9E500FA06250DC2F263891AD964377122A4C03AB18772455998421EAD3190A7918910EDFD6BDA4CB6D81E8D7AECE09A64E6FB5C4140471BEEFC71890E7EA1F01E899D2807D840D066BFBAF31BC70ED87457B989989A47CF6362298257F3AA0191385255582C457B3BEEC30FA1AC0FC4C6700187D9C0CD377A10DD82E2CF0EF38C9D79B34833FDBEDB701097D91F922CE4472F747680D987BA1E55E34F59C849E7677A2F6145D0694DBC62B8164FC5FAE1F294ED178A17F04D1ED0643D570E6CAB42FFB7ABB2754C766335CD7444D47CF6D63877ECDE65255884B00EC3940B78255ABBB21F44ED9EF431CB7525B1404595940E0B0DE1C6D76CB874FC40387A6CF5C80CA51AEA4BF3593BC2946C51B50B5C2C36D4F13A74434570E4B640963FB0083A36772CCA03F07AE36738F9154FC943B5515C6C792599E9BB12167949610A2B6F020F2A5DCA8971D0B2C8CC4D26D6989C391064E89470ABA294F6F6505D30E96A45BC58319DEDB9B22BC21574D1C6A273EF081EBDCBA0E0D0B2AA1ABBB475B77E251DF2638D88E9C47E3B23322139245D898AF598176871F57D9258E66826762B08EB9C141232FC5A9B2AABA4F7322C30D3C8D44114E17AE6DD8A7A7572ED213F974537B5E5B7D705D0FFAC079F11C3B37E89ACCC72C9F2F14F8D805848904FA0CB6ABEFDF3602AAD9B2930E6756C6F416FB5908868DC84A74DB6EA8076524BD985FCA2DB67A8534792B6B5E077D2EEECE28D27ED28381D99B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(5784)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(864)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-04-25 11:41:34
ComboFix-quarantined-files.txt 2012-04-25 09:41
.
Před spuštěním: Volných bajtů: 52 071 731 200
Po spuštění: Volných bajtů: 52 106 522 624
.
- - End Of File - - 6563B32130414306DD3055E013700F07
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu(preventivka)
Moc "ťipťop" to není. Jsou tam rootkity. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\system32\drivers\94170487.sys
c:\windows\system32\drivers\05732855.sys
c:\windows\system32\drivers\14916961.sys
c:\windows\system32\drivers\36775014.sys
Driver::
05732855
14916961
36775014
94170487
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu(preventivka)
Zdravim a přidávám log
ComboFix 12-04-25.01 - dom 26.04.2012 7:40.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1449 [GMT 2:00]
Spuštěný z: c:\documents and settings\dom\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\dom\Plocha\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
file zipped: c:\windows\system32\drivers\05732855.sys
file zipped: c:\windows\system32\drivers\14916961.sys
file zipped: c:\windows\system32\drivers\36775014.sys
file zipped: c:\windows\system32\drivers\94170487.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\05732855.sys
c:\windows\system32\drivers\14916961.sys
c:\windows\system32\drivers\36775014.sys
c:\windows\system32\drivers\94170487.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_05732855
-------\Legacy_14916961
-------\Legacy_36775014
-------\Legacy_94170487
-------\Service_05732855
-------\Service_14916961
-------\Service_36775014
-------\Service_94170487
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-26 do 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-24 13:55 . 2012-04-25 15:55 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-24 09:54 . 2011-08-02 18:48 2469248 ----a-w- c:\windows\system32\BootMan.exe
2012-04-24 09:54 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-24 09:54 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-04-23 19:03 . 2012-04-23 19:03 -------- d-----w- C:\rsit
2012-04-23 17:24 . 2012-04-23 19:03 -------- d-----w- c:\program files\trend micro
2012-04-20 09:08 . 2012-04-23 17:43 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-19 12:08 . 2012-04-19 12:08 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-17 12:02 . 2012-04-17 12:08 -------- d-----w- C:\Fraps
2012-04-14 15:45 . 2012-04-14 15:46 -------- d-----w- c:\program files\CleanUp!
2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\Common Files\Steganos
2012-04-13 06:14 . 2012-04-17 14:04 -------- d-----w- c:\documents and settings\dom\Data aplikací\Steganos
2012-04-12 18:27 . 2012-04-12 18:28 -------- d-----w- c:\program files\iCare Data Recovery
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\program files\Common Files\Skype
2012-04-05 07:11 . 2012-04-05 07:11 -------- d-----w- c:\program files\HitmanPro
2012-04-05 07:11 . 2012-04-05 07:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-04-02 05:53 . 2012-04-14 09:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 12:02 . 2012-03-29 12:41 -------- d-----w- c:\program files\FinalWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:42 . 2011-05-18 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-09 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 08:38 . 2012-02-11 14:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-27 08:38 . 2012-02-11 14:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 12:35 . 2002-09-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-11 21:13 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 17:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-09 11:37 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-12-28 23:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 18:24 . 2012-01-15 07:31 115640 ----a-w- c:\windows\system32\Vxdif.dll
2012-03-01 18:24 . 2011-07-22 14:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-01 18:24 . 2012-01-15 07:31 284792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-03-01 10:59 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 10:50 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 10:50 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2011-02-23 06:27 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-02-23 06:27 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-02-23 06:27 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-02-23 06:27 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-02-23 06:27 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-06-28 16:43 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-06-28 16:43 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-06-28 16:43 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-06-28 16:43 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-04-07 20:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-04-07 20:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-04-07 20:16 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2011-04-07 20:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 14:10 . 2002-09-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-04-30 08:05 385024 ------w- c:\windows\system32\html.iec
2012-02-24 06:26 . 2011-06-06 20:58 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-16 08:12 . 2012-02-16 08:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 17:39 . 2011-12-29 10:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-02-03 09:57 . 2002-09-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-04 12:15 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-15 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-01 488816]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-02-02 2975688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
backup=c:\windows\pss\AdFender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
backup=c:\windows\pss\alternative flash player auto-updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
backup=c:\windows\pss\_uninst_14916961.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
backup=c:\windows\pss\_uninst_36775014.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
2008-04-14 06:52 507904 ----a-w- c:\windows\system32\winlogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-10-20 13:43 338296 ----a-w- c:\progra~1\Uniblue\DRIVER~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 18:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 04:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-01-05 09:32 1823744 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-15 07:36 1310720 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-11 05:26 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"d:\\Hry instal\\PES2012\\pes2012.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22.1.2012 19:39 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22.1.2012 19:39 43784]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [8.5.2011 7:32 210304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [24.4.2012 15:56 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [24.4.2012 15:56 905336]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VvBackd5.sys [15.3.2012 10:15 141400]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.2.2012 11:31 58648]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [20.4.2012 7:56 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [24.4.2012 15:56 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 19:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 19:48 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 10:12 242240]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22.1.2012 19:39 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22.1.2012 19:39 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [17.2.2010 14:21 94560]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [24.4.2012 15:56 149624]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5.5.2011 20:53 84471]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [16.2.2012 9:09 67584]
R2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\FsLoader.exe [15.3.2012 10:15 126976]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [22.1.2012 19:37 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [22.1.2012 19:37 23176]
R2 HCDisk;HCDisk;c:\windows\system32\drivers\HCDisk.sys [15.3.2012 10:15 56920]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 15:55 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23.2.2012 11:16 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5.5.2011 20:53 5304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15.3.2012 8:04 106104]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [15.3.2012 10:14 21592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSXpx86.sys [25.4.2012 11:24 356280]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4.6.2011 11:49 17792]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [13.10.2011 14:06 277576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 7:53 253088]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [5.5.2011 20:53 32118]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.4.2012 11:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.4.2012 11:54 8456]
S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.8.2011 2:46 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:42]
.
2012-04-26 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-15 13:43]
.
2012-04-26 c:\windows\Tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.4.20
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 07:49
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODLED04.00.00.01PRO"="98FC08969DF84E353516039E2D90EA8A2DCCE92F946457713F5F88C4B9284B4C28E43194E8A9C101AAB48DA9093C2F5DE55A360615BC8485039CA069F61983FA26925D121CF6E5A9BECD241DF15850909C10AEEB9B65156DD60DE5258AAFC98405C85F39599A2E73CB75277D01C0DE90AE71E15ED4F957DA3E4AB30D5768C9078ED0FBD5D690C384FC466AF26090202BCD0C50FA00DACD6811EDD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E667A9C6AECB7A5D1407694122DB19D651C02F62F1159AD8177FF19595902E6AE2596E45BCE0B2AC314303A494318D2C072788EB8608E8C93D84D96C865AEA7455765A6CF3720FB15BFA8E5D02A10773651247D5BDC82CC311A9DF679628823B215604BD81084CCB1DE78A8EA2AA2C55103D65D60F91D414467514749D1150D1AB6DB4FABD374EF32C899B6EED7D0952AC517E3EB650B75F15E0AB93375F109FDDA0DCFAC6C65876405208CA24008CB967EF5169B1280D1BB7D87FDAC293646224C70C27FCB397F51929B901474B8AB26DACC1CDC4EE7192ED3E8BF46560D2A76F34797E86309965F669C1841D2C3B36729059F2763065637CE5F11D082FC2D434A57E12CB9E500FA06250DC2F263891AD964377122A4C03AB18772455998421EAD3190A7918910EDFD6BDA4CB6D81E8D7AECE09A64E6FB5C4140471BEEFC71890E7EA1F01E899D2807D840D066BFBAF31BC70ED87457B989989A47CF6362298257F3AA0191385255582C457B3BEEC30FA1AC0FC4C6700187D9C0CD377A10DD82E2CF0EF38C9D79B34833FDBEDB701097D91F922CE4472F747680D987BA1E55E34F59C849E7677A2F6145D0694DBC62B8164FC5FAE1F294ED178A17F04D1ED0643D570E6CAB42FFB7ABB2754C766335CD7444D47CF6D63877ECDE65255884B00EC3940B78255ABBB21F44ED9EF431CB7525B1404595940E0B0DE1C6D76CB874FC40387A6CF5C80CA51AEA4BF3593BC2946C51B50B5C2C36D4F13A74434570E4B640963FB0083A36772CCA03F07AE36738F9154FC943B5515C6C792599E9BB12167949610A2B6F020F2A5DCA8971D0B2C8CC4D26D6989C391064E89470ABA294F6F6505D30E96A45BC58319DEDB9B22BC21574D1C6A273EF081EBDCBA0E0D0B2AA1ABBB475B77E251DF2638D88E9C47E3B23322139245D898AF598176871F57D9258E66826762B08EB9C141232FC5A9B2AABA4F7322C30D3C8D44114E17AE6DD8A7A7572ED213F974537B5E5B7D705D0FFAC079F11C3B37E89ACCC72C9F2F14F8D805848904FA0CB6ABEFDF3602AAD9B2930E6756C6F416FB5908868DC84A74DB6EA8076524BD985FCA2DB67A8534792B6B5E077D2EEECE28D27ED28381D99B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(1292)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(864)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-04-26 07:51:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-26 05:51
ComboFix2.txt 2012-04-25 09:41
.
Před spuštěním: Volných bajtů: 52 091 404 288
Po spuštění: Volných bajtů: 51 983 650 816
.
- - End Of File - - 2E64A8D3747741CD4001D1F67C43C343
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 12-04-25.01 - dom 26.04.2012 7:40.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1449 [GMT 2:00]
Spuštěný z: c:\documents and settings\dom\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\dom\Plocha\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
file zipped: c:\windows\system32\drivers\05732855.sys
file zipped: c:\windows\system32\drivers\14916961.sys
file zipped: c:\windows\system32\drivers\36775014.sys
file zipped: c:\windows\system32\drivers\94170487.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\05732855.sys
c:\windows\system32\drivers\14916961.sys
c:\windows\system32\drivers\36775014.sys
c:\windows\system32\drivers\94170487.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_05732855
-------\Legacy_14916961
-------\Legacy_36775014
-------\Legacy_94170487
-------\Service_05732855
-------\Service_14916961
-------\Service_36775014
-------\Service_94170487
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-26 do 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-24 13:55 . 2012-04-25 15:55 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-24 09:54 . 2011-08-02 18:48 2469248 ----a-w- c:\windows\system32\BootMan.exe
2012-04-24 09:54 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-24 09:54 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-04-23 19:03 . 2012-04-23 19:03 -------- d-----w- C:\rsit
2012-04-23 17:24 . 2012-04-23 19:03 -------- d-----w- c:\program files\trend micro
2012-04-20 09:08 . 2012-04-23 17:43 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-19 12:08 . 2012-04-19 12:08 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-17 12:02 . 2012-04-17 12:08 -------- d-----w- C:\Fraps
2012-04-14 15:45 . 2012-04-14 15:46 -------- d-----w- c:\program files\CleanUp!
2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\Common Files\Steganos
2012-04-13 06:14 . 2012-04-17 14:04 -------- d-----w- c:\documents and settings\dom\Data aplikací\Steganos
2012-04-12 18:27 . 2012-04-12 18:28 -------- d-----w- c:\program files\iCare Data Recovery
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\program files\Common Files\Skype
2012-04-05 07:11 . 2012-04-05 07:11 -------- d-----w- c:\program files\HitmanPro
2012-04-05 07:11 . 2012-04-05 07:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-04-02 05:53 . 2012-04-14 09:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 12:02 . 2012-03-29 12:41 -------- d-----w- c:\program files\FinalWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:42 . 2011-05-18 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-09 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 08:38 . 2012-02-11 14:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-27 08:38 . 2012-02-11 14:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 12:35 . 2002-09-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-11 21:13 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 17:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-09 11:37 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-12-28 23:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 18:24 . 2012-01-15 07:31 115640 ----a-w- c:\windows\system32\Vxdif.dll
2012-03-01 18:24 . 2011-07-22 14:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-01 18:24 . 2012-01-15 07:31 284792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-03-01 10:59 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 10:50 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 10:50 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2011-02-23 06:27 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-02-23 06:27 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-02-23 06:27 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-02-23 06:27 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-02-23 06:27 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-06-28 16:43 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-06-28 16:43 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-06-28 16:43 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-06-28 16:43 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-04-07 20:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-04-07 20:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-04-07 20:16 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2011-04-07 20:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 14:10 . 2002-09-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-04-30 08:05 385024 ------w- c:\windows\system32\html.iec
2012-02-24 06:26 . 2011-06-06 20:58 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-16 08:12 . 2012-02-16 08:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 17:39 . 2011-12-29 10:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-02-03 09:57 . 2002-09-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-04 12:15 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-15 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-01 488816]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-02-02 2975688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
backup=c:\windows\pss\AdFender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
backup=c:\windows\pss\alternative flash player auto-updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
backup=c:\windows\pss\_uninst_14916961.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
backup=c:\windows\pss\_uninst_36775014.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
2008-04-14 06:52 507904 ----a-w- c:\windows\system32\winlogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-10-20 13:43 338296 ----a-w- c:\progra~1\Uniblue\DRIVER~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 18:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 04:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-01-05 09:32 1823744 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-15 07:36 1310720 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-11 05:26 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"d:\\Hry instal\\PES2012\\pes2012.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22.1.2012 19:39 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22.1.2012 19:39 43784]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [8.5.2011 7:32 210304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [24.4.2012 15:56 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [24.4.2012 15:56 905336]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VvBackd5.sys [15.3.2012 10:15 141400]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.2.2012 11:31 58648]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [20.4.2012 7:56 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [24.4.2012 15:56 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 19:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 19:48 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 10:12 242240]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22.1.2012 19:39 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22.1.2012 19:39 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [17.2.2010 14:21 94560]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [24.4.2012 15:56 149624]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5.5.2011 20:53 84471]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [16.2.2012 9:09 67584]
R2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\FsLoader.exe [15.3.2012 10:15 126976]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [22.1.2012 19:37 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [22.1.2012 19:37 23176]
R2 HCDisk;HCDisk;c:\windows\system32\drivers\HCDisk.sys [15.3.2012 10:15 56920]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 15:55 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23.2.2012 11:16 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5.5.2011 20:53 5304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15.3.2012 8:04 106104]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [15.3.2012 10:14 21592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSXpx86.sys [25.4.2012 11:24 356280]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4.6.2011 11:49 17792]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [13.10.2011 14:06 277576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 7:53 253088]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [5.5.2011 20:53 32118]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.4.2012 11:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.4.2012 11:54 8456]
S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.8.2011 2:46 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:42]
.
2012-04-26 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-15 13:43]
.
2012-04-26 c:\windows\Tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.4.20
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 07:49
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODLED04.00.00.01PRO"="98FC08969DF84E353516039E2D90EA8A2DCCE92F946457713F5F88C4B9284B4C28E43194E8A9C101AAB48DA9093C2F5DE55A360615BC8485039CA069F61983FA26925D121CF6E5A9BECD241DF15850909C10AEEB9B65156DD60DE5258AAFC98405C85F39599A2E73CB75277D01C0DE90AE71E15ED4F957DA3E4AB30D5768C9078ED0FBD5D690C384FC466AF26090202BCD0C50FA00DACD6811EDD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E667A9C6AECB7A5D1407694122DB19D651C02F62F1159AD8177FF19595902E6AE2596E45BCE0B2AC314303A494318D2C072788EB8608E8C93D84D96C865AEA7455765A6CF3720FB15BFA8E5D02A10773651247D5BDC82CC311A9DF679628823B215604BD81084CCB1DE78A8EA2AA2C55103D65D60F91D414467514749D1150D1AB6DB4FABD374EF32C899B6EED7D0952AC517E3EB650B75F15E0AB93375F109FDDA0DCFAC6C65876405208CA24008CB967EF5169B1280D1BB7D87FDAC293646224C70C27FCB397F51929B901474B8AB26DACC1CDC4EE7192ED3E8BF46560D2A76F34797E86309965F669C1841D2C3B36729059F2763065637CE5F11D082FC2D434A57E12CB9E500FA06250DC2F263891AD964377122A4C03AB18772455998421EAD3190A7918910EDFD6BDA4CB6D81E8D7AECE09A64E6FB5C4140471BEEFC71890E7EA1F01E899D2807D840D066BFBAF31BC70ED87457B989989A47CF6362298257F3AA0191385255582C457B3BEEC30FA1AC0FC4C6700187D9C0CD377A10DD82E2CF0EF38C9D79B34833FDBEDB701097D91F922CE4472F747680D987BA1E55E34F59C849E7677A2F6145D0694DBC62B8164FC5FAE1F294ED178A17F04D1ED0643D570E6CAB42FFB7ABB2754C766335CD7444D47CF6D63877ECDE65255884B00EC3940B78255ABBB21F44ED9EF431CB7525B1404595940E0B0DE1C6D76CB874FC40387A6CF5C80CA51AEA4BF3593BC2946C51B50B5C2C36D4F13A74434570E4B640963FB0083A36772CCA03F07AE36738F9154FC943B5515C6C792599E9BB12167949610A2B6F020F2A5DCA8971D0B2C8CC4D26D6989C391064E89470ABA294F6F6505D30E96A45BC58319DEDB9B22BC21574D1C6A273EF081EBDCBA0E0D0B2AA1ABBB475B77E251DF2638D88E9C47E3B23322139245D898AF598176871F57D9258E66826762B08EB9C141232FC5A9B2AABA4F7322C30D3C8D44114E17AE6DD8A7A7572ED213F974537B5E5B7D705D0FFAC079F11C3B37E89ACCC72C9F2F14F8D805848904FA0CB6ABEFDF3602AAD9B2930E6756C6F416FB5908868DC84A74DB6EA8076524BD985FCA2DB67A8534792B6B5E077D2EEECE28D27ED28381D99B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(1292)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(864)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-04-26 07:51:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-26 05:51
ComboFix2.txt 2012-04-25 09:41
.
Před spuštěním: Volných bajtů: 52 091 404 288
Po spuštění: Volných bajtů: 51 983 650 816
.
- - End Of File - - 2E64A8D3747741CD4001D1F67C43C343
Nahr nˇ probŘhlo ŁspŘçnŘ
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu(preventivka)
Ještě jednou spusťte ComboFix tímto skriptem:
Opět uložte na plochu jako CFScript.txt a přetáhněte nad ikonu Combofix.Regnull::
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu(preventivka)
Dobrý večer
ComboFix 12-04-25.01 - dom 26.04.2012 18:31:13.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1301 [GMT 2:00]
Spuštěný z: c:\documents and settings\dom\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\dom\Plocha\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-26 do 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-24 13:55 . 2012-04-25 15:55 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-24 09:54 . 2011-08-02 18:48 2469248 ----a-w- c:\windows\system32\BootMan.exe
2012-04-24 09:54 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-24 09:54 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-04-23 19:03 . 2012-04-23 19:03 -------- d-----w- C:\rsit
2012-04-23 17:24 . 2012-04-23 19:03 -------- d-----w- c:\program files\trend micro
2012-04-20 09:08 . 2012-04-23 17:43 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-19 12:08 . 2012-04-19 12:08 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-17 12:02 . 2012-04-17 12:08 -------- d-----w- C:\Fraps
2012-04-14 15:45 . 2012-04-14 15:46 -------- d-----w- c:\program files\CleanUp!
2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\Common Files\Steganos
2012-04-13 06:14 . 2012-04-17 14:04 -------- d-----w- c:\documents and settings\dom\Data aplikací\Steganos
2012-04-12 18:27 . 2012-04-12 18:28 -------- d-----w- c:\program files\iCare Data Recovery
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\program files\Common Files\Skype
2012-04-05 07:11 . 2012-04-05 07:11 -------- d-----w- c:\program files\HitmanPro
2012-04-05 07:11 . 2012-04-05 07:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-04-02 05:53 . 2012-04-14 09:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 12:02 . 2012-03-29 12:41 -------- d-----w- c:\program files\FinalWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:42 . 2011-05-18 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-09 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 08:38 . 2012-02-11 14:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-27 08:38 . 2012-02-11 14:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 12:35 . 2002-09-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-11 21:13 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 17:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-09 11:37 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-12-28 23:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 18:24 . 2012-01-15 07:31 115640 ----a-w- c:\windows\system32\Vxdif.dll
2012-03-01 18:24 . 2011-07-22 14:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-01 18:24 . 2012-01-15 07:31 284792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-03-01 10:59 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 10:50 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 10:50 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2011-02-23 06:27 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-02-23 06:27 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-02-23 06:27 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-02-23 06:27 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-02-23 06:27 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-06-28 16:43 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-06-28 16:43 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-06-28 16:43 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-06-28 16:43 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-04-07 20:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-04-07 20:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-04-07 20:16 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2011-04-07 20:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 14:10 . 2002-09-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-04-30 08:05 385024 ------w- c:\windows\system32\html.iec
2012-02-24 06:26 . 2011-06-06 20:58 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-16 08:12 . 2012-02-16 08:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 17:39 . 2011-12-29 10:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-02-03 09:57 . 2002-09-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-04 12:15 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-15 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-04-25_09.39.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-26 05:55 . 2012-04-26 05:55 16384 c:\windows\Temp\Perflib_Perfdata_390.dat
+ 2012-04-26 05:48 . 2012-04-26 05:48 16384 c:\windows\Temp\Perflib_Perfdata_320.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-01 488816]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-02-02 2975688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
backup=c:\windows\pss\AdFender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
backup=c:\windows\pss\alternative flash player auto-updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
backup=c:\windows\pss\_uninst_14916961.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
backup=c:\windows\pss\_uninst_36775014.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
2008-04-14 06:52 507904 ----a-w- c:\windows\system32\winlogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-10-20 13:43 338296 ----a-w- c:\progra~1\Uniblue\DRIVER~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 18:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 04:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-01-05 09:32 1823744 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-15 07:36 1310720 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-11 05:26 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"d:\\Hry instal\\PES2012\\pes2012.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22.1.2012 19:39 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22.1.2012 19:39 43784]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [8.5.2011 7:32 210304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [24.4.2012 15:56 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [24.4.2012 15:56 905336]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VvBackd5.sys [15.3.2012 10:15 141400]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.2.2012 11:31 58648]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [20.4.2012 7:56 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [24.4.2012 15:56 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 19:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 19:48 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 10:12 242240]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22.1.2012 19:39 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22.1.2012 19:39 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [17.2.2010 14:21 94560]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [24.4.2012 15:56 149624]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5.5.2011 20:53 84471]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [16.2.2012 9:09 67584]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [22.1.2012 19:37 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [22.1.2012 19:37 23176]
R2 HCDisk;HCDisk;c:\windows\system32\drivers\HCDisk.sys [15.3.2012 10:15 56920]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 15:55 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23.2.2012 11:16 2348352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5.5.2011 20:53 5304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15.3.2012 8:04 106104]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [15.3.2012 10:14 21592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSXpx86.sys [25.4.2012 11:24 356280]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4.6.2011 11:49 17792]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [13.10.2011 14:06 277576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\FsLoader.exe [15.3.2012 10:15 126976]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 7:53 253088]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [5.5.2011 20:53 32118]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.4.2012 11:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.4.2012 11:54 8456]
S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.8.2011 2:46 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:42]
.
2012-04-26 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-15 13:43]
.
2012-04-26 c:\windows\Tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.4.20
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 18:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC46 -> Harddisk2\DR2 -> \Device\Scsi\m52881Port2Path0Target2Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(864)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-04-26 18:40:22
ComboFix-quarantined-files.txt 2012-04-26 16:40
ComboFix2.txt 2012-04-26 05:53
ComboFix3.txt 2012-04-25 09:41
.
Před spuštěním: Volných bajtů: 53 964 513 280
Po spuštění: Volných bajtů: 53 938 302 976
.
- - End Of File - - D1C2A4AB833BD400FA8AEDD5923CC87B
ComboFix 12-04-25.01 - dom 26.04.2012 18:31:13.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1301 [GMT 2:00]
Spuštěný z: c:\documents and settings\dom\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\dom\Plocha\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-26 do 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-24 13:55 . 2012-04-25 15:55 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-24 09:54 . 2011-08-02 18:48 2469248 ----a-w- c:\windows\system32\BootMan.exe
2012-04-24 09:54 . 2011-07-29 11:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-04-24 09:54 . 2011-07-29 11:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-04-24 09:54 . 2011-07-29 11:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-04-23 19:03 . 2012-04-23 19:03 -------- d-----w- C:\rsit
2012-04-23 17:24 . 2012-04-23 19:03 -------- d-----w- c:\program files\trend micro
2012-04-20 09:08 . 2012-04-23 17:43 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-19 12:08 . 2012-04-19 12:08 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-17 12:02 . 2012-04-17 12:08 -------- d-----w- C:\Fraps
2012-04-14 15:45 . 2012-04-14 15:46 -------- d-----w- c:\program files\CleanUp!
2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\Common Files\Steganos
2012-04-13 06:14 . 2012-04-17 14:04 -------- d-----w- c:\documents and settings\dom\Data aplikací\Steganos
2012-04-12 18:27 . 2012-04-12 18:28 -------- d-----w- c:\program files\iCare Data Recovery
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\program files\Common Files\Skype
2012-04-05 07:11 . 2012-04-05 07:11 -------- d-----w- c:\program files\HitmanPro
2012-04-05 07:11 . 2012-04-05 07:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HitmanPro
2012-04-02 05:53 . 2012-04-14 09:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 12:02 . 2012-03-29 12:41 -------- d-----w- c:\program files\FinalWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:42 . 2011-05-18 17:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-09 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 08:38 . 2012-02-11 14:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-27 08:38 . 2012-02-11 14:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 12:35 . 2002-09-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-11 21:13 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 17:48 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-11-09 11:37 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-12-28 23:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 18:24 . 2012-01-15 07:31 115640 ----a-w- c:\windows\system32\Vxdif.dll
2012-03-01 18:24 . 2011-07-22 14:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-01 18:24 . 2012-01-15 07:31 284792 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-03-01 10:59 . 2002-09-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-11-09 10:50 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-11-09 10:50 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2011-02-23 06:27 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-02-23 06:27 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-02-23 06:27 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-02-23 06:27 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-02-23 06:27 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-06-28 16:43 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-06-28 16:43 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-06-28 16:43 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-06-28 16:43 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-04-07 20:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-04-07 20:16 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-04-07 20:16 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2011-04-07 20:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 14:10 . 2002-09-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-04-30 08:05 385024 ------w- c:\windows\system32\html.iec
2012-02-24 06:26 . 2011-06-06 20:58 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-16 08:12 . 2012-02-16 08:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 17:39 . 2011-12-29 10:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-02-03 09:57 . 2002-09-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-04 12:15 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-15 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-04-25_09.39.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-26 05:55 . 2012-04-26 05:55 16384 c:\windows\Temp\Perflib_Perfdata_390.dat
+ 2012-04-26 05:48 . 2012-04-26 05:48 16384 c:\windows\Temp\Perflib_Perfdata_320.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-01 488816]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-02-02 2975688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AdFender.lnk]
backup=c:\windows\pss\AdFender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^alternative flash player auto-updater.lnk]
backup=c:\windows\pss\alternative flash player auto-updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_14916961.lnk]
backup=c:\windows\pss\_uninst_14916961.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dom^Nabídka Start^Programy^Po spuštění^_uninst_36775014.lnk]
backup=c:\windows\pss\_uninst_36775014.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger10_Uninstall1]
2008-04-14 06:52 507904 ----a-w- c:\windows\system32\winlogon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
2010-09-23 15:46 3154432 ----a-w- c:\program files\Cobian Backup 10\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2011-10-20 13:43 338296 ----a-w- c:\progra~1\Uniblue\DRIVER~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 18:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 04:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-01-05 09:32 1823744 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2012-01-15 07:36 1310720 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-11 05:26 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"d:\\Hry instal\\PES2012\\pes2012.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [22.1.2012 19:39 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [22.1.2012 19:39 43784]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [8.5.2011 7:32 210304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [24.4.2012 15:56 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [24.4.2012 15:56 905336]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VvBackd5.sys [15.3.2012 10:15 141400]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.2.2012 11:31 58648]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [20.4.2012 7:56 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [24.4.2012 15:56 132744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 19:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 19:48 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.2.2012 10:12 242240]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [22.1.2012 19:39 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [22.1.2012 19:39 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [17.2.2010 14:21 94560]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [24.4.2012 15:56 149624]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [5.5.2011 20:53 84471]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [16.2.2012 9:09 67584]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [22.1.2012 19:37 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [22.1.2012 19:37 23176]
R2 HCDisk;HCDisk;c:\windows\system32\drivers\HCDisk.sys [15.3.2012 10:15 56920]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 15:55 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23.2.2012 11:16 2348352]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [5.5.2011 20:53 5304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15.3.2012 8:04 106104]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [15.3.2012 10:14 21592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSXpx86.sys [25.4.2012 11:24 356280]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4.6.2011 11:49 17792]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [13.10.2011 14:06 277576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\FsLoader.exe [15.3.2012 10:15 126976]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 7:53 253088]
S3 alihub;Generic Hub on USB 2.0 Bus;c:\windows\system32\drivers\AliHub.sys [5.5.2011 20:53 32118]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\dom\LOCALS~1\Temp\ALSysIO.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.4.2012 11:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.4.2012 11:54 8456]
S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 18:52 431456]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.8.2011 2:46 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.12.2011 15:12 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:42]
.
2012-04-26 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-15 13:43]
.
2012-04-26 c:\windows\Tasks\User_Feed_Synchronization-{D0F7BD77-CCB4-4A6F-9796-3E0F6A6FD883}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.4.20
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\dom\Data aplikací\Mozilla\Firefox\Profiles\57lkyadx.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 18:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC46 -> Harddisk2\DR2 -> \Device\Scsi\m52881Port2Path0Target2Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-113007714-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(864)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-04-26 18:40:22
ComboFix-quarantined-files.txt 2012-04-26 16:40
ComboFix2.txt 2012-04-26 05:53
ComboFix3.txt 2012-04-25 09:41
.
Před spuštěním: Volných bajtů: 53 964 513 280
Po spuštění: Volných bajtů: 53 938 302 976
.
- - End Of File - - D1C2A4AB833BD400FA8AEDD5923CC87B
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu(preventivka)
OK. Ještě to vypadá, že je nějaký problém v MBR. Stáhněte, rozbalte a spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip a nechte pracovat. Nakonec sem dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu(preventivka)
Akorát po kombofixuprestalo fungovat kolecko na myši a tu je log:
19:14:48.0937 5192 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:14:49.0015 5192 ============================================================
19:14:49.0015 5192 Current date / time: 2012/04/26 19:14:49.0015
19:14:49.0015 5192 SystemInfo:
19:14:49.0015 5192
19:14:49.0015 5192 OS Version: 5.1.2600 ServicePack: 3.0
19:14:49.0015 5192 Product type: Workstation
19:14:49.0015 5192 ComputerName: JA
19:14:49.0031 5192 UserName: dom
19:14:49.0031 5192 Windows directory: C:\WINDOWS
19:14:49.0031 5192 System windows directory: C:\WINDOWS
19:14:49.0031 5192 Processor architecture: Intel x86
19:14:49.0031 5192 Number of processors: 1
19:14:49.0031 5192 Page size: 0x1000
19:14:49.0031 5192 Boot type: Normal boot
19:14:49.0031 5192 ============================================================
19:14:50.0203 5192 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x11B2C, SectorsPerTrack: 0x21, TracksPerCylinder: 0x62, Type 'K0', Flags 0x00000054
19:14:50.0218 5192 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25A00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
19:14:50.0234 5192 Drive \Device\Harddisk2\DR2 - Size: 0x7470C05C00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
19:14:50.0250 5192 ============================================================
19:14:50.0250 5192 \Device\Harddisk0\DR0:
19:14:50.0250 5192 MBR partitions:
19:14:50.0265 5192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xCC3, BlocksNum 0xA4ED9C5
19:14:50.0296 5192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDF93000, BlocksNum 0x1000
19:14:50.0296 5192 \Device\Harddisk1\DR1:
19:14:50.0312 5192 MBR partitions:
19:14:50.0312 5192 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
19:14:50.0312 5192 \Device\Harddisk2\DR2:
19:14:50.0312 5192 MBR partitions:
19:14:50.0312 5192 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8185947
19:14:50.0328 5192 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x81859C5, BlocksNum 0x321FF27C
19:14:50.0328 5192 ============================================================
19:14:50.0359 5192 C: <-> \Device\Harddisk2\DR2\Partition0
19:14:50.0359 5192 H: <-> \Device\Harddisk1\DR1\Partition0
19:14:50.0390 5192 E: <-> \Device\Harddisk0\DR0\Partition0
19:14:50.0390 5192 D: <-> \Device\Harddisk2\DR2\Partition1
19:14:50.0421 5192 G: <-> \Device\Harddisk0\DR0\Partition1
19:14:50.0421 5192 ============================================================
19:14:50.0421 5192 Initialize success
19:14:50.0421 5192 ============================================================
19:15:09.0984 5504 ============================================================
19:15:09.0984 5504 Scan started
19:15:09.0984 5504 Mode: Manual;
19:15:09.0984 5504 ============================================================
19:15:10.0328 5504 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:15:10.0328 5504 !SASCORE - ok
19:15:10.0406 5504 Abiosdsk - ok
19:15:10.0421 5504 abp480n5 - ok
19:15:10.0453 5504 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:15:10.0468 5504 ACPI - ok
19:15:10.0500 5504 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:15:10.0500 5504 ACPIEC - ok
19:15:10.0546 5504 ADIHdAudAddService (23f78687cbf3972704650a799420bfa8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:15:10.0562 5504 ADIHdAudAddService - ok
19:15:10.0625 5504 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:15:10.0625 5504 AdobeFlashPlayerUpdateSvc - ok
19:15:10.0640 5504 adpu160m - ok
19:15:10.0656 5504 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\WINDOWS\system32\AEADISRV.EXE
19:15:10.0656 5504 AEADIFilters - ok
19:15:10.0687 5504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:15:10.0687 5504 aec - ok
19:15:10.0734 5504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:15:10.0734 5504 AFD - ok
19:15:10.0750 5504 Aha154x - ok
19:15:10.0765 5504 aic78u2 - ok
19:15:10.0765 5504 aic78xx - ok
19:15:10.0812 5504 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
19:15:10.0812 5504 ALG - ok
19:15:10.0828 5504 ALIEHCD (c4591fbadbe5244494c53dcebf217bb6) C:\WINDOWS\system32\Drivers\ALIEHCI.sys
19:15:10.0828 5504 ALIEHCD - ok
19:15:10.0843 5504 alihub (96dc7e3935bbfd4ee530151b72f9aa67) C:\WINDOWS\system32\DRIVERS\AliHub.sys
19:15:10.0843 5504 alihub - ok
19:15:10.0859 5504 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:15:10.0859 5504 AliIde - ok
19:15:10.0875 5504 aliroothub (8eb99ddd9217ea82f8b0a5a43b032781) C:\WINDOWS\system32\DRIVERS\AliRtHub.sys
19:15:10.0875 5504 aliroothub - ok
19:15:10.0953 5504 ALSysIO - ok
19:15:10.0984 5504 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:15:10.0984 5504 AmdK8 - ok
19:15:11.0000 5504 amsint - ok
19:15:11.0062 5504 AntiLog32 (306fc4d34e68b5ea31f7d3cb6e0eacc2) C:\Program Files\AntiLogger\AntiLog32.sys
19:15:11.0062 5504 AntiLog32 - ok
19:15:11.0109 5504 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:15:11.0109 5504 ApfiltrService - ok
19:15:11.0140 5504 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
19:15:11.0140 5504 AppMgmt - ok
19:15:11.0171 5504 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:15:11.0171 5504 Arp1394 - ok
19:15:11.0187 5504 asc - ok
19:15:11.0203 5504 asc3350p - ok
19:15:11.0218 5504 asc3550 - ok
19:15:11.0296 5504 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:15:11.0296 5504 aspnet_state - ok
19:15:11.0312 5504 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
19:15:11.0312 5504 asusgsb - ok
19:15:11.0328 5504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:15:11.0328 5504 AsyncMac - ok
19:15:11.0359 5504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:15:11.0359 5504 atapi - ok
19:15:11.0375 5504 Atdisk - ok
19:15:11.0406 5504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:15:11.0406 5504 Atmarpc - ok
19:15:11.0437 5504 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
19:15:11.0437 5504 AudioSrv - ok
19:15:11.0468 5504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:15:11.0468 5504 audstub - ok
19:15:11.0531 5504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:15:11.0531 5504 Beep - ok
19:15:11.0656 5504 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
19:15:11.0671 5504 BHDrvx86 - ok
19:15:11.0703 5504 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
19:15:11.0718 5504 BITS - ok
19:15:11.0734 5504 catchme - ok
19:15:11.0750 5504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:15:11.0750 5504 cbidf2k - ok
19:15:11.0796 5504 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files\Cobian Backup 10\cbVSCService.exe
19:15:11.0796 5504 cbVSCService - ok
19:15:11.0828 5504 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:15:11.0828 5504 CCDECODE - ok
19:15:11.0921 5504 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1307000.009\ccSetx86.sys
19:15:11.0921 5504 ccSet_NAV - ok
19:15:11.0937 5504 cd20xrnt - ok
19:15:11.0968 5504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:15:11.0968 5504 Cdaudio - ok
19:15:11.0984 5504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:15:11.0984 5504 Cdfs - ok
19:15:12.0015 5504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:15:12.0015 5504 Cdrom - ok
19:15:12.0031 5504 Changer - ok
19:15:12.0062 5504 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
19:15:12.0062 5504 CiSvc - ok
19:15:12.0078 5504 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
19:15:12.0078 5504 ClipSrv - ok
19:15:12.0140 5504 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:12.0156 5504 clr_optimization_v2.0.50727_32 - ok
19:15:12.0171 5504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:15:12.0171 5504 clr_optimization_v4.0.30319_32 - ok
19:15:12.0312 5504 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:15:12.0328 5504 cmdAgent - ok
19:15:12.0421 5504 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:15:12.0421 5504 cmdGuard - ok
19:15:12.0453 5504 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:15:12.0453 5504 cmdHlp - ok
19:15:12.0468 5504 CmdIde - ok
19:15:12.0484 5504 COMSysApp - ok
19:15:12.0500 5504 Cpqarray - ok
19:15:12.0546 5504 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
19:15:12.0546 5504 CryptSvc - ok
19:15:12.0562 5504 dac2w2k - ok
19:15:12.0578 5504 dac960nt - ok
19:15:12.0625 5504 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
19:15:12.0625 5504 DcomLaunch - ok
19:15:12.0656 5504 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
19:15:12.0671 5504 Dhcp - ok
19:15:12.0687 5504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:15:12.0687 5504 Disk - ok
19:15:12.0703 5504 dmadmin - ok
19:15:12.0734 5504 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
19:15:12.0750 5504 dmboot - ok
19:15:12.0765 5504 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
19:15:12.0781 5504 dmio - ok
19:15:12.0796 5504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:15:12.0796 5504 dmload - ok
19:15:12.0812 5504 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
19:15:12.0828 5504 dmserver - ok
19:15:12.0843 5504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:15:12.0843 5504 DMusic - ok
19:15:12.0875 5504 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
19:15:12.0875 5504 Dnscache - ok
19:15:12.0906 5504 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
19:15:12.0921 5504 Dot3svc - ok
19:15:12.0921 5504 dpti2o - ok
19:15:13.0000 5504 DriveClone Network Client IBP (3058482e48d268a2606bff9b7ff5be08) C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe
19:15:13.0015 5504 DriveClone Network Client IBP - ok
19:15:13.0046 5504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:15:13.0046 5504 drmkaud - ok
19:15:13.0093 5504 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:15:13.0093 5504 dtsoftbus01 - ok
19:15:13.0125 5504 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
19:15:13.0125 5504 EapHost - ok
19:15:13.0156 5504 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
19:15:13.0156 5504 EaseUS Agent - ok
19:15:13.0203 5504 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:15:13.0203 5504 eeCtrl - ok
19:15:13.0234 5504 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
19:15:13.0234 5504 EIO - ok
19:15:13.0296 5504 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
19:15:13.0296 5504 epmntdrv - ok
19:15:13.0312 5504 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:15:13.0312 5504 EraserUtilRebootDrv - ok
19:15:13.0343 5504 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
19:15:13.0343 5504 ERSvc - ok
19:15:13.0375 5504 EUBAKUP (40f272bc66a4692c4e5a07008b3c428d) C:\WINDOWS\system32\drivers\eubakup.sys
19:15:13.0375 5504 EUBAKUP - ok
19:15:13.0390 5504 EUBKMON (d6dd9e76f2d084292d3a032aa7ce9aec) C:\WINDOWS\system32\drivers\EUBKMON.sys
19:15:13.0390 5504 EUBKMON - ok
19:15:13.0406 5504 EUDSKACS (b5a6d8ffb1be1ea333c96f8788c6a909) C:\WINDOWS\system32\drivers\eudskacs.sys
19:15:13.0406 5504 EUDSKACS - ok
19:15:13.0437 5504 EUFDDISK (a67bf5bb59c6c15fab47c771dbe00c20) C:\WINDOWS\system32\drivers\EuFdDisk.sys
19:15:13.0437 5504 EUFDDISK - ok
19:15:13.0453 5504 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
19:15:13.0468 5504 EuGdiDrv - ok
19:15:13.0500 5504 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:15:13.0500 5504 Eventlog - ok
19:15:13.0531 5504 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
19:15:13.0531 5504 EventSystem - ok
19:15:13.0578 5504 FARMNTIO (5d4bf387faed15e832d5b575478a500c) c:\windows\system32\drivers\farmntio.sys
19:15:13.0578 5504 FARMNTIO - ok
19:15:13.0609 5504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:15:13.0609 5504 Fastfat - ok
19:15:13.0656 5504 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:15:13.0656 5504 FastUserSwitchingCompatibility - ok
19:15:13.0671 5504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:15:13.0671 5504 Fdc - ok
19:15:13.0687 5504 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
19:15:13.0687 5504 Fips - ok
19:15:13.0718 5504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:15:13.0718 5504 Flpydisk - ok
19:15:13.0734 5504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:15:13.0734 5504 FltMgr - ok
19:15:13.0828 5504 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:15:13.0828 5504 FontCache3.0.0.0 - ok
19:15:13.0859 5504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:15:13.0859 5504 Fs_Rec - ok
19:15:13.0875 5504 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:15:13.0875 5504 Ftdisk - ok
19:15:13.0906 5504 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:15:13.0906 5504 gameenum - ok
19:15:13.0921 5504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:15:13.0921 5504 Gpc - ok
19:15:14.0031 5504 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
19:15:14.0031 5504 Guard Agent - ok
19:15:14.0062 5504 HCDisk (1f6ddb5a612edc26c4c792c8947dd3e6) C:\WINDOWS\system32\drivers\HCDisk.sys
19:15:14.0062 5504 HCDisk - ok
19:15:14.0109 5504 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
19:15:14.0109 5504 HdAudAddService - ok
19:15:14.0140 5504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:15:14.0156 5504 HDAudBus - ok
19:15:14.0218 5504 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:15:14.0218 5504 helpsvc - ok
19:15:14.0234 5504 HidServ - ok
19:15:14.0265 5504 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:15:14.0265 5504 HidUsb - ok
19:15:14.0296 5504 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
19:15:14.0296 5504 hkmsvc - ok
19:15:14.0312 5504 hpn - ok
19:15:14.0359 5504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:15:14.0359 5504 HTTP - ok
19:15:14.0375 5504 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
19:15:14.0375 5504 HTTPFilter - ok
19:15:14.0390 5504 i2omgmt - ok
19:15:14.0406 5504 i2omp - ok
19:15:14.0437 5504 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:15:14.0437 5504 i8042prt - ok
19:15:14.0500 5504 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:15:14.0500 5504 IDriverT - ok
19:15:14.0578 5504 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:15:14.0593 5504 idsvc - ok
19:15:14.0703 5504 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSxpx86.sys
19:15:14.0718 5504 IDSxpx86 - ok
19:15:14.0781 5504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:15:14.0781 5504 Imapi - ok
19:15:14.0828 5504 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
19:15:14.0828 5504 ImapiService - ok
19:15:14.0843 5504 ini910u - ok
19:15:14.0890 5504 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
19:15:14.0890 5504 Inspect - ok
19:15:14.0906 5504 IntelIde - ok
19:15:14.0906 5504 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:15:14.0921 5504 ip6fw - ok
19:15:14.0953 5504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:15:14.0953 5504 IpFilterDriver - ok
19:15:14.0953 5504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:15:14.0968 5504 IpInIp - ok
19:15:14.0984 5504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:15:15.0000 5504 IpNat - ok
19:15:15.0031 5504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:15:15.0031 5504 IPSec - ok
19:15:15.0046 5504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:15:15.0062 5504 IRENUM - ok
19:15:15.0078 5504 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:15:15.0078 5504 isapnp - ok
19:15:15.0171 5504 JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Program Files\Java\jre7\bin\jqs.exe
19:15:15.0187 5504 JavaQuickStarterService - ok
19:15:15.0203 5504 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:15:15.0203 5504 Kbdclass - ok
19:15:15.0250 5504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:15:15.0250 5504 kmixer - ok
19:15:15.0281 5504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:15:15.0281 5504 KSecDD - ok
19:15:15.0312 5504 L8042Kbd (3c342af6b920d37fd9155877af2b4b4e) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
19:15:15.0312 5504 L8042Kbd - ok
19:15:15.0328 5504 lbrtfdc - ok
19:15:15.0359 5504 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
19:15:15.0359 5504 LmHosts - ok
19:15:15.0390 5504 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys
19:15:15.0390 5504 m5288 - ok
19:15:15.0437 5504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:15:15.0437 5504 mnmdd - ok
19:15:15.0453 5504 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
19:15:15.0453 5504 mnmsrvc - ok
19:15:15.0484 5504 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
19:15:15.0484 5504 Modem - ok
19:15:15.0500 5504 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:15:15.0515 5504 Mouclass - ok
19:15:15.0531 5504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:15:15.0531 5504 MountMgr - ok
19:15:15.0531 5504 mraid35x - ok
19:15:15.0562 5504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:15:15.0562 5504 MRxDAV - ok
19:15:15.0593 5504 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
19:15:15.0593 5504 MSDTC - ok
19:15:15.0609 5504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:15:15.0609 5504 Msfs - ok
19:15:15.0625 5504 MSIServer - ok
19:15:15.0640 5504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:15:15.0640 5504 MSKSSRV - ok
19:15:15.0656 5504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:15:15.0656 5504 MSPCLOCK - ok
19:15:15.0671 5504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:15:15.0671 5504 MSPQM - ok
19:15:15.0687 5504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:15:15.0687 5504 mssmbios - ok
19:15:15.0703 5504 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:15:15.0703 5504 MSTEE - ok
19:15:15.0734 5504 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
19:15:15.0734 5504 ms_mpu401 - ok
19:15:15.0765 5504 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:15:15.0765 5504 MTsensor - ok
19:15:15.0796 5504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:15:15.0796 5504 Mup - ok
19:15:15.0812 5504 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:15:15.0812 5504 NABTSFEC - ok
19:15:15.0875 5504 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
19:15:15.0875 5504 napagent - ok
19:15:16.0015 5504 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
19:15:16.0015 5504 NAV - ok
19:15:16.0109 5504 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120424.035\NAVENG.SYS
19:15:16.0109 5504 NAVENG - ok
19:15:16.0171 5504 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120424.035\NAVEX15.SYS
19:15:16.0203 5504 NAVEX15 - ok
19:15:16.0296 5504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:15:16.0296 5504 NDIS - ok
19:15:16.0328 5504 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:15:16.0328 5504 NdisIP - ok
19:15:16.0359 5504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:15:16.0359 5504 NdisTapi - ok
19:15:16.0375 5504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:15:16.0375 5504 Ndisuio - ok
19:15:16.0390 5504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:15:16.0390 5504 NdisWan - ok
19:15:16.0453 5504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:15:16.0453 5504 NDProxy - ok
19:15:16.0468 5504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:15:16.0468 5504 NetBT - ok
19:15:16.0515 5504 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:15:16.0515 5504 NetDDE - ok
19:15:16.0531 5504 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:15:16.0531 5504 NetDDEdsdm - ok
19:15:16.0562 5504 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
19:15:16.0578 5504 Netman - ok
19:15:16.0656 5504 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:15:16.0671 5504 NetTcpPortSharing - ok
19:15:16.0687 5504 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:15:16.0687 5504 NIC1394 - ok
19:15:16.0890 5504 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
19:15:16.0890 5504 Nla - ok
19:15:16.0968 5504 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:15:16.0984 5504 nmwcd - ok
19:15:17.0031 5504 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:15:17.0031 5504 nmwcdc - ok
19:15:17.0125 5504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:15:17.0125 5504 Npfs - ok
19:15:17.0609 5504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:15:17.0609 5504 Ntfs - ok
19:15:18.0046 5504 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
19:15:18.0046 5504 NtmsSvc - ok
19:15:18.0093 5504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:15:18.0093 5504 Null - ok
19:15:20.0281 5504 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:15:20.0453 5504 nv - ok
19:15:20.0562 5504 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
19:15:20.0609 5504 NVSvc - ok
19:15:20.0734 5504 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:15:20.0812 5504 nvUpdatusService - ok
19:15:20.0875 5504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:15:20.0875 5504 NwlnkFlt - ok
19:15:20.0890 5504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:15:20.0906 5504 NwlnkFwd - ok
19:15:20.0953 5504 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:15:20.0953 5504 ohci1394 - ok
19:15:20.0968 5504 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
19:15:20.0968 5504 Parport - ok
19:15:20.0984 5504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:15:20.0984 5504 PartMgr - ok
19:15:21.0062 5504 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
19:15:21.0062 5504 ParVdm - ok
19:15:21.0093 5504 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:15:21.0093 5504 pccsmcfd - ok
19:15:21.0109 5504 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
19:15:21.0109 5504 PCI - ok
19:15:21.0125 5504 PCIDump - ok
19:15:21.0140 5504 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:15:21.0140 5504 PCIIde - ok
19:15:21.0156 5504 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:15:21.0156 5504 Pcmcia - ok
19:15:21.0171 5504 PDCOMP - ok
19:15:21.0187 5504 PDFRAME - ok
19:15:21.0203 5504 PDRELI - ok
19:15:21.0218 5504 PDRFRAME - ok
19:15:21.0234 5504 perc2 - ok
19:15:21.0234 5504 perc2hib - ok
19:15:21.0296 5504 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:15:21.0312 5504 PlugPlay - ok
19:15:21.0343 5504 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:15:21.0343 5504 PolicyAgent - ok
19:15:21.0375 5504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:15:21.0375 5504 PptpMiniport - ok
19:15:21.0406 5504 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
19:15:21.0406 5504 Processor - ok
19:15:21.0406 5504 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:15:21.0421 5504 ProtectedStorage - ok
19:15:21.0437 5504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:15:21.0437 5504 Ptilink - ok
19:15:21.0453 5504 ql1080 - ok
19:15:21.0468 5504 Ql10wnt - ok
19:15:21.0484 5504 ql12160 - ok
19:15:21.0484 5504 ql1240 - ok
19:15:21.0500 5504 ql1280 - ok
19:15:21.0531 5504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:15:21.0531 5504 RasAcd - ok
19:15:21.0562 5504 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
19:15:21.0562 5504 RasAuto - ok
19:15:21.0593 5504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:15:21.0593 5504 Rasl2tp - ok
19:15:21.0609 5504 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
19:15:21.0625 5504 RasMan - ok
19:15:21.0640 5504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:15:21.0640 5504 RasPppoe - ok
19:15:21.0656 5504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:15:21.0656 5504 Raspti - ok
19:15:21.0671 5504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:15:21.0671 5504 RDPCDD - ok
19:15:21.0687 5504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:15:21.0703 5504 rdpdr - ok
19:15:21.0734 5504 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:15:21.0734 5504 RDPWD - ok
19:15:21.0765 5504 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
19:15:21.0765 5504 RDSessMgr - ok
19:15:21.0796 5504 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:15:21.0796 5504 redbook - ok
19:15:21.0828 5504 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
19:15:21.0828 5504 RemoteAccess - ok
19:15:21.0859 5504 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
19:15:21.0859 5504 RemoteRegistry - ok
19:15:21.0890 5504 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
19:15:21.0906 5504 RpcSs - ok
19:15:21.0937 5504 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
19:15:21.0937 5504 RSVP - ok
19:15:21.0968 5504 RTL8023xp (f7a8c9024e82534cec50613d87e88645) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:15:21.0968 5504 RTL8023xp - ok
19:15:21.0984 5504 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:15:21.0984 5504 rtl8139 - ok
19:15:22.0015 5504 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:15:22.0015 5504 SamSs - ok
19:15:22.0093 5504 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:15:22.0093 5504 SASDIFSV - ok
19:15:22.0109 5504 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:15:22.0109 5504 SASKUTIL - ok
19:15:22.0140 5504 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
19:15:22.0140 5504 SCardSvr - ok
19:15:22.0187 5504 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
19:15:22.0187 5504 Schedule - ok
19:15:22.0234 5504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:15:22.0234 5504 Secdrv - ok
19:15:22.0250 5504 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
19:15:22.0250 5504 seclogon - ok
19:15:22.0281 5504 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
19:15:22.0296 5504 SenFiltService - ok
19:15:22.0328 5504 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
19:15:22.0328 5504 SENS - ok
19:15:22.0343 5504 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:15:22.0343 5504 serenum - ok
19:15:22.0359 5504 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
19:15:22.0359 5504 Serial - ok
19:15:22.0421 5504 ServiceLayer (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:15:22.0421 5504 ServiceLayer - ok
19:15:22.0484 5504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:15:22.0484 5504 Sfloppy - ok
19:15:22.0546 5504 SgtSch2Svc (8cb1b48f6f1e1e6375301808ff2be49f) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
19:15:22.0562 5504 SgtSch2Svc - ok
19:15:22.0593 5504 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
19:15:22.0609 5504 SharedAccess - ok
19:15:22.0656 5504 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:15:22.0656 5504 ShellHWDetection - ok
19:15:22.0671 5504 Simbad - ok
19:15:22.0718 5504 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
19:15:22.0734 5504 SkypeUpdate - ok
19:15:22.0765 5504 SLEE_17_DRIVER (eaca11d07d7e74d72b913089b75b1416) C:\WINDOWS\system32\drivers\Sleen17.sys
19:15:22.0765 5504 SLEE_17_DRIVER - ok
19:15:22.0781 5504 slicedisk.sys - ok
19:15:22.0812 5504 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:15:22.0812 5504 SLIP - ok
19:15:22.0859 5504 snapman (85bada660d57bc5aef52b11cabd6d8f9) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:15:22.0859 5504 snapman - ok
19:15:22.0875 5504 Sparrow - ok
19:15:22.0890 5504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:15:22.0890 5504 splitter - ok
19:15:22.0921 5504 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:15:22.0921 5504 Spooler - ok
19:15:22.0953 5504 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
19:15:22.0953 5504 sr - ok
19:15:22.0984 5504 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
19:15:22.0984 5504 srservice - ok
19:15:23.0062 5504 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SRTSP.SYS
19:15:23.0062 5504 SRTSP - ok
19:15:23.0078 5504 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NAV\1307000.009\SRTSPX.SYS
19:15:23.0093 5504 SRTSPX - ok
19:15:23.0125 5504 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
19:15:23.0125 5504 SSDPSRV - ok
19:15:23.0156 5504 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
19:15:23.0171 5504 stisvc - ok
19:15:23.0187 5504 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:15:23.0187 5504 streamip - ok
19:15:23.0218 5504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:15:23.0218 5504 swenum - ok
19:15:23.0250 5504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:15:23.0250 5504 swmidi - ok
19:15:23.0265 5504 SwPrv - ok
19:15:23.0281 5504 symc810 - ok
19:15:23.0296 5504 symc8xx - ok
19:15:23.0328 5504 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMDS.SYS
19:15:23.0343 5504 SymDS - ok
19:15:23.0390 5504 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMEFA.SYS
19:15:23.0406 5504 SymEFA - ok
19:15:23.0437 5504 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:15:23.0437 5504 SymEvent - ok
19:15:23.0484 5504 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1307000.009\Ironx86.SYS
19:15:23.0484 5504 SymIRON - ok
19:15:23.0515 5504 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SYMTDI.SYS
19:15:23.0515 5504 SYMTDI - ok
19:15:23.0531 5504 sym_hi - ok
19:15:23.0546 5504 sym_u3 - ok
19:15:23.0578 5504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:15:23.0578 5504 sysaudio - ok
19:15:23.0609 5504 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
19:15:23.0609 5504 SysmonLog - ok
19:15:23.0656 5504 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys
19:15:23.0656 5504 tap0901 - ok
19:15:23.0687 5504 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
19:15:23.0687 5504 taphss - ok
19:15:23.0718 5504 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
19:15:23.0718 5504 TapiSrv - ok
19:15:23.0750 5504 tapoas (827c8058c284ff0013e4462efe2591a3) C:\WINDOWS\system32\DRIVERS\tapoas.sys
19:15:23.0750 5504 tapoas - ok
19:15:23.0796 5504 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:15:23.0796 5504 Tcpip - ok
19:15:23.0828 5504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:15:23.0828 5504 TDPIPE - ok
19:15:23.0875 5504 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
19:15:23.0875 5504 tdrpman - ok
19:15:23.0906 5504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:15:23.0906 5504 TDTCP - ok
19:15:23.0937 5504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:15:23.0937 5504 TermDD - ok
19:15:23.0968 5504 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
19:15:23.0968 5504 TermService - ok
19:15:24.0015 5504 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:15:24.0015 5504 Themes - ok
19:15:24.0046 5504 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:15:24.0046 5504 tifsfilter - ok
19:15:24.0093 5504 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:15:24.0093 5504 timounter - ok
19:15:24.0156 5504 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\System32\tlntsvr.exe
19:15:24.0156 5504 TlntSvr - ok
19:15:24.0171 5504 TosIde - ok
19:15:24.0203 5504 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
19:15:24.0203 5504 TrkWks - ok
19:15:24.0218 5504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:15:24.0234 5504 Udfs - ok
19:15:24.0250 5504 UimBus (0a1822d12cf103633893caf9cae4e69d) C:\WINDOWS\system32\DRIVERS\UimBus.sys
19:15:24.0250 5504 UimBus - ok
19:15:24.0281 5504 Uim_IM (42f7398a76d279e0f63fc600920ab90c) C:\WINDOWS\system32\Drivers\Uim_IM.sys
19:15:24.0296 5504 Uim_IM - ok
19:15:24.0312 5504 Uim_Vim (48ad04132fcac71e0eec3de5fb22d66e) C:\WINDOWS\system32\Drivers\Uim_Vim.sys
19:15:24.0328 5504 Uim_Vim - ok
19:15:24.0328 5504 ultra - ok
19:15:24.0359 5504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:15:24.0359 5504 Update - ok
19:15:24.0390 5504 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
19:15:24.0390 5504 upnphost - ok
19:15:24.0421 5504 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:15:24.0421 5504 upperdev - ok
19:15:24.0453 5504 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
19:15:24.0453 5504 UPS - ok
19:15:24.0468 5504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:15:24.0468 5504 usbehci - ok
19:15:24.0500 5504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:15:24.0500 5504 usbhub - ok
19:15:24.0531 5504 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:15:24.0531 5504 usbohci - ok
19:15:24.0562 5504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:15:24.0562 5504 usbscan - ok
19:15:24.0593 5504 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
19:15:24.0593 5504 usbser - ok
19:15:24.0625 5504 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:15:24.0625 5504 UsbserFilt - ok
19:15:24.0640 5504 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:15:24.0640 5504 usbstor - ok
19:15:24.0687 5504 VBoxNetAdp (226cd9e42be28a84ec56430fbb57224f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
19:15:24.0687 5504 VBoxNetAdp - ok
19:15:24.0703 5504 VBoxNetFlt - ok
19:15:24.0734 5504 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
19:15:24.0734 5504 VCSVADHWSer - ok
19:15:24.0781 5504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:15:24.0781 5504 VgaSave - ok
19:15:24.0796 5504 ViaIde - ok
19:15:24.0812 5504 Video3D - ok
19:15:24.0843 5504 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
19:15:24.0843 5504 VolSnap - ok
19:15:24.0890 5504 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
19:15:24.0890 5504 VSS - ok
19:15:24.0906 5504 VVBackd5 (6609b7500dd575d8e0f3aff3dab2a5db) C:\WINDOWS\system32\drivers\VVBackd5.sys
19:15:24.0921 5504 VVBackd5 - ok
19:15:24.0953 5504 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
19:15:24.0953 5504 W32Time - ok
19:15:24.0984 5504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:15:24.0984 5504 Wanarp - ok
19:15:25.0031 5504 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:15:25.0046 5504 Wdf01000 - ok
19:15:25.0062 5504 WDICA - ok
19:15:25.0093 5504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:15:25.0093 5504 wdmaud - ok
19:15:25.0125 5504 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
19:15:25.0125 5504 WebClient - ok
19:15:25.0203 5504 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:15:25.0203 5504 winmgmt - ok
19:15:25.0250 5504 WmdmPmSN (6199b2ae3f9db9cb6db230471a1dc601) C:\WINDOWS\System32\mspmsnsv.dll
19:15:25.0250 5504 WmdmPmSN - ok
19:15:25.0312 5504 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
19:15:25.0312 5504 Wmi - ok
19:15:25.0343 5504 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:15:25.0343 5504 WmiApSrv - ok
19:15:25.0437 5504 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:15:25.0437 5504 WPFFontCache_v0400 - ok
19:15:25.0484 5504 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:15:25.0484 5504 WS2IFSL - ok
19:15:25.0531 5504 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
19:15:25.0531 5504 wscsvc - ok
19:15:25.0562 5504 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:15:25.0562 5504 WSTCODEC - ok
19:15:25.0578 5504 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
19:15:25.0578 5504 wuauserv - ok
19:15:25.0640 5504 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
19:15:25.0640 5504 WZCSVC - ok
19:15:25.0671 5504 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
19:15:25.0671 5504 xmlprov - ok
19:15:25.0703 5504 yukonwxp (87f126d0f8dc176b282924df0417075e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:15:25.0718 5504 yukonwxp - ok
19:15:25.0781 5504 MBR (0x1B8) (5b158caa031a0d98a796ea0923b8c3e6) \Device\Harddisk0\DR0
19:15:25.0796 5504 \Device\Harddisk0\DR0 - ok
19:15:25.0812 5504 MBR (0x1B8) (10ae9eb13951b8e206480773f877a330) \Device\Harddisk1\DR1
19:15:25.0828 5504 \Device\Harddisk1\DR1 - ok
19:15:25.0843 5504 MBR (0x1B8) (de83356bc6a0e023d03551d114adc73e) \Device\Harddisk2\DR2
19:15:25.0906 5504 \Device\Harddisk2\DR2 - ok
19:15:25.0906 5504 Boot (0x1200) (029b0c0dd4ed467b798933a755cb72a7) \Device\Harddisk0\DR0\Partition0
19:15:25.0906 5504 \Device\Harddisk0\DR0\Partition0 - ok
19:15:25.0953 5504 Boot (0x1200) (2d2dfe213d7a94f476ff4766dc9e0285) \Device\Harddisk0\DR0\Partition1
19:15:25.0953 5504 \Device\Harddisk0\DR0\Partition1 - ok
19:15:25.0953 5504 Boot (0x1200) (1448eda2e10f3643549902c88c36c9d2) \Device\Harddisk1\DR1\Partition0
19:15:25.0953 5504 \Device\Harddisk1\DR1\Partition0 - ok
19:15:25.0968 5504 Boot (0x1200) (517775648974438e8574266eedf6b6ac) \Device\Harddisk2\DR2\Partition0
19:15:25.0968 5504 \Device\Harddisk2\DR2\Partition0 - ok
19:15:25.0984 5504 Boot (0x1200) (69b0278ebb080e0fac1ed5fbaf631a7a) \Device\Harddisk2\DR2\Partition1
19:15:26.0000 5504 \Device\Harddisk2\DR2\Partition1 - ok
19:15:26.0000 5504 ============================================================
19:15:26.0000 5504 Scan finished
19:15:26.0000 5504 ============================================================
19:15:26.0015 5752 Detected object count: 0
19:15:26.0015 5752 Actual detected object count: 0
19:14:48.0937 5192 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:14:49.0015 5192 ============================================================
19:14:49.0015 5192 Current date / time: 2012/04/26 19:14:49.0015
19:14:49.0015 5192 SystemInfo:
19:14:49.0015 5192
19:14:49.0015 5192 OS Version: 5.1.2600 ServicePack: 3.0
19:14:49.0015 5192 Product type: Workstation
19:14:49.0015 5192 ComputerName: JA
19:14:49.0031 5192 UserName: dom
19:14:49.0031 5192 Windows directory: C:\WINDOWS
19:14:49.0031 5192 System windows directory: C:\WINDOWS
19:14:49.0031 5192 Processor architecture: Intel x86
19:14:49.0031 5192 Number of processors: 1
19:14:49.0031 5192 Page size: 0x1000
19:14:49.0031 5192 Boot type: Normal boot
19:14:49.0031 5192 ============================================================
19:14:50.0203 5192 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x11B2C, SectorsPerTrack: 0x21, TracksPerCylinder: 0x62, Type 'K0', Flags 0x00000054
19:14:50.0218 5192 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25A00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
19:14:50.0234 5192 Drive \Device\Harddisk2\DR2 - Size: 0x7470C05C00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
19:14:50.0250 5192 ============================================================
19:14:50.0250 5192 \Device\Harddisk0\DR0:
19:14:50.0250 5192 MBR partitions:
19:14:50.0265 5192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xCC3, BlocksNum 0xA4ED9C5
19:14:50.0296 5192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDF93000, BlocksNum 0x1000
19:14:50.0296 5192 \Device\Harddisk1\DR1:
19:14:50.0312 5192 MBR partitions:
19:14:50.0312 5192 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
19:14:50.0312 5192 \Device\Harddisk2\DR2:
19:14:50.0312 5192 MBR partitions:
19:14:50.0312 5192 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8185947
19:14:50.0328 5192 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x81859C5, BlocksNum 0x321FF27C
19:14:50.0328 5192 ============================================================
19:14:50.0359 5192 C: <-> \Device\Harddisk2\DR2\Partition0
19:14:50.0359 5192 H: <-> \Device\Harddisk1\DR1\Partition0
19:14:50.0390 5192 E: <-> \Device\Harddisk0\DR0\Partition0
19:14:50.0390 5192 D: <-> \Device\Harddisk2\DR2\Partition1
19:14:50.0421 5192 G: <-> \Device\Harddisk0\DR0\Partition1
19:14:50.0421 5192 ============================================================
19:14:50.0421 5192 Initialize success
19:14:50.0421 5192 ============================================================
19:15:09.0984 5504 ============================================================
19:15:09.0984 5504 Scan started
19:15:09.0984 5504 Mode: Manual;
19:15:09.0984 5504 ============================================================
19:15:10.0328 5504 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:15:10.0328 5504 !SASCORE - ok
19:15:10.0406 5504 Abiosdsk - ok
19:15:10.0421 5504 abp480n5 - ok
19:15:10.0453 5504 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:15:10.0468 5504 ACPI - ok
19:15:10.0500 5504 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:15:10.0500 5504 ACPIEC - ok
19:15:10.0546 5504 ADIHdAudAddService (23f78687cbf3972704650a799420bfa8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:15:10.0562 5504 ADIHdAudAddService - ok
19:15:10.0625 5504 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:15:10.0625 5504 AdobeFlashPlayerUpdateSvc - ok
19:15:10.0640 5504 adpu160m - ok
19:15:10.0656 5504 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\WINDOWS\system32\AEADISRV.EXE
19:15:10.0656 5504 AEADIFilters - ok
19:15:10.0687 5504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:15:10.0687 5504 aec - ok
19:15:10.0734 5504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:15:10.0734 5504 AFD - ok
19:15:10.0750 5504 Aha154x - ok
19:15:10.0765 5504 aic78u2 - ok
19:15:10.0765 5504 aic78xx - ok
19:15:10.0812 5504 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
19:15:10.0812 5504 ALG - ok
19:15:10.0828 5504 ALIEHCD (c4591fbadbe5244494c53dcebf217bb6) C:\WINDOWS\system32\Drivers\ALIEHCI.sys
19:15:10.0828 5504 ALIEHCD - ok
19:15:10.0843 5504 alihub (96dc7e3935bbfd4ee530151b72f9aa67) C:\WINDOWS\system32\DRIVERS\AliHub.sys
19:15:10.0843 5504 alihub - ok
19:15:10.0859 5504 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:15:10.0859 5504 AliIde - ok
19:15:10.0875 5504 aliroothub (8eb99ddd9217ea82f8b0a5a43b032781) C:\WINDOWS\system32\DRIVERS\AliRtHub.sys
19:15:10.0875 5504 aliroothub - ok
19:15:10.0953 5504 ALSysIO - ok
19:15:10.0984 5504 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:15:10.0984 5504 AmdK8 - ok
19:15:11.0000 5504 amsint - ok
19:15:11.0062 5504 AntiLog32 (306fc4d34e68b5ea31f7d3cb6e0eacc2) C:\Program Files\AntiLogger\AntiLog32.sys
19:15:11.0062 5504 AntiLog32 - ok
19:15:11.0109 5504 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:15:11.0109 5504 ApfiltrService - ok
19:15:11.0140 5504 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
19:15:11.0140 5504 AppMgmt - ok
19:15:11.0171 5504 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:15:11.0171 5504 Arp1394 - ok
19:15:11.0187 5504 asc - ok
19:15:11.0203 5504 asc3350p - ok
19:15:11.0218 5504 asc3550 - ok
19:15:11.0296 5504 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:15:11.0296 5504 aspnet_state - ok
19:15:11.0312 5504 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
19:15:11.0312 5504 asusgsb - ok
19:15:11.0328 5504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:15:11.0328 5504 AsyncMac - ok
19:15:11.0359 5504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:15:11.0359 5504 atapi - ok
19:15:11.0375 5504 Atdisk - ok
19:15:11.0406 5504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:15:11.0406 5504 Atmarpc - ok
19:15:11.0437 5504 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
19:15:11.0437 5504 AudioSrv - ok
19:15:11.0468 5504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:15:11.0468 5504 audstub - ok
19:15:11.0531 5504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:15:11.0531 5504 Beep - ok
19:15:11.0656 5504 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
19:15:11.0671 5504 BHDrvx86 - ok
19:15:11.0703 5504 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
19:15:11.0718 5504 BITS - ok
19:15:11.0734 5504 catchme - ok
19:15:11.0750 5504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:15:11.0750 5504 cbidf2k - ok
19:15:11.0796 5504 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files\Cobian Backup 10\cbVSCService.exe
19:15:11.0796 5504 cbVSCService - ok
19:15:11.0828 5504 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:15:11.0828 5504 CCDECODE - ok
19:15:11.0921 5504 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1307000.009\ccSetx86.sys
19:15:11.0921 5504 ccSet_NAV - ok
19:15:11.0937 5504 cd20xrnt - ok
19:15:11.0968 5504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:15:11.0968 5504 Cdaudio - ok
19:15:11.0984 5504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:15:11.0984 5504 Cdfs - ok
19:15:12.0015 5504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:15:12.0015 5504 Cdrom - ok
19:15:12.0031 5504 Changer - ok
19:15:12.0062 5504 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
19:15:12.0062 5504 CiSvc - ok
19:15:12.0078 5504 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
19:15:12.0078 5504 ClipSrv - ok
19:15:12.0140 5504 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:12.0156 5504 clr_optimization_v2.0.50727_32 - ok
19:15:12.0171 5504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:15:12.0171 5504 clr_optimization_v4.0.30319_32 - ok
19:15:12.0312 5504 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:15:12.0328 5504 cmdAgent - ok
19:15:12.0421 5504 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:15:12.0421 5504 cmdGuard - ok
19:15:12.0453 5504 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:15:12.0453 5504 cmdHlp - ok
19:15:12.0468 5504 CmdIde - ok
19:15:12.0484 5504 COMSysApp - ok
19:15:12.0500 5504 Cpqarray - ok
19:15:12.0546 5504 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
19:15:12.0546 5504 CryptSvc - ok
19:15:12.0562 5504 dac2w2k - ok
19:15:12.0578 5504 dac960nt - ok
19:15:12.0625 5504 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
19:15:12.0625 5504 DcomLaunch - ok
19:15:12.0656 5504 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
19:15:12.0671 5504 Dhcp - ok
19:15:12.0687 5504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:15:12.0687 5504 Disk - ok
19:15:12.0703 5504 dmadmin - ok
19:15:12.0734 5504 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
19:15:12.0750 5504 dmboot - ok
19:15:12.0765 5504 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
19:15:12.0781 5504 dmio - ok
19:15:12.0796 5504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:15:12.0796 5504 dmload - ok
19:15:12.0812 5504 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
19:15:12.0828 5504 dmserver - ok
19:15:12.0843 5504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:15:12.0843 5504 DMusic - ok
19:15:12.0875 5504 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
19:15:12.0875 5504 Dnscache - ok
19:15:12.0906 5504 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
19:15:12.0921 5504 Dot3svc - ok
19:15:12.0921 5504 dpti2o - ok
19:15:13.0000 5504 DriveClone Network Client IBP (3058482e48d268a2606bff9b7ff5be08) C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe
19:15:13.0015 5504 DriveClone Network Client IBP - ok
19:15:13.0046 5504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:15:13.0046 5504 drmkaud - ok
19:15:13.0093 5504 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:15:13.0093 5504 dtsoftbus01 - ok
19:15:13.0125 5504 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
19:15:13.0125 5504 EapHost - ok
19:15:13.0156 5504 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
19:15:13.0156 5504 EaseUS Agent - ok
19:15:13.0203 5504 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:15:13.0203 5504 eeCtrl - ok
19:15:13.0234 5504 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
19:15:13.0234 5504 EIO - ok
19:15:13.0296 5504 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
19:15:13.0296 5504 epmntdrv - ok
19:15:13.0312 5504 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:15:13.0312 5504 EraserUtilRebootDrv - ok
19:15:13.0343 5504 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
19:15:13.0343 5504 ERSvc - ok
19:15:13.0375 5504 EUBAKUP (40f272bc66a4692c4e5a07008b3c428d) C:\WINDOWS\system32\drivers\eubakup.sys
19:15:13.0375 5504 EUBAKUP - ok
19:15:13.0390 5504 EUBKMON (d6dd9e76f2d084292d3a032aa7ce9aec) C:\WINDOWS\system32\drivers\EUBKMON.sys
19:15:13.0390 5504 EUBKMON - ok
19:15:13.0406 5504 EUDSKACS (b5a6d8ffb1be1ea333c96f8788c6a909) C:\WINDOWS\system32\drivers\eudskacs.sys
19:15:13.0406 5504 EUDSKACS - ok
19:15:13.0437 5504 EUFDDISK (a67bf5bb59c6c15fab47c771dbe00c20) C:\WINDOWS\system32\drivers\EuFdDisk.sys
19:15:13.0437 5504 EUFDDISK - ok
19:15:13.0453 5504 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
19:15:13.0468 5504 EuGdiDrv - ok
19:15:13.0500 5504 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:15:13.0500 5504 Eventlog - ok
19:15:13.0531 5504 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
19:15:13.0531 5504 EventSystem - ok
19:15:13.0578 5504 FARMNTIO (5d4bf387faed15e832d5b575478a500c) c:\windows\system32\drivers\farmntio.sys
19:15:13.0578 5504 FARMNTIO - ok
19:15:13.0609 5504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:15:13.0609 5504 Fastfat - ok
19:15:13.0656 5504 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:15:13.0656 5504 FastUserSwitchingCompatibility - ok
19:15:13.0671 5504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:15:13.0671 5504 Fdc - ok
19:15:13.0687 5504 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
19:15:13.0687 5504 Fips - ok
19:15:13.0718 5504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:15:13.0718 5504 Flpydisk - ok
19:15:13.0734 5504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:15:13.0734 5504 FltMgr - ok
19:15:13.0828 5504 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:15:13.0828 5504 FontCache3.0.0.0 - ok
19:15:13.0859 5504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:15:13.0859 5504 Fs_Rec - ok
19:15:13.0875 5504 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:15:13.0875 5504 Ftdisk - ok
19:15:13.0906 5504 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:15:13.0906 5504 gameenum - ok
19:15:13.0921 5504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:15:13.0921 5504 Gpc - ok
19:15:14.0031 5504 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
19:15:14.0031 5504 Guard Agent - ok
19:15:14.0062 5504 HCDisk (1f6ddb5a612edc26c4c792c8947dd3e6) C:\WINDOWS\system32\drivers\HCDisk.sys
19:15:14.0062 5504 HCDisk - ok
19:15:14.0109 5504 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
19:15:14.0109 5504 HdAudAddService - ok
19:15:14.0140 5504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:15:14.0156 5504 HDAudBus - ok
19:15:14.0218 5504 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:15:14.0218 5504 helpsvc - ok
19:15:14.0234 5504 HidServ - ok
19:15:14.0265 5504 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:15:14.0265 5504 HidUsb - ok
19:15:14.0296 5504 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
19:15:14.0296 5504 hkmsvc - ok
19:15:14.0312 5504 hpn - ok
19:15:14.0359 5504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:15:14.0359 5504 HTTP - ok
19:15:14.0375 5504 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
19:15:14.0375 5504 HTTPFilter - ok
19:15:14.0390 5504 i2omgmt - ok
19:15:14.0406 5504 i2omp - ok
19:15:14.0437 5504 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:15:14.0437 5504 i8042prt - ok
19:15:14.0500 5504 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:15:14.0500 5504 IDriverT - ok
19:15:14.0578 5504 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:15:14.0593 5504 idsvc - ok
19:15:14.0703 5504 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120424.001\IDSxpx86.sys
19:15:14.0718 5504 IDSxpx86 - ok
19:15:14.0781 5504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:15:14.0781 5504 Imapi - ok
19:15:14.0828 5504 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
19:15:14.0828 5504 ImapiService - ok
19:15:14.0843 5504 ini910u - ok
19:15:14.0890 5504 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
19:15:14.0890 5504 Inspect - ok
19:15:14.0906 5504 IntelIde - ok
19:15:14.0906 5504 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:15:14.0921 5504 ip6fw - ok
19:15:14.0953 5504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:15:14.0953 5504 IpFilterDriver - ok
19:15:14.0953 5504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:15:14.0968 5504 IpInIp - ok
19:15:14.0984 5504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:15:15.0000 5504 IpNat - ok
19:15:15.0031 5504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:15:15.0031 5504 IPSec - ok
19:15:15.0046 5504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:15:15.0062 5504 IRENUM - ok
19:15:15.0078 5504 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:15:15.0078 5504 isapnp - ok
19:15:15.0171 5504 JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Program Files\Java\jre7\bin\jqs.exe
19:15:15.0187 5504 JavaQuickStarterService - ok
19:15:15.0203 5504 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:15:15.0203 5504 Kbdclass - ok
19:15:15.0250 5504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:15:15.0250 5504 kmixer - ok
19:15:15.0281 5504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:15:15.0281 5504 KSecDD - ok
19:15:15.0312 5504 L8042Kbd (3c342af6b920d37fd9155877af2b4b4e) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
19:15:15.0312 5504 L8042Kbd - ok
19:15:15.0328 5504 lbrtfdc - ok
19:15:15.0359 5504 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
19:15:15.0359 5504 LmHosts - ok
19:15:15.0390 5504 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys
19:15:15.0390 5504 m5288 - ok
19:15:15.0437 5504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:15:15.0437 5504 mnmdd - ok
19:15:15.0453 5504 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
19:15:15.0453 5504 mnmsrvc - ok
19:15:15.0484 5504 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
19:15:15.0484 5504 Modem - ok
19:15:15.0500 5504 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:15:15.0515 5504 Mouclass - ok
19:15:15.0531 5504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:15:15.0531 5504 MountMgr - ok
19:15:15.0531 5504 mraid35x - ok
19:15:15.0562 5504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:15:15.0562 5504 MRxDAV - ok
19:15:15.0593 5504 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
19:15:15.0593 5504 MSDTC - ok
19:15:15.0609 5504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:15:15.0609 5504 Msfs - ok
19:15:15.0625 5504 MSIServer - ok
19:15:15.0640 5504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:15:15.0640 5504 MSKSSRV - ok
19:15:15.0656 5504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:15:15.0656 5504 MSPCLOCK - ok
19:15:15.0671 5504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:15:15.0671 5504 MSPQM - ok
19:15:15.0687 5504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:15:15.0687 5504 mssmbios - ok
19:15:15.0703 5504 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:15:15.0703 5504 MSTEE - ok
19:15:15.0734 5504 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
19:15:15.0734 5504 ms_mpu401 - ok
19:15:15.0765 5504 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:15:15.0765 5504 MTsensor - ok
19:15:15.0796 5504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:15:15.0796 5504 Mup - ok
19:15:15.0812 5504 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:15:15.0812 5504 NABTSFEC - ok
19:15:15.0875 5504 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
19:15:15.0875 5504 napagent - ok
19:15:16.0015 5504 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
19:15:16.0015 5504 NAV - ok
19:15:16.0109 5504 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120424.035\NAVENG.SYS
19:15:16.0109 5504 NAVENG - ok
19:15:16.0171 5504 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120424.035\NAVEX15.SYS
19:15:16.0203 5504 NAVEX15 - ok
19:15:16.0296 5504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:15:16.0296 5504 NDIS - ok
19:15:16.0328 5504 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:15:16.0328 5504 NdisIP - ok
19:15:16.0359 5504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:15:16.0359 5504 NdisTapi - ok
19:15:16.0375 5504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:15:16.0375 5504 Ndisuio - ok
19:15:16.0390 5504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:15:16.0390 5504 NdisWan - ok
19:15:16.0453 5504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:15:16.0453 5504 NDProxy - ok
19:15:16.0468 5504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:15:16.0468 5504 NetBT - ok
19:15:16.0515 5504 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:15:16.0515 5504 NetDDE - ok
19:15:16.0531 5504 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:15:16.0531 5504 NetDDEdsdm - ok
19:15:16.0562 5504 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
19:15:16.0578 5504 Netman - ok
19:15:16.0656 5504 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:15:16.0671 5504 NetTcpPortSharing - ok
19:15:16.0687 5504 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:15:16.0687 5504 NIC1394 - ok
19:15:16.0890 5504 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
19:15:16.0890 5504 Nla - ok
19:15:16.0968 5504 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:15:16.0984 5504 nmwcd - ok
19:15:17.0031 5504 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:15:17.0031 5504 nmwcdc - ok
19:15:17.0125 5504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:15:17.0125 5504 Npfs - ok
19:15:17.0609 5504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:15:17.0609 5504 Ntfs - ok
19:15:18.0046 5504 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
19:15:18.0046 5504 NtmsSvc - ok
19:15:18.0093 5504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:15:18.0093 5504 Null - ok
19:15:20.0281 5504 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:15:20.0453 5504 nv - ok
19:15:20.0562 5504 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
19:15:20.0609 5504 NVSvc - ok
19:15:20.0734 5504 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:15:20.0812 5504 nvUpdatusService - ok
19:15:20.0875 5504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:15:20.0875 5504 NwlnkFlt - ok
19:15:20.0890 5504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:15:20.0906 5504 NwlnkFwd - ok
19:15:20.0953 5504 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:15:20.0953 5504 ohci1394 - ok
19:15:20.0968 5504 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
19:15:20.0968 5504 Parport - ok
19:15:20.0984 5504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:15:20.0984 5504 PartMgr - ok
19:15:21.0062 5504 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
19:15:21.0062 5504 ParVdm - ok
19:15:21.0093 5504 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:15:21.0093 5504 pccsmcfd - ok
19:15:21.0109 5504 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
19:15:21.0109 5504 PCI - ok
19:15:21.0125 5504 PCIDump - ok
19:15:21.0140 5504 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:15:21.0140 5504 PCIIde - ok
19:15:21.0156 5504 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:15:21.0156 5504 Pcmcia - ok
19:15:21.0171 5504 PDCOMP - ok
19:15:21.0187 5504 PDFRAME - ok
19:15:21.0203 5504 PDRELI - ok
19:15:21.0218 5504 PDRFRAME - ok
19:15:21.0234 5504 perc2 - ok
19:15:21.0234 5504 perc2hib - ok
19:15:21.0296 5504 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:15:21.0312 5504 PlugPlay - ok
19:15:21.0343 5504 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:15:21.0343 5504 PolicyAgent - ok
19:15:21.0375 5504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:15:21.0375 5504 PptpMiniport - ok
19:15:21.0406 5504 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
19:15:21.0406 5504 Processor - ok
19:15:21.0406 5504 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:15:21.0421 5504 ProtectedStorage - ok
19:15:21.0437 5504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:15:21.0437 5504 Ptilink - ok
19:15:21.0453 5504 ql1080 - ok
19:15:21.0468 5504 Ql10wnt - ok
19:15:21.0484 5504 ql12160 - ok
19:15:21.0484 5504 ql1240 - ok
19:15:21.0500 5504 ql1280 - ok
19:15:21.0531 5504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:15:21.0531 5504 RasAcd - ok
19:15:21.0562 5504 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
19:15:21.0562 5504 RasAuto - ok
19:15:21.0593 5504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:15:21.0593 5504 Rasl2tp - ok
19:15:21.0609 5504 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
19:15:21.0625 5504 RasMan - ok
19:15:21.0640 5504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:15:21.0640 5504 RasPppoe - ok
19:15:21.0656 5504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:15:21.0656 5504 Raspti - ok
19:15:21.0671 5504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:15:21.0671 5504 RDPCDD - ok
19:15:21.0687 5504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:15:21.0703 5504 rdpdr - ok
19:15:21.0734 5504 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:15:21.0734 5504 RDPWD - ok
19:15:21.0765 5504 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
19:15:21.0765 5504 RDSessMgr - ok
19:15:21.0796 5504 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:15:21.0796 5504 redbook - ok
19:15:21.0828 5504 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
19:15:21.0828 5504 RemoteAccess - ok
19:15:21.0859 5504 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
19:15:21.0859 5504 RemoteRegistry - ok
19:15:21.0890 5504 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
19:15:21.0906 5504 RpcSs - ok
19:15:21.0937 5504 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
19:15:21.0937 5504 RSVP - ok
19:15:21.0968 5504 RTL8023xp (f7a8c9024e82534cec50613d87e88645) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:15:21.0968 5504 RTL8023xp - ok
19:15:21.0984 5504 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:15:21.0984 5504 rtl8139 - ok
19:15:22.0015 5504 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:15:22.0015 5504 SamSs - ok
19:15:22.0093 5504 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:15:22.0093 5504 SASDIFSV - ok
19:15:22.0109 5504 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:15:22.0109 5504 SASKUTIL - ok
19:15:22.0140 5504 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
19:15:22.0140 5504 SCardSvr - ok
19:15:22.0187 5504 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
19:15:22.0187 5504 Schedule - ok
19:15:22.0234 5504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:15:22.0234 5504 Secdrv - ok
19:15:22.0250 5504 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
19:15:22.0250 5504 seclogon - ok
19:15:22.0281 5504 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
19:15:22.0296 5504 SenFiltService - ok
19:15:22.0328 5504 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
19:15:22.0328 5504 SENS - ok
19:15:22.0343 5504 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:15:22.0343 5504 serenum - ok
19:15:22.0359 5504 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
19:15:22.0359 5504 Serial - ok
19:15:22.0421 5504 ServiceLayer (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:15:22.0421 5504 ServiceLayer - ok
19:15:22.0484 5504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:15:22.0484 5504 Sfloppy - ok
19:15:22.0546 5504 SgtSch2Svc (8cb1b48f6f1e1e6375301808ff2be49f) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
19:15:22.0562 5504 SgtSch2Svc - ok
19:15:22.0593 5504 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
19:15:22.0609 5504 SharedAccess - ok
19:15:22.0656 5504 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:15:22.0656 5504 ShellHWDetection - ok
19:15:22.0671 5504 Simbad - ok
19:15:22.0718 5504 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
19:15:22.0734 5504 SkypeUpdate - ok
19:15:22.0765 5504 SLEE_17_DRIVER (eaca11d07d7e74d72b913089b75b1416) C:\WINDOWS\system32\drivers\Sleen17.sys
19:15:22.0765 5504 SLEE_17_DRIVER - ok
19:15:22.0781 5504 slicedisk.sys - ok
19:15:22.0812 5504 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:15:22.0812 5504 SLIP - ok
19:15:22.0859 5504 snapman (85bada660d57bc5aef52b11cabd6d8f9) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:15:22.0859 5504 snapman - ok
19:15:22.0875 5504 Sparrow - ok
19:15:22.0890 5504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:15:22.0890 5504 splitter - ok
19:15:22.0921 5504 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:15:22.0921 5504 Spooler - ok
19:15:22.0953 5504 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
19:15:22.0953 5504 sr - ok
19:15:22.0984 5504 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
19:15:22.0984 5504 srservice - ok
19:15:23.0062 5504 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SRTSP.SYS
19:15:23.0062 5504 SRTSP - ok
19:15:23.0078 5504 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NAV\1307000.009\SRTSPX.SYS
19:15:23.0093 5504 SRTSPX - ok
19:15:23.0125 5504 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
19:15:23.0125 5504 SSDPSRV - ok
19:15:23.0156 5504 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
19:15:23.0171 5504 stisvc - ok
19:15:23.0187 5504 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:15:23.0187 5504 streamip - ok
19:15:23.0218 5504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:15:23.0218 5504 swenum - ok
19:15:23.0250 5504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:15:23.0250 5504 swmidi - ok
19:15:23.0265 5504 SwPrv - ok
19:15:23.0281 5504 symc810 - ok
19:15:23.0296 5504 symc8xx - ok
19:15:23.0328 5504 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMDS.SYS
19:15:23.0343 5504 SymDS - ok
19:15:23.0390 5504 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMEFA.SYS
19:15:23.0406 5504 SymEFA - ok
19:15:23.0437 5504 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:15:23.0437 5504 SymEvent - ok
19:15:23.0484 5504 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1307000.009\Ironx86.SYS
19:15:23.0484 5504 SymIRON - ok
19:15:23.0515 5504 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SYMTDI.SYS
19:15:23.0515 5504 SYMTDI - ok
19:15:23.0531 5504 sym_hi - ok
19:15:23.0546 5504 sym_u3 - ok
19:15:23.0578 5504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:15:23.0578 5504 sysaudio - ok
19:15:23.0609 5504 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
19:15:23.0609 5504 SysmonLog - ok
19:15:23.0656 5504 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys
19:15:23.0656 5504 tap0901 - ok
19:15:23.0687 5504 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
19:15:23.0687 5504 taphss - ok
19:15:23.0718 5504 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
19:15:23.0718 5504 TapiSrv - ok
19:15:23.0750 5504 tapoas (827c8058c284ff0013e4462efe2591a3) C:\WINDOWS\system32\DRIVERS\tapoas.sys
19:15:23.0750 5504 tapoas - ok
19:15:23.0796 5504 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:15:23.0796 5504 Tcpip - ok
19:15:23.0828 5504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:15:23.0828 5504 TDPIPE - ok
19:15:23.0875 5504 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
19:15:23.0875 5504 tdrpman - ok
19:15:23.0906 5504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:15:23.0906 5504 TDTCP - ok
19:15:23.0937 5504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:15:23.0937 5504 TermDD - ok
19:15:23.0968 5504 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
19:15:23.0968 5504 TermService - ok
19:15:24.0015 5504 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:15:24.0015 5504 Themes - ok
19:15:24.0046 5504 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:15:24.0046 5504 tifsfilter - ok
19:15:24.0093 5504 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:15:24.0093 5504 timounter - ok
19:15:24.0156 5504 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\System32\tlntsvr.exe
19:15:24.0156 5504 TlntSvr - ok
19:15:24.0171 5504 TosIde - ok
19:15:24.0203 5504 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
19:15:24.0203 5504 TrkWks - ok
19:15:24.0218 5504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:15:24.0234 5504 Udfs - ok
19:15:24.0250 5504 UimBus (0a1822d12cf103633893caf9cae4e69d) C:\WINDOWS\system32\DRIVERS\UimBus.sys
19:15:24.0250 5504 UimBus - ok
19:15:24.0281 5504 Uim_IM (42f7398a76d279e0f63fc600920ab90c) C:\WINDOWS\system32\Drivers\Uim_IM.sys
19:15:24.0296 5504 Uim_IM - ok
19:15:24.0312 5504 Uim_Vim (48ad04132fcac71e0eec3de5fb22d66e) C:\WINDOWS\system32\Drivers\Uim_Vim.sys
19:15:24.0328 5504 Uim_Vim - ok
19:15:24.0328 5504 ultra - ok
19:15:24.0359 5504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:15:24.0359 5504 Update - ok
19:15:24.0390 5504 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
19:15:24.0390 5504 upnphost - ok
19:15:24.0421 5504 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:15:24.0421 5504 upperdev - ok
19:15:24.0453 5504 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
19:15:24.0453 5504 UPS - ok
19:15:24.0468 5504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:15:24.0468 5504 usbehci - ok
19:15:24.0500 5504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:15:24.0500 5504 usbhub - ok
19:15:24.0531 5504 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:15:24.0531 5504 usbohci - ok
19:15:24.0562 5504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:15:24.0562 5504 usbscan - ok
19:15:24.0593 5504 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
19:15:24.0593 5504 usbser - ok
19:15:24.0625 5504 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:15:24.0625 5504 UsbserFilt - ok
19:15:24.0640 5504 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:15:24.0640 5504 usbstor - ok
19:15:24.0687 5504 VBoxNetAdp (226cd9e42be28a84ec56430fbb57224f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
19:15:24.0687 5504 VBoxNetAdp - ok
19:15:24.0703 5504 VBoxNetFlt - ok
19:15:24.0734 5504 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
19:15:24.0734 5504 VCSVADHWSer - ok
19:15:24.0781 5504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:15:24.0781 5504 VgaSave - ok
19:15:24.0796 5504 ViaIde - ok
19:15:24.0812 5504 Video3D - ok
19:15:24.0843 5504 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
19:15:24.0843 5504 VolSnap - ok
19:15:24.0890 5504 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
19:15:24.0890 5504 VSS - ok
19:15:24.0906 5504 VVBackd5 (6609b7500dd575d8e0f3aff3dab2a5db) C:\WINDOWS\system32\drivers\VVBackd5.sys
19:15:24.0921 5504 VVBackd5 - ok
19:15:24.0953 5504 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
19:15:24.0953 5504 W32Time - ok
19:15:24.0984 5504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:15:24.0984 5504 Wanarp - ok
19:15:25.0031 5504 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:15:25.0046 5504 Wdf01000 - ok
19:15:25.0062 5504 WDICA - ok
19:15:25.0093 5504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:15:25.0093 5504 wdmaud - ok
19:15:25.0125 5504 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
19:15:25.0125 5504 WebClient - ok
19:15:25.0203 5504 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:15:25.0203 5504 winmgmt - ok
19:15:25.0250 5504 WmdmPmSN (6199b2ae3f9db9cb6db230471a1dc601) C:\WINDOWS\System32\mspmsnsv.dll
19:15:25.0250 5504 WmdmPmSN - ok
19:15:25.0312 5504 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
19:15:25.0312 5504 Wmi - ok
19:15:25.0343 5504 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:15:25.0343 5504 WmiApSrv - ok
19:15:25.0437 5504 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:15:25.0437 5504 WPFFontCache_v0400 - ok
19:15:25.0484 5504 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:15:25.0484 5504 WS2IFSL - ok
19:15:25.0531 5504 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
19:15:25.0531 5504 wscsvc - ok
19:15:25.0562 5504 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:15:25.0562 5504 WSTCODEC - ok
19:15:25.0578 5504 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
19:15:25.0578 5504 wuauserv - ok
19:15:25.0640 5504 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
19:15:25.0640 5504 WZCSVC - ok
19:15:25.0671 5504 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
19:15:25.0671 5504 xmlprov - ok
19:15:25.0703 5504 yukonwxp (87f126d0f8dc176b282924df0417075e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:15:25.0718 5504 yukonwxp - ok
19:15:25.0781 5504 MBR (0x1B8) (5b158caa031a0d98a796ea0923b8c3e6) \Device\Harddisk0\DR0
19:15:25.0796 5504 \Device\Harddisk0\DR0 - ok
19:15:25.0812 5504 MBR (0x1B8) (10ae9eb13951b8e206480773f877a330) \Device\Harddisk1\DR1
19:15:25.0828 5504 \Device\Harddisk1\DR1 - ok
19:15:25.0843 5504 MBR (0x1B8) (de83356bc6a0e023d03551d114adc73e) \Device\Harddisk2\DR2
19:15:25.0906 5504 \Device\Harddisk2\DR2 - ok
19:15:25.0906 5504 Boot (0x1200) (029b0c0dd4ed467b798933a755cb72a7) \Device\Harddisk0\DR0\Partition0
19:15:25.0906 5504 \Device\Harddisk0\DR0\Partition0 - ok
19:15:25.0953 5504 Boot (0x1200) (2d2dfe213d7a94f476ff4766dc9e0285) \Device\Harddisk0\DR0\Partition1
19:15:25.0953 5504 \Device\Harddisk0\DR0\Partition1 - ok
19:15:25.0953 5504 Boot (0x1200) (1448eda2e10f3643549902c88c36c9d2) \Device\Harddisk1\DR1\Partition0
19:15:25.0953 5504 \Device\Harddisk1\DR1\Partition0 - ok
19:15:25.0968 5504 Boot (0x1200) (517775648974438e8574266eedf6b6ac) \Device\Harddisk2\DR2\Partition0
19:15:25.0968 5504 \Device\Harddisk2\DR2\Partition0 - ok
19:15:25.0984 5504 Boot (0x1200) (69b0278ebb080e0fac1ed5fbaf631a7a) \Device\Harddisk2\DR2\Partition1
19:15:26.0000 5504 \Device\Harddisk2\DR2\Partition1 - ok
19:15:26.0000 5504 ============================================================
19:15:26.0000 5504 Scan finished
19:15:26.0000 5504 ============================================================
19:15:26.0015 5752 Detected object count: 0
19:15:26.0015 5752 Actual detected object count: 0
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu(preventivka)
Toto je OK. Myš zkuste odebrat ze systému a restartovat PC. Myš bude znovu načtena. Pak vyzkoušejte, zda to funguje.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu(preventivka)
Vše šlape,díky
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu(preventivka)
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu(preventivka)
Ještě jednou díky a posílam ňáký kačky
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu(preventivka)
Rádo se stalo a za příspěvek děkujeme! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?