Prosim o kontrolu logu

Zpráva

nasonex · #1 Příspěvek od **nasonex** » 09 zář 2012 11:51

Dobry den
PC se seka u prehravani MP3 , HD videa se sekne a restartuje . V rychlosti znacne zhorseni . predem diky za pomoc

edit : pc jsem projizdel Spybotem a CCleaner

Logfile of random's system information tool 1.09 (written by random/random)
Run by Riša at 2012-09-09 12:45:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 267 GB (56%) free of 477 GB
Total RAM: 3582 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:46, on 9.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\All Users\Data aplikací\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Documents and Settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIMP2\AIMP3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Riša\Plocha\RSIT.exe
C:\Program Files\trend micro\Riša.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\WINDOWS\TEMP\E_SF4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users\Data aplikací\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 8310 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Epson Printer Software Downloader.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Riša\Data aplikací\Mozilla\Firefox\Profiles\oi24drlc.default

prefs.js - "browser.startup.homepage" - "http://google.cz/"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID= 112050&tt=050412_30b&babsrc=KW_ss&mntrId=e42f8e51000000000000001d7d08b2df&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"fe_9.0@nokia.com"=C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
"fmconverter@gmail.com"=C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm LTD Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
FlashGet3.xpi

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Riša\Data aplikací\Mozilla\Firefox\Profiles\oi24drlc.default\extensions\
yasearch@yandex.ru
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21A88CB9-84D2-4020-A2D1-B25A21034884}]
HistoryTriggerBHO Class - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll [2011-11-17 36208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-07-14 603816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-07-14 603816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-04-07 673616]
"B2C_AGENT"=C:\Documents and Settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [2012-03-28 404568]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2012-07-14 738984]
"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2012-08-29 73392]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=C:\Program Files\Steam\steam.exe [2012-08-04 1353080]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"LG LinkAir"= []
"EPSON SX110 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]
""= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
C:\Program Files\GIGABYTE\GEST\RUN.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Documents and Settings\Riša\Plocha\qip\qip.exe [2010-10-29 3330560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-01-10 1083264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Riša\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Riša\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe"="C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe:*:Enabled:Stronghold3"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Program Files\Steam\steamapps\s00b\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\s00b\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Steam\steamapps\esonic10\half-life\hl.exe"="C:\Program Files\Steam\steamapps\esonic10\half-life\hl.exe:*:Enabled:Half-Life"
"C:\Program Files\Steam\steamapps\esonic10\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\esonic10\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.dvsd"=pdvcodec.dll

======List of files/folders created in the last 1 month======

2012-09-09 12:45:23 ----D---- C:\Program Files\trend micro
2012-09-09 12:45:20 ----D---- C:\rsit
2012-09-09 11:46:45 ----D---- C:\Documents and Settings\Riša\Data aplikací\vlc
2012-09-09 11:45:01 ----D---- C:\Program Files\VideoLAN
2012-09-07 20:23:44 ----D---- C:\Program Files\Mozilla Firefox
2012-09-03 18:43:01 ----A---- C:\WINDOWS\system32\drivers\kl2.sys
2012-09-03 18:43:00 ----A---- C:\WINDOWS\system32\drivers\kl1.sys
2012-09-03 18:42:55 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2012-09-03 18:14:39 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-09-03 18:14:38 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-09-03 18:14:36 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-09-03 18:14:35 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-09-03 18:14:35 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-09-03 18:14:34 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-09-03 18:14:34 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-09-03 18:14:33 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-09-03 18:14:06 ----A---- C:\WINDOWS\avastSS.scr
2012-09-03 18:14:05 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-09-03 17:54:28 ----D---- C:\Documents and Settings\Riša\Data aplikací\CheckPoint
2012-09-03 17:51:37 ----D---- C:\Program Files\CheckPoint
2012-09-03 17:51:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\CheckPoint
2012-08-29 15:45:24 ----A---- C:\WINDOWS\system32\vsdatant.sys
2012-08-15 18:46:22 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-08-15 15:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-08-15 15:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2731847$
2012-08-15 15:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219$
2012-08-15 15:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2722913$
2012-08-15 15:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135$

======List of files/folders modified in the last 1 month======

2012-09-09 12:45:23 ----RD---- C:\Program Files
2012-09-09 12:45:12 ----D---- C:\WINDOWS\Temp
2012-09-09 12:39:59 ----D---- C:\WINDOWS
2012-09-09 12:39:00 ----D---- C:\Program Files\Steam
2012-09-09 12:36:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-09 12:36:42 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-09 12:32:26 ----D---- C:\WINDOWS\Prefetch
2012-09-09 12:32:11 ----SHD---- C:\WINDOWS\Installer
2012-09-09 12:32:02 ----SD---- C:\WINDOWS\Tasks
2012-09-09 12:11:17 ----D---- C:\Documents and Settings\Riša\Data aplikací\DAEMON Tools Lite
2012-09-09 12:11:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-09-09 12:05:18 ----D---- C:\WINDOWS\Debug
2012-09-09 12:05:11 ----D---- C:\WINDOWS\Minidump
2012-09-09 11:45:29 ----D---- C:\Program Files\The KMPlayer
2012-09-09 11:21:32 ----D---- C:\WINDOWS\system32\config
2012-09-09 02:07:28 ----D---- C:\Documents and Settings\Riša\Data aplikací\AIMP3
2012-09-08 07:51:09 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-06 22:00:19 ----D---- C:\Documents and Settings\Riša\Data aplikací\Dropbox
2012-09-03 18:44:55 ----D---- C:\WINDOWS\system32\CatRoot
2012-09-03 18:43:21 ----SHD---- C:\System Volume Information
2012-09-03 18:43:02 ----HD---- C:\WINDOWS\inf
2012-09-03 18:43:02 ----D---- C:\WINDOWS\system32\drivers
2012-09-03 18:43:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-09-03 18:14:27 ----D---- C:\WINDOWS\WinSxS
2012-09-03 18:14:05 ----D---- C:\WINDOWS\system32
2012-09-03 18:13:46 ----D---- C:\Program Files\AVAST Software
2012-09-03 18:13:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-09-03 17:00:05 ----A---- C:\WINDOWS\system32\lgAxconfig.ini
2012-08-16 13:40:48 ----D---- C:\Program Files\AIMP2
2012-08-15 18:46:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-15 15:09:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-15 15:09:10 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-15 15:04:30 ----A---- C:\WINDOWS\system32\MRT.exe
2012-08-13 16:49:38 ----D---- C:\Program Files\Common Files\Steam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-09-29 65024]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2012-01-09 133208]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-12-17 239168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2012-01-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-01-09 485808]
R1 Vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2012-08-29 526640]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 Andbus;LGE Android Platform Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\WINDOWS\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\WINDOWS\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
S3 ANDModem;LGE Android Platform USB Modem; C:\WINDOWS\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
S3 androidusb;ADB Interface Driver; C:\WINDOWS\System32\Drivers\lgandadb.sys [2010-08-02 25728]
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2011-02-14 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2011-02-14 20864]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2011-02-14 25216]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-18 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-12 113664]
R2 Freemake Improver;Freemake Improver; C:\Documents and Settings\All Users\Data aplikací\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-03-06 82944]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-07-14 497320]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2012-08-29 2445880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-11 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-08-06 529232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 09 zář 2012 12:48

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

nasonex · #3 Příspěvek od **nasonex** » 09 zář 2012 17:50

zkousel jsem asi 3x a vzdy to vyhodilo ze aplikace neodpovida . porad dokola , pomohl az restart

#4 Příspěvek od **Rudy** » 09 zář 2012 18:09

Zkuste to v nouz. režimu.

nasonex · #5 Příspěvek od **nasonex** » 10 zář 2012 13:07

ComboFix 12-09-09.02 - Riša 10.09.2012 13:37:50.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.3315 [GMT 2:00]
Spuštěný z: c:\documents and settings\Riša\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETEA.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-10 do 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-09 10:45 . 2012-09-09 10:48 -------- d-----w- c:\program files\trend micro
2012-09-09 10:45 . 2012-09-09 10:48 -------- d-----w- C:\rsit
2012-09-09 09:46 . 2012-09-09 16:47 -------- d-----w- c:\documents and settings\Riša\Data aplikací\vlc
2012-09-09 09:45 . 2012-09-09 09:45 -------- d-----w- c:\program files\VideoLAN
2012-09-08 16:20 . 2012-09-08 16:24 -------- d-----w- c:\documents and settings\Riša\dwhelper
2012-09-03 17:00 . 2012-09-03 17:00 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2012-09-03 16:43 . 2012-01-09 16:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2012-09-03 16:43 . 2012-01-09 16:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-09-03 16:14 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-03 16:14 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-03 16:14 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-03 16:14 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-03 16:14 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-03 16:14 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-03 16:14 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-03 16:14 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-03 16:14 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-03 16:14 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-03 15:54 . 2012-09-03 15:54 -------- d-----w- c:\documents and settings\Riša\Data aplikací\CheckPoint
2012-09-03 15:51 . 2012-09-03 15:54 -------- d-----w- c:\program files\CheckPoint
2012-09-03 15:51 . 2012-09-03 15:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:46 . 2012-04-10 07:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 16:46 . 2011-12-10 22:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-12-10 18:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 21:30 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-09-07 18:23 . 2012-09-07 18:23 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"B2C_AGENT"="c:\documents and settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-07-14 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-10-29 15:12 3330560 ----a-w- c:\documents and settings\Riša\Plocha\qip\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-01-10 17:36 1083264 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Riša\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\s00b\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\esonic10\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\esonic10\\counter-strike\\hl.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.12.2011 13:01 239168]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.9.2012 18:14 729752]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.9.2012 18:14 355632]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3.9.2012 18:43 11352]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.9.2012 18:14 21256]
S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Data aplikací\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8.3.2012 21:37 82944]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.7.2012 9:32 136176]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14.7.2012 15:59 27056]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14.7.2012 15:59 497320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.4.2012 9:55 250056]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [3.1.2012 16:00 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [3.1.2012 16:00 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [3.1.2012 16:00 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [3.1.2012 16:00 25088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [3.1.2012 16:00 25728]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.7.2012 9:32 136176]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 20:42 114144]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:46]
.
2012-09-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-03 09:12]
.
2012-09-09 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 07:32]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 07:32]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: ????3??
IE: ????3??????
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\Riša\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Riša\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 192.168.1.1 212.24.148.99
FF - ProfilePath - c:\documents and settings\Riša\Data aplikací\Mozilla\Firefox\Profiles\oi24drlc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID= 112050&tt=050412_30b&babsrc=KW_ss&mntrId=e42f8e51000000000000001d7d08b2df&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID= 112050&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e42f8e51000000000000001d7d08b2df
FF - user.js: extensions.BabylonToolbar_i.hardId - e42f8e51000000000000001d7d08b2df
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15442
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:52
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-LG LinkAir - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-GEST - c:\program files\GIGABYTE\GEST\RUN.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 13:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AVVS-63H0B1 rev.05.04C05 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-1682526488-1801674531-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Riša\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-796845957-1682526488-1801674531-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Riša\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-09-10 13:46:43
ComboFix-quarantined-files.txt 2012-09-10 11:46
.
Před spuštěním: Volných bajtů: 279 935 885 312
Po spuštění: Volných bajtů: 280 025 997 312
.
- - End Of File - - 1D44FE3B39EBE9B425EA4092AFF2ECA6

#6 Příspěvek od **Rudy** » 10 zář 2012 16:59

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Firefox::
FF - ProfilePath - c:\documents and settings\Riša\Data aplikací\Mozilla\Firefox\Profiles\oi24drlc.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID= 112050&tt=050412_30b&babsrc=KW_ss&mntrId=e42f8e51000000000000001d7d08b2df&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID= 112050&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e42f8e51000000000000001d7d08b2df
FF - user.js: extensions.BabylonToolbar_i.hardId - e42f8e51000000000000001d7d08b2df
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15442
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:52
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

RegLock::
[HKEY_USERS\S-1-5-21-796845957-1682526488-1801674531-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
[HKEY_USERS\S-1-5-21-796845957-1682526488-1801674531-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Pak stáhněte a spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Nechte pracovat a nekonec sem dejte log.

nasonex · #7 Příspěvek od **nasonex** » 11 zář 2012 18:05

log z combofixu

ComboFix 12-09-09.02 - Riša 11.09.2012 18:10:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2718 [GMT 2:00]
Spuštěný z: c:\documents and settings\Riša\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Riša\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
/wow section - STAGE 3
.
/wow section - STAGE 4
SED: can't read ProfilesFileB.dat: No such file or directory
SED: can't read ProfilesFolderB.dat: No such file or directory
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
Nedostatek paměti
.
/wow section - STAGE 5
.
/wow section - STAGE 6
.
/wow section - STAGE 9
.
/wow section - STAGE 12
.
/wow section - STAGE 16
.
/wow section - STAGE 18
.
/wow section - STAGE 19B
.
/wow section - STAGE 23
.
/wow section nedokončena
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-11 do 2012-09-11 )))))))))))))))))))))))))))))))
.
.
2012-09-09 10:45 . 2012-09-09 10:48 -------- d-----w- c:\program files\trend micro
2012-09-09 10:45 . 2012-09-09 10:48 -------- d-----w- C:\rsit
2012-09-09 09:46 . 2012-09-10 16:05 -------- d-----w- c:\documents and settings\Riša\Data aplikací\vlc
2012-09-09 09:45 . 2012-09-09 09:45 -------- d-----w- c:\program files\VideoLAN
2012-09-08 16:20 . 2012-09-08 16:24 -------- d-----w- c:\documents and settings\Riša\dwhelper
2012-09-03 17:00 . 2012-09-03 17:00 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2012-09-03 16:43 . 2012-01-09 16:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2012-09-03 16:43 . 2012-01-09 16:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-09-03 16:14 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-03 16:14 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-03 16:14 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-03 16:14 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-03 16:14 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-03 16:14 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-03 16:14 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-03 16:14 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-03 16:14 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-03 16:14 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-03 15:54 . 2012-09-03 15:54 -------- d-----w- c:\documents and settings\Riša\Data aplikací\CheckPoint
2012-09-03 15:51 . 2012-09-03 15:54 -------- d-----w- c:\program files\CheckPoint
2012-09-03 15:51 . 2012-09-03 15:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:46 . 2012-04-10 07:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 16:46 . 2011-12-10 22:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-12-10 18:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 21:30 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-09-07 18:23 . 2012-09-07 18:23 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"B2C_AGENT"="c:\documents and settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-10-29 15:12 3330560 ----a-w- c:\documents and settings\Riša\Plocha\qip\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-01-10 17:36 1083264 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Riša\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\s00b\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\esonic10\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\esonic10\\counter-strike\\hl.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.9.2012 18:14 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.9.2012 18:14 355632]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.12.2011 13:01 239168]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3.9.2012 18:43 11352]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.9.2012 18:14 21256]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14.7.2012 15:59 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14.7.2012 15:59 497320]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Data aplikací\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8.3.2012 21:37 82944]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.7.2012 9:32 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.4.2012 9:55 250056]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [3.1.2012 16:00 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [3.1.2012 16:00 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [3.1.2012 16:00 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [3.1.2012 16:00 25088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [3.1.2012 16:00 25728]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.7.2012 9:32 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 20:42 114144]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:46]
.
2012-09-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-03 09:12]
.
2012-09-10 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 07:32]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 07:32]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: ????3??
IE: ????3??????
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\Riša\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Riša\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 192.168.1.1 212.24.148.99
FF - ProfilePath - c:\documents and settings\Riša\Data aplikací\Mozilla\Firefox\Profiles\oi24drlc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.cz/
.
Supplementary scan did not complete!
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-11 18:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AVVS-63H0B1 rev.05.04C05 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1888)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\documents and settings\Riša\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-09-11 18:53:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-11 16:42
ComboFix2.txt 2012-09-10 11:46
.
Před spuštěním: Volných bajtů: 281 300 152 320
nového. Stisknutím klávesy ENTER ponecháte čas beze změny.
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6D0EA5C20018767A0068DE1EAD7E0A1A

nasonex · #8 Příspěvek od **nasonex** » 11 zář 2012 18:06

log z TDSSKiller

19:00:48.0531 3636 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:00:48.0843 3636 ============================================================
19:00:48.0843 3636 Current date / time: 2012/09/11 19:00:48.0843
19:00:48.0843 3636 SystemInfo:
19:00:48.0843 3636
19:00:48.0843 3636 OS Version: 5.1.2600 ServicePack: 3.0
19:00:48.0843 3636 Product type: Workstation
19:00:48.0843 3636 ComputerName: KOUTNI-PC
19:00:48.0843 3636 UserName: Riša
19:00:48.0843 3636 Windows directory: C:\WINDOWS
19:00:48.0843 3636 System windows directory: C:\WINDOWS
19:00:48.0843 3636 Processor architecture: Intel x86
19:00:48.0843 3636 Number of processors: 2
19:00:48.0843 3636 Page size: 0x1000
19:00:48.0843 3636 Boot type: Normal boot
19:00:48.0843 3636 ============================================================
19:00:54.0468 3636 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:00:54.0515 3636 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:00:54.0546 3636 ============================================================
19:00:54.0546 3636 \Device\Harddisk0\DR0:
19:00:54.0546 3636 MBR partitions:
19:00:54.0546 3636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3A384C02
19:00:54.0546 3636 \Device\Harddisk1\DR1:
19:00:54.0546 3636 MBR partitions:
19:00:54.0546 3636 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:00:54.0546 3636 ============================================================
19:00:54.0750 3636 C: <-> \Device\Harddisk1\DR1\Partition1
19:00:54.0781 3636 D: <-> \Device\Harddisk0\DR0\Partition1
19:00:54.0781 3636 ============================================================
19:00:54.0781 3636 Initialize success
19:00:54.0781 3636 ============================================================
19:00:56.0484 4012 ============================================================
19:00:56.0484 4012 Scan started
19:00:56.0484 4012 Mode: Manual;
19:00:56.0484 4012 ============================================================
19:01:02.0500 4012 ================ Scan system memory ========================
19:01:02.0500 4012 System memory - ok
19:01:02.0500 4012 ================ Scan services =============================
19:01:05.0468 4012 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:01:05.0468 4012 Aavmker4 - ok
19:01:05.0468 4012 Abiosdsk - ok
19:01:05.0468 4012 abp480n5 - ok
19:01:05.0593 4012 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:01:05.0656 4012 ACPI - ok
19:01:05.0718 4012 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:01:05.0765 4012 ACPIEC - ok
19:01:05.0937 4012 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:01:06.0000 4012 AdobeFlashPlayerUpdateSvc - ok
19:01:06.0015 4012 adpu160m - ok
19:01:06.0125 4012 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:01:06.0187 4012 aec - ok
19:01:06.0281 4012 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:01:06.0343 4012 AFD - ok
19:01:06.0343 4012 Aha154x - ok
19:01:06.0343 4012 aic78u2 - ok
19:01:06.0343 4012 aic78xx - ok
19:01:06.0406 4012 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:01:06.0421 4012 Alerter - ok
19:01:06.0453 4012 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
19:01:06.0453 4012 ALG - ok
19:01:06.0453 4012 AliIde - ok
19:01:06.0468 4012 amsint - ok
19:01:06.0531 4012 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\WINDOWS\system32\DRIVERS\lgandbus.sys
19:01:06.0609 4012 Andbus - ok
19:01:06.0703 4012 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\WINDOWS\system32\DRIVERS\lganddiag.sys
19:01:06.0718 4012 AndDiag - ok
19:01:06.0765 4012 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\WINDOWS\system32\DRIVERS\lgandgps.sys
19:01:06.0796 4012 AndGps - ok
19:01:06.0828 4012 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
19:01:06.0875 4012 ANDModem - ok
19:01:06.0921 4012 [ 54A40A58FF71936026F2E49ECFD487B8 ] androidusb C:\WINDOWS\system32\Drivers\lgandadb.sys
19:01:06.0921 4012 androidusb - ok
19:01:06.0921 4012 AppMgmt - ok
19:01:06.0953 4012 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:01:06.0984 4012 Arp1394 - ok
19:01:06.0984 4012 asc - ok
19:01:06.0984 4012 asc3350p - ok
19:01:06.0984 4012 asc3550 - ok
19:01:07.0843 4012 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:01:08.0031 4012 aspnet_state - ok
19:01:08.0109 4012 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:01:08.0109 4012 aswFsBlk - ok
19:01:08.0156 4012 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:01:08.0156 4012 aswMon2 - ok
19:01:08.0218 4012 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
19:01:08.0218 4012 AswRdr - ok
19:01:08.0515 4012 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:01:08.0531 4012 aswSnx - ok
19:01:08.0656 4012 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:01:08.0656 4012 aswSP - ok
19:01:08.0687 4012 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:01:08.0687 4012 aswTdi - ok
19:01:08.0765 4012 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:01:08.0796 4012 AsyncMac - ok
19:01:08.0859 4012 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:01:08.0859 4012 atapi - ok
19:01:08.0875 4012 Atdisk - ok
19:01:09.0171 4012 [ A03F8B3BF819A1C8C9661A71FE53F09F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:01:09.0171 4012 Ati HotKey Poller - ok
19:01:09.0437 4012 [ ECFAA465EC730F40DFA41E63EEA06A57 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
19:01:09.0437 4012 ATI Smart - ok
19:01:10.0796 4012 [ 7E682D97868CEFAE5D2BBD23EBBF7207 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:01:10.0812 4012 ati2mtag - ok
19:01:10.0890 4012 [ 41C8F0EDA10DA14378D304C20BA6E558 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
19:01:10.0890 4012 AtiHdmiService - ok
19:01:10.0953 4012 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:01:11.0000 4012 Atmarpc - ok
19:01:11.0062 4012 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:01:11.0078 4012 AudioSrv - ok
19:01:11.0171 4012 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:01:11.0187 4012 audstub - ok
19:01:11.0453 4012 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:01:11.0453 4012 avast! Antivirus - ok
19:01:11.0515 4012 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:01:11.0531 4012 Beep - ok
19:01:11.0765 4012 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
19:01:12.0312 4012 BITS - ok
19:01:12.0375 4012 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
19:01:12.0375 4012 Browser - ok
19:01:13.0093 4012 catchme - ok
19:01:13.0484 4012 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:01:13.0593 4012 cbidf2k - ok
19:01:13.0593 4012 cd20xrnt - ok
19:01:13.0812 4012 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:01:13.0828 4012 Cdaudio - ok
19:01:13.0921 4012 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:01:13.0953 4012 Cdfs - ok
19:01:14.0015 4012 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:01:14.0062 4012 Cdrom - ok
19:01:14.0062 4012 Changer - ok
19:01:14.0125 4012 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:01:14.0140 4012 CiSvc - ok
19:01:14.0171 4012 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:01:14.0187 4012 ClipSrv - ok
19:01:15.0234 4012 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:01:15.0843 4012 clr_optimization_v2.0.50727_32 - ok
19:01:15.0968 4012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:01:16.0078 4012 clr_optimization_v4.0.30319_32 - ok
19:01:16.0078 4012 CmdIde - ok
19:01:16.0093 4012 COMSysApp - ok
19:01:16.0093 4012 Cpqarray - ok
19:01:16.0156 4012 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:01:16.0171 4012 CryptSvc - ok
19:01:16.0187 4012 dac2w2k - ok
19:01:16.0187 4012 dac960nt - ok
19:01:16.0359 4012 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:01:16.0421 4012 DcomLaunch - ok
19:01:16.0718 4012 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:01:16.0765 4012 Dhcp - ok
19:01:16.0953 4012 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:01:16.0984 4012 Disk - ok
19:01:16.0984 4012 dmadmin - ok
19:01:19.0218 4012 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:01:19.0687 4012 dmboot - ok
19:01:19.0750 4012 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:01:19.0843 4012 dmio - ok
19:01:20.0171 4012 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:01:20.0187 4012 dmload - ok
19:01:20.0234 4012 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:01:20.0250 4012 dmserver - ok
19:01:20.0296 4012 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:01:20.0328 4012 DMusic - ok
19:01:20.0500 4012 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:01:20.0531 4012 Dnscache - ok
19:01:20.0656 4012 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:01:20.0765 4012 Dot3svc - ok
19:01:20.0765 4012 dpti2o - ok
19:01:20.0890 4012 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:01:20.0921 4012 drmkaud - ok
19:01:21.0421 4012 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:01:21.0421 4012 dtsoftbus01 - ok
19:01:21.0546 4012 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:01:21.0578 4012 EapHost - ok
19:01:22.0390 4012 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
19:01:22.0390 4012 EPSON_EB_RPCV4_01 - ok
19:01:22.0421 4012 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
19:01:22.0421 4012 EPSON_PM_RPCV4_01 - ok
19:01:22.0468 4012 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:01:22.0515 4012 ERSvc - ok
19:01:22.0609 4012 [ E5030E34DE21A6818E8586BFB7DD4B60 ] ET5Drv C:\WINDOWS\system32\Drivers\ET5Drv.sys
19:01:22.0703 4012 ET5Drv - ok
19:01:22.0828 4012 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
19:01:22.0828 4012 Eventlog - ok
19:01:23.0265 4012 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
19:01:23.0281 4012 EventSystem - ok
19:01:23.0484 4012 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:01:23.0578 4012 Fastfat - ok
19:01:23.0859 4012 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:01:24.0046 4012 FastUserSwitchingCompatibility - ok
19:01:24.0109 4012 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:01:24.0140 4012 Fdc - ok
19:01:24.0171 4012 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:01:24.0171 4012 Fips - ok
19:01:24.0218 4012 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:01:24.0250 4012 Flpydisk - ok
19:01:25.0140 4012 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:01:25.0203 4012 FltMgr - ok
19:01:25.0375 4012 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:01:25.0453 4012 FontCache3.0.0.0 - ok
19:01:25.0953 4012 [ 8AC0C46BC52F652143582610561D2EA2 ] Freemake Improver C:\Documents and Settings\All Users\Data aplikací\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
19:01:25.0953 4012 Freemake Improver - ok
19:01:26.0031 4012 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:01:26.0046 4012 Fs_Rec - ok
19:01:26.0328 4012 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:01:26.0375 4012 Ftdisk - ok
19:01:26.0453 4012 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
19:01:28.0468 4012 gdrv - ok
19:01:29.0312 4012 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:01:29.0343 4012 Gpc - ok
19:01:30.0078 4012 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:01:30.0078 4012 gupdate - ok
19:01:30.0093 4012 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:01:30.0109 4012 gupdatem - ok
19:01:30.0656 4012 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:01:30.0656 4012 HDAudBus - ok
19:01:32.0937 4012 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:01:32.0968 4012 helpsvc - ok
19:01:32.0968 4012 HidServ - ok
19:01:33.0703 4012 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:01:33.0734 4012 HidUsb - ok
19:01:34.0734 4012 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:01:34.0781 4012 hkmsvc - ok
19:01:34.0781 4012 hpn - ok
19:01:36.0281 4012 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:01:36.0281 4012 HTTP - ok
19:01:36.0562 4012 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:01:36.0578 4012 HTTPFilter - ok
19:01:36.0593 4012 i2omgmt - ok
19:01:36.0593 4012 i2omp - ok
19:01:37.0203 4012 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:01:37.0218 4012 i8042prt - ok
19:01:37.0828 4012 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:01:38.0312 4012 idsvc - ok
19:01:38.0343 4012 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:01:38.0375 4012 Imapi - ok
19:01:38.0593 4012 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:01:38.0593 4012 ImapiService - ok
19:01:38.0593 4012 ini910u - ok
19:01:41.0500 4012 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:01:41.0515 4012 IntcAzAudAddService - ok
19:01:41.0531 4012 IntelIde - ok
19:01:41.0656 4012 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:01:41.0687 4012 intelppm - ok
19:01:41.0843 4012 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:01:41.0906 4012 Ip6Fw - ok
19:01:43.0984 4012 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:01:44.0015 4012 IpFilterDriver - ok
19:01:44.0093 4012 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:01:44.0109 4012 IpInIp - ok
19:01:44.0187 4012 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:01:44.0234 4012 IpNat - ok
19:01:44.0296 4012 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:01:44.0343 4012 IPSec - ok
19:01:44.0875 4012 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:01:44.0906 4012 IRENUM - ok
19:01:45.0250 4012 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:01:45.0343 4012 isapnp - ok
19:01:45.0921 4012 [ A195C4FC49492928E8296B8C4AB00517 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:01:45.0921 4012 ISWKL - ok
19:01:46.0390 4012 [ E78EACA70B4E0C260E4B32972B7086AC ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
19:01:46.0390 4012 IswSvc - ok
19:01:46.0453 4012 [ AB95B2DDB49F6B6CF52625E56C1F1F71 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
19:01:46.0468 4012 JRAID - ok
19:01:46.0515 4012 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:01:46.0562 4012 Kbdclass - ok
19:01:46.0609 4012 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
19:01:46.0625 4012 KL1 - ok
19:01:46.0656 4012 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
19:01:46.0656 4012 kl2 - ok
19:01:46.0828 4012 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
19:01:46.0828 4012 KLIF - ok
19:01:46.0921 4012 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:01:46.0937 4012 kmixer - ok
19:01:47.0000 4012 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:01:47.0046 4012 KSecDD - ok
19:01:47.0125 4012 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:01:47.0156 4012 LanmanServer - ok
19:01:47.0265 4012 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:01:47.0296 4012 lanmanworkstation - ok
19:01:47.0296 4012 lbrtfdc - ok
19:01:47.0359 4012 [ 4DD47B5AF0B24871EBB9EFC012A7474E ] LgBttPort C:\WINDOWS\system32\DRIVERS\lgbtport.sys
19:01:47.0375 4012 LgBttPort - ok
19:01:47.0453 4012 [ 1D038CA6C529203087A990E5E97887B4 ] lgbusenum C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
19:01:47.0468 4012 lgbusenum - ok
19:01:47.0515 4012 [ 26F1976A330195D62A6224C76968CF0D ] LGVMODEM C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
19:01:47.0531 4012 LGVMODEM - ok
19:01:47.0609 4012 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:01:47.0625 4012 LmHosts - ok
19:01:47.0875 4012 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:01:47.0906 4012 Messenger - ok
19:01:48.0031 4012 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:01:48.0046 4012 mnmdd - ok
19:01:48.0078 4012 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:01:48.0093 4012 mnmsrvc - ok
19:01:48.0125 4012 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:01:48.0156 4012 Modem - ok
19:01:48.0203 4012 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:01:48.0218 4012 Mouclass - ok
19:01:48.0250 4012 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:01:48.0265 4012 mouhid - ok
19:01:48.0296 4012 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:01:48.0312 4012 MountMgr - ok
19:01:48.0406 4012 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:01:48.0406 4012 MozillaMaintenance - ok
19:01:48.0406 4012 mraid35x - ok
19:01:48.0484 4012 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:01:48.0515 4012 MRxDAV - ok
19:01:48.0546 4012 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:01:48.0593 4012 MRxSmb - ok
19:01:48.0625 4012 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:01:48.0656 4012 MSDTC - ok
19:01:48.0703 4012 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:01:48.0703 4012 Msfs - ok
19:01:48.0703 4012 MSIServer - ok
19:01:48.0750 4012 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:01:48.0750 4012 MSKSSRV - ok
19:01:48.0781 4012 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:01:48.0781 4012 MSPCLOCK - ok
19:01:48.0781 4012 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:01:48.0781 4012 MSPQM - ok
19:01:48.0828 4012 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:01:48.0828 4012 mssmbios - ok
19:01:48.0843 4012 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:01:48.0843 4012 Mup - ok
19:01:48.0875 4012 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:01:48.0906 4012 napagent - ok
19:01:48.0984 4012 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:01:49.0281 4012 NDIS - ok
19:01:49.0328 4012 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:01:49.0343 4012 NdisTapi - ok
19:01:49.0406 4012 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:01:49.0437 4012 Ndisuio - ok
19:01:49.0468 4012 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:01:49.0500 4012 NdisWan - ok
19:01:49.0515 4012 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:01:49.0515 4012 NDProxy - ok
19:01:49.0562 4012 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:01:49.0562 4012 NetBIOS - ok
19:01:49.0609 4012 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:01:49.0640 4012 NetBT - ok
19:01:49.0703 4012 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:01:49.0734 4012 NetDDE - ok
19:01:49.0750 4012 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:01:49.0765 4012 NetDDEdsdm - ok
19:01:49.0796 4012 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:01:49.0812 4012 Netlogon - ok
19:01:50.0140 4012 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
19:01:50.0156 4012 Netman - ok
19:01:50.0437 4012 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:01:50.0515 4012 NetTcpPortSharing - ok
19:01:50.0734 4012 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:01:50.0781 4012 NIC1394 - ok
19:01:50.0875 4012 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
19:01:50.0906 4012 Nla - ok
19:01:50.0953 4012 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
19:01:50.0984 4012 nmwcd - ok
19:01:51.0000 4012 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:01:51.0015 4012 nmwcdc - ok
19:01:51.0031 4012 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:01:51.0062 4012 Npfs - ok
19:01:51.0312 4012 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:01:51.0328 4012 Ntfs - ok
19:01:51.0375 4012 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:01:51.0375 4012 NtLmSsp - ok
19:01:51.0453 4012 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:01:51.0718 4012 NtmsSvc - ok
19:01:51.0765 4012 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:01:51.0812 4012 Null - ok
19:01:52.0218 4012 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:01:52.0234 4012 NwlnkFlt - ok
19:01:52.0234 4012 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:01:52.0250 4012 NwlnkFwd - ok
19:01:52.0265 4012 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:01:52.0312 4012 ohci1394 - ok
19:01:53.0078 4012 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:01:53.0203 4012 ose - ok
19:01:53.0281 4012 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:01:53.0296 4012 Parport - ok
19:01:53.0328 4012 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:01:53.0359 4012 PartMgr - ok
19:01:53.0437 4012 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:01:53.0437 4012 ParVdm - ok
19:01:53.0515 4012 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:01:53.0546 4012 pccsmcfd - ok
19:01:53.0640 4012 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:01:53.0656 4012 PCI - ok
19:01:53.0656 4012 PCIDump - ok
19:01:53.0656 4012 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:01:53.0671 4012 PCIIde - ok
19:01:53.0734 4012 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:01:53.0750 4012 Pcmcia - ok
19:01:53.0750 4012 PDCOMP - ok
19:01:53.0750 4012 PDFRAME - ok
19:01:53.0750 4012 PDRELI - ok
19:01:53.0750 4012 PDRFRAME - ok
19:01:53.0750 4012 perc2 - ok
19:01:53.0765 4012 perc2hib - ok
19:01:53.0796 4012 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
19:01:53.0812 4012 PlugPlay - ok
19:01:53.0843 4012 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:01:53.0843 4012 PolicyAgent - ok
19:01:53.0890 4012 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:01:53.0906 4012 PptpMiniport - ok
19:01:53.0906 4012 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:01:53.0906 4012 ProtectedStorage - ok
19:01:53.0953 4012 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:01:53.0984 4012 PSched - ok
19:01:53.0984 4012 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:01:54.0000 4012 Ptilink - ok
19:01:54.0000 4012 ql1080 - ok
19:01:54.0000 4012 Ql10wnt - ok
19:01:54.0000 4012 ql12160 - ok
19:01:54.0000 4012 ql1240 - ok
19:01:54.0000 4012 ql1280 - ok
19:01:54.0046 4012 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:01:54.0062 4012 RasAcd - ok
19:01:54.0140 4012 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:01:54.0156 4012 RasAuto - ok
19:01:54.0187 4012 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:01:54.0187 4012 Rasl2tp - ok
19:01:54.0203 4012 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:01:54.0218 4012 RasMan - ok
19:01:54.0218 4012 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:01:54.0218 4012 RasPppoe - ok
19:01:54.0218 4012 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:01:54.0218 4012 Raspti - ok
19:01:54.0250 4012 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:01:54.0250 4012 Rdbss - ok
19:01:54.0265 4012 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:01:54.0281 4012 RDPCDD - ok
19:01:54.0390 4012 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:01:54.0421 4012 RDPWD - ok
19:01:54.0546 4012 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:01:54.0703 4012 RDSessMgr - ok
19:01:54.0781 4012 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:01:54.0812 4012 redbook - ok
19:01:55.0000 4012 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:01:55.0046 4012 RemoteAccess - ok
19:01:55.0125 4012 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:01:55.0203 4012 RpcLocator - ok
19:01:55.0312 4012 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:01:55.0328 4012 RpcSs - ok
19:01:55.0359 4012 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:01:55.0468 4012 RSVP - ok
19:01:55.0531 4012 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:01:55.0578 4012 RTLE8023xp - ok
19:01:55.0609 4012 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
19:01:55.0609 4012 SamSs - ok
19:01:55.0671 4012 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:01:55.0703 4012 SCardSvr - ok
19:01:55.0812 4012 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:01:55.0843 4012 Schedule - ok
19:01:55.0859 4012 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:01:55.0890 4012 Secdrv - ok
19:01:55.0953 4012 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:01:55.0968 4012 seclogon - ok
19:01:56.0015 4012 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
19:01:56.0031 4012 SENS - ok
19:01:56.0031 4012 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:01:56.0046 4012 serenum - ok
19:01:56.0078 4012 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:01:56.0109 4012 Serial - ok
19:01:56.0343 4012 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:01:56.0359 4012 ServiceLayer - ok
19:01:56.0406 4012 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:01:56.0421 4012 Sfloppy - ok
19:01:56.0546 4012 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:01:56.0593 4012 SharedAccess - ok
19:01:56.0625 4012 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:01:56.0640 4012 ShellHWDetection - ok
19:01:56.0640 4012 Simbad - ok
19:01:56.0640 4012 Sparrow - ok
19:01:56.0671 4012 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:01:56.0703 4012 splitter - ok
19:01:56.0812 4012 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:01:56.0812 4012 Spooler - ok
19:01:57.0171 4012 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:01:57.0187 4012 sr - ok
19:01:57.0218 4012 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
19:01:57.0312 4012 srservice - ok
19:01:57.0500 4012 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:01:57.0500 4012 Srv - ok
19:01:57.0578 4012 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:01:57.0578 4012 SSDPSRV - ok
19:01:57.0609 4012 Steam Client Service - ok
19:01:57.0703 4012 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:01:57.0718 4012 stisvc - ok
19:01:57.0734 4012 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:01:57.0765 4012 swenum - ok
19:01:57.0781 4012 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:01:57.0796 4012 swmidi - ok
19:01:57.0796 4012 SwPrv - ok
19:01:57.0796 4012 symc810 - ok
19:01:57.0796 4012 symc8xx - ok
19:01:57.0796 4012 sym_hi - ok
19:01:57.0796 4012 sym_u3 - ok
19:01:57.0828 4012 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:01:57.0843 4012 sysaudio - ok
19:01:57.0906 4012 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:01:57.0937 4012 SysmonLog - ok
19:01:58.0031 4012 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:01:58.0062 4012 TapiSrv - ok
19:01:58.0265 4012 [ 4AFB3B0919649F95C1964AA1FAD27D73 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:01:58.0468 4012 Tcpip - ok
19:01:59.0062 4012 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:01:59.0171 4012 TDPIPE - ok
19:01:59.0203 4012 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:01:59.0250 4012 TDTCP - ok
19:01:59.0562 4012 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:01:59.0562 4012 TermDD - ok
19:01:59.0718 4012 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
19:01:59.0734 4012 TermService - ok
19:01:59.0765 4012 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:01:59.0765 4012 Themes - ok
19:01:59.0781 4012 TosIde - ok
19:01:59.0796 4012 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:01:59.0843 4012 TrkWks - ok
19:01:59.0906 4012 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:01:59.0906 4012 Udfs - ok
19:01:59.0906 4012 ultra - ok
19:02:00.0500 4012 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:02:00.0515 4012 Update - ok
19:02:00.0687 4012 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
19:02:00.0703 4012 upnphost - ok
19:02:00.0765 4012 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:02:00.0781 4012 upperdev - ok
19:02:00.0828 4012 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
19:02:00.0859 4012 UPS - ok
19:02:00.0984 4012 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
19:02:01.0015 4012 usbbus - ok
19:02:01.0062 4012 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:02:01.0218 4012 usbccgp - ok
19:02:01.0250 4012 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
19:02:01.0296 4012 UsbDiag - ok
19:02:01.0453 4012 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:02:01.0453 4012 usbehci - ok
19:02:01.0531 4012 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:02:01.0734 4012 usbhub - ok
19:02:01.0781 4012 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
19:02:01.0843 4012 USBModem - ok
19:02:01.0937 4012 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:02:01.0953 4012 usbprint - ok
19:02:02.0000 4012 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:02:02.0015 4012 usbscan - ok
19:02:02.0078 4012 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
19:02:02.0093 4012 usbser - ok
19:02:02.0125 4012 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:02:02.0156 4012 UsbserFilt - ok
19:02:02.0171 4012 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:02:02.0187 4012 USBSTOR - ok
19:02:02.0250 4012 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:02:02.0281 4012 usbuhci - ok
19:02:02.0296 4012 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:02:02.0328 4012 VgaSave - ok
19:02:02.0328 4012 ViaIde - ok
19:02:02.0390 4012 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:02:02.0390 4012 VolSnap - ok
19:02:03.0359 4012 [ 8576A595D3C7DBB8768BEEF50381A141 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
19:02:03.0359 4012 Vsdatant - ok
19:02:04.0609 4012 vsmon - ok
19:02:05.0296 4012 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
19:02:05.0375 4012 VSS - ok
19:02:05.0500 4012 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
19:02:05.0562 4012 W32Time - ok
19:02:05.0640 4012 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:02:05.0656 4012 Wanarp - ok
19:02:05.0812 4012 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:02:05.0968 4012 Wdf01000 - ok
19:02:05.0968 4012 WDICA - ok
19:02:06.0093 4012 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:02:06.0109 4012 wdmaud - ok
19:02:06.0234 4012 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:02:06.0250 4012 WebClient - ok
19:02:06.0468 4012 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:02:06.0531 4012 winmgmt - ok
19:02:06.0625 4012 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:02:06.0640 4012 WmdmPmSN - ok
19:02:07.0375 4012 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:02:07.0421 4012 WmiApSrv - ok
19:02:09.0312 4012 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:02:10.0171 4012 WPFFontCache_v0400 - ok
19:02:10.0640 4012 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:02:10.0671 4012 WS2IFSL - ok
19:02:10.0703 4012 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:02:10.0796 4012 wscsvc - ok
19:02:10.0953 4012 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:02:11.0000 4012 wuauserv - ok
19:02:11.0078 4012 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:02:11.0109 4012 WudfPf - ok
19:02:11.0203 4012 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:02:11.0453 4012 WudfRd - ok
19:02:11.0843 4012 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:02:11.0859 4012 WudfSvc - ok
19:02:12.0968 4012 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:02:13.0234 4012 WZCSVC - ok
19:02:13.0390 4012 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:02:13.0703 4012 xmlprov - ok
19:02:13.0703 4012 ================ Scan global ===============================
19:02:14.0031 4012 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
19:02:14.0500 4012 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:02:14.0625 4012 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:02:14.0656 4012 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
19:02:14.0671 4012 [Global] - ok
19:02:14.0671 4012 ================ Scan MBR ==================================
19:02:14.0703 4012 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:02:14.0984 4012 \Device\Harddisk0\DR0 - ok
19:02:15.0406 4012 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
19:02:30.0109 4012 \Device\Harddisk1\DR1 - ok
19:02:30.0109 4012 ================ Scan VBR ==================================
19:02:30.0140 4012 [ 0F803269A94C0C843CD86A4D737395ED ] \Device\Harddisk0\DR0\Partition1
19:02:30.0140 4012 \Device\Harddisk0\DR0\Partition1 - ok
19:02:30.0171 4012 [ 1DB6E95C99FDF05C3D4ABEB741B33DE2 ] \Device\Harddisk1\DR1\Partition1
19:02:30.0218 4012 \Device\Harddisk1\DR1\Partition1 - ok
19:02:30.0218 4012 ============================================================
19:02:30.0218 4012 Scan finished
19:02:30.0218 4012 ============================================================
19:02:30.0218 0232 Detected object count: 0
19:02:30.0218 0232 Actual detected object count: 0
19:04:08.0812 3372 Deinitialize success

#9 Příspěvek od **Rudy** » 11 zář 2012 18:57

TDSSKiller nic nenašel. Zkuste toto:

Otevřte poznámkový blok a zkopírujte do něj:

FCopy::
c:\windows\$NtUninstallKB2509553$\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Po restartu PC stáhněte tuto utilitu: http://www2.gmer.net/mbr/mbr.exe a uložte na plochu. Potom Start>spustit>(napsat) "%userprofile%\plocha\mbr" -t -s (i s uvozovkami)>OK. Dejte log.

#10 Příspěvek od **motji** » 24 zář 2012 00:02

Jak to tu vypadá?

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu