Prosím o kontrolu

Zpráva

PabloPicasso · #16 Příspěvek od **PabloPicasso** » 20 úno 2013 23:00

Dobrý večer....
dnes mi avira ještě detekovala todle:

#17 Příspěvek od **Márty84** » 21 úno 2013 03:18

Detekuje neco v bodech obnovy, takze je vymazte http://forum.viry.cz/viewtopic.php?f=46&t=47040

Co ten CF?

PabloPicasso · #18 Příspěvek od **PabloPicasso** » 25 úno 2013 15:13

Dobrý den.

Snažím se spustit ten combofix, ale pořád se mi nedaří vypnout aviru. Tak sem pc spustil v nouzovém režimu, ale když spustím combofix tak mi stejně po chvíli vyskočí tadle hláška: viz sken obrazovky

ať se snažím jak chci tak tu aviru desktop v nouzovém režimu nevidím zapnutou tak ani netuším jak jí vypnout

#19 Příspěvek od **Márty84** » 25 úno 2013 18:55

Spustte CF v nouzovem rezimu, tam by do toho antivir nemel kecat

PabloPicasso · #20 Příspěvek od **PabloPicasso** » 25 úno 2013 20:54

log z combofixu:

ComboFix 13-02-24.01 - Administrator 25.02.2013 20:39:42.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.42 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-25 do 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-19 22:42 . 2013-02-25 14:13 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\XnView
2013-02-19 22:41 . 2013-02-19 22:41 -------- d-----w- c:\program files\XnView
2013-02-19 21:04 . 2013-02-19 21:05 -------- d-----w- c:\program files\HD Tune
2013-02-18 20:11 . 2013-02-18 20:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-13 20:19 . 2013-02-13 20:19 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2013-02-13 20:18 . 2013-02-13 20:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-11 22:06 . 2013-02-11 22:06 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2013-02-11 21:52 . 2013-02-11 21:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\CheckPoint
2013-02-11 21:49 . 2013-02-11 21:51 -------- d-----w- c:\program files\CheckPoint
2013-02-11 21:29 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-02-11 21:29 . 2013-02-11 21:29 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2013-02-11 21:29 . 2013-02-25 18:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2013-02-11 21:25 . 2013-02-11 21:30 -------- d-----w- c:\program files\Spyware Terminator
2013-02-11 21:19 . 2013-02-11 21:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
2013-02-11 20:55 . 2013-02-11 21:07 -------- d-----w- c:\program files\trend micro
2013-02-11 20:55 . 2013-02-11 20:55 -------- d-----w- C:\rsit
2013-02-11 20:32 . 2013-02-11 20:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Secunia PSI
2013-02-11 20:31 . 2013-02-11 20:31 -------- d-----w- c:\program files\Secunia
2013-02-10 10:30 . 2013-02-10 10:30 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-05 21:32 . 2013-02-05 21:28 724992 ----a-w- c:\windows\iun6002.exe
2013-02-05 21:11 . 2013-02-05 21:11 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\FastStone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 10:30 . 2012-05-13 20:39 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 10:30 . 2012-05-13 20:39 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-09 14:30 . 2012-12-08 21:12 9479623 ----a-w- c:\windows\system32\Akrem studio_Akrem studio_uninstaller.exe
2013-01-22 11:51 . 2013-01-22 11:50 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-07 196608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-01-14 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-01-14 3674248]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SkypeUpdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.5.2012 21:19 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.6.2012 10:52 242240]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [11.2.2013 22:29 32768]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 12:55 85344]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13.5.2012 21:19 86224]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [22.11.2012 15:33 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [22.11.2012 15:33 497320]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [11.2.2013 22:28 587912]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [13.5.2012 22:20 1714176]
S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [25.11.2012 23:28 31140]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.2.2013 21:11 40776]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 10:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\bboak6le.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - ExtSQL: 2013-02-11 22:52; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-25 20:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-1757981266-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,52,cd,7b,e1,99,ae,4d,83,14,51,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,52,cd,7b,e1,99,ae,4d,83,14,51,\
.
[HKEY_USERS\S-1-5-21-1645522239-1757981266-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3a,a4,20,35,68,2e,bd,ff,ee,dc,e7,ac,20,8e,05,f9,99,57,bb,17,3f,89,cd,
02,93,c3,d4,4e,49,d3,3f,63,93,83,cb,37,24,ad,57,2c,14,57,e4,77,6f,63,c4,b1,\
"??"=hex:1e,c8,fa,44,6e,c9,61,10,4a,b7,4e,64,42,36,e7,9a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(792)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Celkový čas: 2013-02-25 20:51:26
ComboFix-quarantined-files.txt 2013-02-25 19:51
.
Před spuštěním: 9 246 093 312
Po spuštění: 9 208 426 496
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 8DC11355EF399A1DF94D2DFCDBBCC73B

#21 Příspěvek od **Márty84** » 26 úno 2013 02:50

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Regnull::
[HKEY_USERS\S-1-5-21-1645522239-1757981266-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

RegLock::
[HKEY_USERS\S-1-5-21-1645522239-1757981266-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

PabloPicasso · #22 Příspěvek od **PabloPicasso** » 27 úno 2013 20:14

log z combofix:

ComboFix 13-02-24.01 - Administrator 27.02.2013 19:39:59.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.287 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-27 do 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-26 22:30 . 2013-02-26 22:30 16473456 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-19 22:42 . 2013-02-25 14:13 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\XnView
2013-02-19 22:41 . 2013-02-19 22:41 -------- d-----w- c:\program files\XnView
2013-02-19 21:04 . 2013-02-19 21:05 -------- d-----w- c:\program files\HD Tune
2013-02-18 20:11 . 2013-02-18 20:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-13 20:19 . 2013-02-13 20:19 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2013-02-13 20:18 . 2013-02-13 20:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-11 22:06 . 2013-02-11 22:06 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2013-02-11 21:52 . 2013-02-11 21:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\CheckPoint
2013-02-11 21:49 . 2013-02-11 21:51 -------- d-----w- c:\program files\CheckPoint
2013-02-11 21:29 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-02-11 21:29 . 2013-02-11 21:29 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2013-02-11 21:29 . 2013-02-27 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2013-02-11 21:25 . 2013-02-11 21:30 -------- d-----w- c:\program files\Spyware Terminator
2013-02-11 21:19 . 2013-02-11 21:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
2013-02-11 20:55 . 2013-02-11 21:07 -------- d-----w- c:\program files\trend micro
2013-02-11 20:55 . 2013-02-11 20:55 -------- d-----w- C:\rsit
2013-02-11 20:32 . 2013-02-11 20:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Secunia PSI
2013-02-11 20:31 . 2013-02-11 20:31 -------- d-----w- c:\program files\Secunia
2013-02-05 21:11 . 2013-02-05 21:11 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\FastStone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 22:30 . 2012-05-13 20:39 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-26 22:30 . 2012-05-13 20:39 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-09 14:30 . 2012-12-08 21:12 9479623 ----a-w- c:\windows\system32\Akrem studio_Akrem studio_uninstaller.exe
2013-01-22 11:51 . 2013-01-22 11:50 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-07 196608]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-01-14 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-01-14 3674248]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]
"ISW"="" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SkypeUpdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 22:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\bboak6le.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - ExtSQL: 2013-02-11 22:52; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Zuma_Deluxe!_1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3324)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-02-27 20:12:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-27 19:12
ComboFix2.txt 2013-02-25 19:51
.
Před spuštěním: Volných bajtů: 10 821 361 664
Po spuštění: Volných bajtů: 10 807 181 312
.
- - End Of File - - 8E35C8F0A6D3CA67AE082F40996A96DD

#23 Příspěvek od **Márty84** » 28 úno 2013 02:36

Dejte novy log z RSIT

PabloPicasso · #24 Příspěvek od **PabloPicasso** » 28 úno 2013 17:50

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-02-28 17:48:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (18%) free of 57 GB
Total RAM: 446 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:49:53, on 28.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9FB232C5-6909-4F81-99B4-BAB4998940F2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6952971484
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 7013 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\bboak6le.default

prefs.js - "browser.startup.homepage" - "www.google.cz"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.171 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm LTD Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@MagellanGPS.com/CommunicationPlugin]
"Description"=Magellan Communication Plug-In for Firefox
"Path"=C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\bboak6le.default\extensions\
DeviceDetection@logitech.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22 603816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22 603816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-11 344064]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-08-12 348664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-12-07 196608]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2013-01-14 2777736]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2013-01-14 3674248]
"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2013-01-29 73832]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2012-11-22 738984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2008-05-02 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SkypeUpdate"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe"="C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2013-02-27 20:12:35 ----A---- C:\ComboFix.txt
2013-02-27 19:56:53 ----D---- C:\WINDOWS\temp
2013-02-26 23:30:22 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-02-25 20:35:36 ----A---- C:\Boot.bak
2013-02-25 20:35:28 ----RASHD---- C:\cmdcons
2013-02-25 20:21:30 ----A---- C:\WINDOWS\zip.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\SWSC.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\SWREG.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\sed.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\PEV.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\NIRCMD.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\MBR.exe
2013-02-25 20:21:30 ----A---- C:\WINDOWS\grep.exe
2013-02-25 14:56:11 ----D---- C:\Qoobox
2013-02-25 14:55:18 ----D---- C:\WINDOWS\erdnt
2013-02-25 14:52:04 ----A---- C:\WINDOWS\ntbtlog.txt
2013-02-19 23:42:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\XnView
2013-02-19 23:41:39 ----D---- C:\Program Files\XnView
2013-02-19 22:04:57 ----D---- C:\Program Files\HD Tune
2013-02-18 21:11:43 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2013-02-13 21:19:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2013-02-13 21:18:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-02-13 20:15:04 ----A---- C:\AdwCleaner[S1].txt
2013-02-12 21:26:53 ----A---- C:\AdwCleaner[R2].txt
2013-02-12 21:25:33 ----A---- C:\AdwCleaner[R1].txt
2013-02-11 22:52:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\CheckPoint
2013-02-11 22:49:17 ----D---- C:\Program Files\CheckPoint
2013-02-11 22:29:07 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2013-02-11 22:29:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2013-02-11 22:29:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2013-02-11 22:25:14 ----D---- C:\Program Files\Spyware Terminator
2013-02-11 22:19:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\CheckPoint
2013-02-11 21:55:20 ----D---- C:\Program Files\trend micro
2013-02-11 21:55:12 ----D---- C:\rsit
2013-02-11 21:31:33 ----D---- C:\Program Files\Secunia
2013-02-05 22:22:49 ----A---- C:\WINDOWS\popcinfo.dat
2013-02-05 22:16:49 ----A---- C:\WINDOWS\d3dx.dat
2013-02-05 22:11:58 ----D---- C:\Documents and Settings\Administrator\Data aplikací\FastStone
2013-01-29 20:35:36 ----A---- C:\WINDOWS\system32\vsdatant.sys

======List of files/folders modified in the last 1 month======

2013-02-28 17:49:33 ----D---- C:\WINDOWS\Prefetch
2013-02-28 17:41:08 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-28 08:24:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-02-27 21:27:42 ----A---- C:\WINDOWS\wincmd.ini
2013-02-27 21:17:12 ----D---- C:\Program Files\Mozilla Firefox
2013-02-27 20:12:41 ----D---- C:\WINDOWS\system32\drivers
2013-02-27 20:01:36 ----D---- C:\WINDOWS
2013-02-27 20:01:36 ----A---- C:\WINDOWS\system.ini
2013-02-27 19:56:58 ----D---- C:\WINDOWS\system32\drivers\etc
2013-02-27 19:49:25 ----D---- C:\WINDOWS\system32
2013-02-27 19:49:25 ----D---- C:\WINDOWS\AppPatch
2013-02-27 19:49:21 ----D---- C:\Program Files\Common Files
2013-02-27 19:23:54 ----D---- C:\Program Files\The KMPlayer
2013-02-26 23:30:39 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-02-25 20:35:36 ----RASH---- C:\boot.ini
2013-02-25 12:54:27 ----SHD---- C:\WINDOWS\Installer
2013-02-25 12:54:27 ----D---- C:\Config.Msi
2013-02-21 21:15:27 ----SHD---- C:\System Volume Information
2013-02-21 21:15:27 ----D---- C:\WINDOWS\system32\Restore
2013-02-19 23:41:39 ----RD---- C:\Program Files
2013-02-19 23:30:13 ----D---- C:\WINDOWS\system32\NtmsData
2013-02-19 23:29:08 ----D---- C:\WINDOWS\Registration
2013-02-19 21:53:47 ----RSD---- C:\WINDOWS\assembly
2013-02-18 22:08:58 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Winamp
2013-02-18 18:38:57 ----D---- C:\Program Files\CCleaner
2013-02-12 21:22:08 ----D---- C:\!!! DATA
2013-02-11 22:52:19 ----D---- C:\WINDOWS\WinSxS
2013-02-11 21:46:20 ----D---- C:\Program Files\VideoLAN
2013-02-11 21:45:39 ----D---- C:\Program Files\StepMania
2013-02-11 21:31:45 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-05-14 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-06-20 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 Vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2013-01-29 527848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-05-14 83392]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-12 1414656]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-06-17 38144]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-06-17 352000]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hid8103;hid8103; C:\WINDOWS\system32\drivers\hid8103.sys [2007-09-21 31140]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Magellan eXplorist USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-14 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-12 393216]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 497320]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2013-01-14 587912]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2013-01-29 2447888]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 251248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-22 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#25 Příspěvek od **Márty84** » 01 bře 2013 09:55

Odinstalujte Spyware Terminatora. Muze dochazet ke kolizi s Avirou a navic mate strasne malou RAM, takze kazdy MB navic se hodi.

Vypnete na chvili antivir, at nebrani programku v praci.

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
MBAMSwissArmy
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

PabloPicasso · #26 Příspěvek od **PabloPicasso** » 04 bře 2013 22:39

Dobrý večer...

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1387150 bytes
->Temporary Internet Files folder emptied: 231116 bytes
->FireFox cache emptied: 71956992 bytes
->Flash cache emptied: 574 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66472 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 184 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1107775 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service MBAMSwissArmy stopped successfully!
Service MBAMSwissArmy deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 03042013_223157

Files moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCDF8.tmp moved successfully.
File C:\WINDOWS\temp\ZLT05828.TMP not found!

Registry entries deleted on Reboot...

#27 Příspěvek od **Márty84** » 05 bře 2013 04:34

Postupujte podle navodu kolegy

vyosek píše: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
Kliknete na volbu Change parametrs

V okne Additional Option zakliknete vsechny moznosti

Kliknete na OK

Utilite prikazte, at skenuje - klik na Start Scan

Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip

Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip

Pokud mate vsude Skip, kliknete na Continue

Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

PabloPicasso · #28 Příspěvek od **PabloPicasso** » 05 bře 2013 20:54

log z TDSSKILLER:

20:50:33.0734 2728 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:50:34.0328 2728 ============================================================
20:50:34.0328 2728 Current date / time: 2013/03/05 20:50:34.0328
20:50:34.0328 2728 SystemInfo:
20:50:34.0328 2728
20:50:34.0328 2728 OS Version: 5.1.2600 ServicePack: 3.0
20:50:34.0328 2728 Product type: Workstation
20:50:34.0328 2728 ComputerName: INSTAL
20:50:34.0328 2728 UserName: Administrator
20:50:34.0328 2728 Windows directory: C:\WINDOWS
20:50:34.0328 2728 System windows directory: C:\WINDOWS
20:50:34.0328 2728 Processor architecture: Intel x86
20:50:34.0328 2728 Number of processors: 1
20:50:34.0328 2728 Page size: 0x1000
20:50:34.0328 2728 Boot type: Normal boot
20:50:34.0328 2728 ============================================================
20:50:37.0218 2728 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E480, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF, Type 'K0', Flags 0x00000054
20:50:37.0234 2728 ============================================================
20:50:37.0234 2728 \Device\Harddisk0\DR0:
20:50:37.0234 2728 MBR partitions:
20:50:37.0234 2728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7890
20:50:37.0234 2728 ============================================================
20:50:37.0265 2728 C: <-> \Device\Harddisk0\DR0\Partition1
20:50:37.0281 2728 ============================================================
20:50:37.0281 2728 Initialize success
20:50:37.0281 2728 ============================================================
20:51:17.0250 3976 ============================================================
20:51:17.0250 3976 Scan started
20:51:17.0250 3976 Mode: Manual; SigCheck; TDLFS;
20:51:17.0250 3976 ============================================================
20:51:18.0703 3976 ================ Scan system memory ========================
20:51:18.0703 3976 System memory - ok
20:51:18.0703 3976 ================ Scan services =============================
20:51:18.0859 3976 [ F11D68E40ED62FDB7C460C445F1EC4E5 ] 602XML Updater C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
20:51:19.0062 3976 602XML Updater - ok
20:51:19.0140 3976 Abiosdsk - ok
20:51:19.0156 3976 abp480n5 - ok
20:51:19.0187 3976 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:51:19.0968 3976 ACPI - ok
20:51:20.0000 3976 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:51:20.0187 3976 ACPIEC - ok
20:51:20.0187 3976 adpu160m - ok
20:51:20.0281 3976 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:51:20.0500 3976 aec - ok
20:51:20.0578 3976 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:51:20.0703 3976 AFD - ok
20:51:20.0703 3976 Aha154x - ok
20:51:20.0718 3976 aic78u2 - ok
20:51:20.0718 3976 aic78xx - ok
20:51:20.0765 3976 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:51:20.0953 3976 Alerter - ok
20:51:20.0984 3976 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
20:51:21.0062 3976 ALG - ok
20:51:21.0078 3976 AliIde - ok
20:51:21.0093 3976 amsint - ok
20:51:21.0203 3976 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:51:21.0250 3976 AntiVirSchedulerService - ok
20:51:21.0296 3976 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:51:21.0312 3976 AntiVirService - ok
20:51:21.0343 3976 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:51:21.0484 3976 AppMgmt - ok
20:51:21.0609 3976 [ 8E2257584B2C52D44B4CB1949947D885 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
20:51:21.0812 3976 AR9271 - ok
20:51:21.0828 3976 asc - ok
20:51:21.0828 3976 asc3350p - ok
20:51:21.0843 3976 asc3550 - ok
20:51:21.0984 3976 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:51:22.0109 3976 aspnet_state - ok
20:51:22.0140 3976 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:51:22.0359 3976 AsyncMac - ok
20:51:22.0390 3976 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:51:22.0562 3976 atapi - ok
20:51:22.0593 3976 Atdisk - ok
20:51:22.0671 3976 [ 91FA52A79C87D1CD141C59844506A02B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:51:22.0750 3976 Ati HotKey Poller - ok
20:51:22.0812 3976 [ 956C7EC3A9DE96F785B829BEB41E3C3E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:51:23.0062 3976 ati2mtag - ok
20:51:23.0125 3976 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:51:23.0359 3976 Atmarpc - ok
20:51:23.0390 3976 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:51:23.0609 3976 AudioSrv - ok
20:51:23.0640 3976 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:51:23.0875 3976 audstub - ok
20:51:23.0953 3976 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:51:24.0109 3976 avgntflt - ok
20:51:24.0140 3976 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:51:24.0203 3976 avipbb - ok
20:51:24.0234 3976 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:51:24.0312 3976 avkmgr - ok
20:51:24.0375 3976 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:51:24.0625 3976 Beep - ok
20:51:24.0750 3976 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
20:51:25.0156 3976 BITS - ok
20:51:25.0203 3976 [ 249276D3EF1E74B992299CB96099E4D7 ] Browser C:\WINDOWS\System32\browser.dll
20:51:25.0500 3976 Browser - ok
20:51:25.0546 3976 [ CCE1F3C7C8E7383B90372229454999CF ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
20:51:25.0656 3976 CAMCAUD - ok
20:51:25.0718 3976 [ 9A3BBDE74DAB737EFA82DE7EF4B40BEA ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
20:51:25.0796 3976 CAMCHALA - ok
20:51:25.0828 3976 catchme - ok
20:51:25.0875 3976 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:51:26.0078 3976 cbidf2k - ok
20:51:26.0078 3976 cd20xrnt - ok
20:51:26.0125 3976 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:51:26.0343 3976 Cdaudio - ok
20:51:26.0375 3976 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:51:26.0609 3976 Cdfs - ok
20:51:26.0625 3976 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:51:26.0843 3976 Cdrom - ok
20:51:26.0859 3976 Changer - ok
20:51:26.0890 3976 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:51:27.0140 3976 CiSvc - ok
20:51:27.0187 3976 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:51:27.0390 3976 ClipSrv - ok
20:51:27.0453 3976 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:27.0625 3976 clr_optimization_v2.0.50727_32 - ok
20:51:27.0703 3976 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:51:27.0921 3976 CmBatt - ok
20:51:27.0937 3976 CmdIde - ok
20:51:27.0953 3976 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:51:28.0312 3976 Compbatt - ok
20:51:28.0312 3976 COMSysApp - ok
20:51:28.0343 3976 Cpqarray - ok
20:51:28.0375 3976 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:51:28.0609 3976 CryptSvc - ok
20:51:28.0625 3976 dac2w2k - ok
20:51:28.0640 3976 dac960nt - ok
20:51:28.0703 3976 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:51:28.0812 3976 DcomLaunch - ok
20:51:28.0859 3976 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:51:29.0093 3976 Dhcp - ok
20:51:29.0156 3976 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:51:29.0359 3976 Disk - ok
20:51:29.0375 3976 dmadmin - ok
20:51:29.0468 3976 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:51:29.0781 3976 dmboot - ok
20:51:29.0796 3976 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:51:30.0015 3976 dmio - ok
20:51:30.0031 3976 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:51:30.0250 3976 dmload - ok
20:51:30.0281 3976 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:51:30.0515 3976 dmserver - ok
20:51:30.0562 3976 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:51:30.0796 3976 DMusic - ok
20:51:30.0859 3976 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:51:30.0984 3976 Dnscache - ok
20:51:31.0046 3976 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:51:31.0281 3976 Dot3svc - ok
20:51:31.0281 3976 dpti2o - ok
20:51:31.0328 3976 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:51:31.0562 3976 drmkaud - ok
20:51:31.0640 3976 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
20:51:31.0687 3976 dtsoftbus01 - ok
20:51:31.0718 3976 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:51:31.0937 3976 EapHost - ok
20:51:31.0968 3976 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:51:32.0187 3976 ERSvc - ok
20:51:32.0218 3976 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
20:51:32.0250 3976 Eventlog - ok
20:51:32.0312 3976 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
20:51:32.0421 3976 EventSystem - ok
20:51:32.0468 3976 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:51:32.0734 3976 Fastfat - ok
20:51:32.0796 3976 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:51:32.0937 3976 FastUserSwitchingCompatibility - ok
20:51:32.0968 3976 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:51:33.0187 3976 Fdc - ok
20:51:33.0234 3976 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:51:33.0656 3976 Fips - ok
20:51:33.0656 3976 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:51:33.0875 3976 Flpydisk - ok
20:51:33.0906 3976 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:51:34.0187 3976 FltMgr - ok
20:51:34.0312 3976 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:51:34.0375 3976 FontCache3.0.0.0 - ok
20:51:34.0406 3976 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:51:34.0609 3976 Fs_Rec - ok
20:51:34.0640 3976 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:51:34.0859 3976 Ftdisk - ok
20:51:34.0921 3976 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:51:35.0203 3976 Gpc - ok
20:51:35.0281 3976 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:51:35.0484 3976 helpsvc - ok
20:51:35.0546 3976 [ 8AF6D0E83932084B9E83CD6CAD2A8F6D ] hid8103 C:\WINDOWS\system32\drivers\hid8103.sys
20:51:35.0609 3976 hid8103 ( UnsignedFile.Multi.Generic ) - warning
20:51:35.0609 3976 hid8103 - detected UnsignedFile.Multi.Generic (1)
20:51:35.0609 3976 HidServ - ok
20:51:35.0687 3976 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:51:35.0906 3976 hidusb - ok
20:51:35.0968 3976 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:51:36.0203 3976 hkmsvc - ok
20:51:36.0218 3976 hpn - ok
20:51:36.0281 3976 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:51:36.0343 3976 HTTP - ok
20:51:36.0375 3976 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:51:36.0578 3976 HTTPFilter - ok
20:51:36.0593 3976 i2omgmt - ok
20:51:36.0609 3976 i2omp - ok
20:51:36.0671 3976 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:51:36.0890 3976 i8042prt - ok
20:51:36.0953 3976 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:51:37.0140 3976 Imapi - ok
20:51:37.0187 3976 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:51:37.0375 3976 ImapiService - ok
20:51:37.0406 3976 ini910u - ok
20:51:37.0421 3976 IntelIde - ok
20:51:37.0437 3976 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:51:37.0625 3976 intelppm - ok
20:51:37.0656 3976 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:51:37.0859 3976 Ip6Fw - ok
20:51:37.0921 3976 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:51:38.0156 3976 IpFilterDriver - ok
20:51:38.0171 3976 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:51:38.0390 3976 IpInIp - ok
20:51:38.0421 3976 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:51:38.0625 3976 IpNat - ok
20:51:38.0656 3976 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:51:38.0875 3976 IPSec - ok
20:51:38.0953 3976 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:51:39.0093 3976 IRENUM - ok
20:51:39.0140 3976 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:51:39.0343 3976 isapnp - ok
20:51:39.0453 3976 [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
20:51:39.0500 3976 ISWKL - ok
20:51:39.0578 3976 [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
20:51:39.0640 3976 IswSvc - ok
20:51:39.0687 3976 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:51:39.0906 3976 Kbdclass - ok
20:51:39.0937 3976 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:51:40.0171 3976 kmixer - ok
20:51:40.0234 3976 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:51:40.0375 3976 KSecDD - ok
20:51:40.0421 3976 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:51:40.0546 3976 LanmanServer - ok
20:51:40.0609 3976 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:51:40.0703 3976 lanmanworkstation - ok
20:51:40.0718 3976 lbrtfdc - ok
20:51:40.0796 3976 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:51:40.0859 3976 LBTServ - ok
20:51:40.0890 3976 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:51:40.0937 3976 LHidFilt - ok
20:51:41.0015 3976 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:51:41.0281 3976 LmHosts - ok
20:51:41.0296 3976 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:51:41.0359 3976 LMouFilt - ok
20:51:41.0390 3976 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
20:51:41.0421 3976 LUsbFilt - ok
20:51:41.0468 3976 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:51:41.0687 3976 Messenger - ok
20:51:41.0796 3976 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:51:41.0968 3976 Microsoft Office Groove Audit Service - ok
20:51:42.0015 3976 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:51:42.0468 3976 mnmdd - ok
20:51:42.0515 3976 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:51:42.0968 3976 mnmsrvc - ok
20:51:43.0000 3976 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:51:43.0437 3976 Modem - ok
20:51:43.0484 3976 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:51:43.0781 3976 Mouclass - ok
20:51:43.0812 3976 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:51:44.0031 3976 mouhid - ok
20:51:44.0078 3976 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:51:44.0328 3976 MountMgr - ok
20:51:44.0437 3976 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:51:44.0500 3976 MozillaMaintenance - ok
20:51:44.0515 3976 mraid35x - ok
20:51:44.0562 3976 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:51:44.0812 3976 MRxDAV - ok
20:51:44.0968 3976 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:51:45.0093 3976 MRxSmb - ok
20:51:45.0140 3976 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:51:45.0375 3976 MSDTC - ok
20:51:45.0406 3976 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:51:45.0640 3976 Msfs - ok
20:51:45.0656 3976 MSIServer - ok
20:51:45.0734 3976 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:51:46.0218 3976 MSKSSRV - ok
20:51:46.0250 3976 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:51:46.0718 3976 MSPCLOCK - ok
20:51:46.0734 3976 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:51:47.0218 3976 MSPQM - ok
20:51:47.0265 3976 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:51:47.0703 3976 mssmbios - ok
20:51:47.0765 3976 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:51:47.0937 3976 Mup - ok
20:51:48.0046 3976 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:51:48.0546 3976 napagent - ok
20:51:48.0625 3976 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:51:49.0109 3976 NDIS - ok
20:51:49.0156 3976 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:51:49.0296 3976 NdisTapi - ok
20:51:49.0359 3976 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:51:49.0828 3976 Ndisuio - ok
20:51:49.0859 3976 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:51:50.0359 3976 NdisWan - ok
20:51:50.0437 3976 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:51:50.0609 3976 NDProxy - ok
20:51:50.0656 3976 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:51:50.0906 3976 NetBIOS - ok
20:51:50.0953 3976 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:51:51.0171 3976 NetBT - ok
20:51:51.0203 3976 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:51:51.0437 3976 NetDDE - ok
20:51:51.0437 3976 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:51:51.0625 3976 NetDDEdsdm - ok
20:51:51.0671 3976 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:51:51.0843 3976 Netlogon - ok
20:51:51.0890 3976 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
20:51:52.0109 3976 Netman - ok
20:51:52.0171 3976 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
20:51:52.0187 3976 Nla - ok
20:51:52.0250 3976 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:51:52.0453 3976 Npfs - ok
20:51:52.0500 3976 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:51:52.0765 3976 Ntfs - ok
20:51:52.0812 3976 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:51:52.0984 3976 NtLmSsp - ok
20:51:53.0031 3976 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:51:53.0281 3976 NtmsSvc - ok
20:51:53.0343 3976 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:51:53.0546 3976 Null - ok
20:51:53.0578 3976 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:51:53.0765 3976 NwlnkFlt - ok
20:51:53.0796 3976 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:51:54.0000 3976 NwlnkFwd - ok
20:51:54.0140 3976 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:51:54.0234 3976 odserv - ok
20:51:54.0328 3976 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:51:54.0406 3976 ose - ok
20:51:54.0468 3976 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:51:54.0671 3976 Parport - ok
20:51:54.0703 3976 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:51:54.0890 3976 PartMgr - ok
20:51:54.0937 3976 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:51:55.0156 3976 ParVdm - ok
20:51:55.0171 3976 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:51:55.0406 3976 PCI - ok
20:51:55.0421 3976 PCIDump - ok
20:51:55.0437 3976 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:51:55.0656 3976 PCIIde - ok
20:51:55.0687 3976 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:51:55.0906 3976 Pcmcia - ok
20:51:55.0906 3976 PDCOMP - ok
20:51:55.0921 3976 PDFRAME - ok
20:51:55.0937 3976 PDRELI - ok
20:51:55.0953 3976 PDRFRAME - ok
20:51:55.0968 3976 perc2 - ok
20:51:55.0984 3976 perc2hib - ok
20:51:56.0046 3976 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
20:51:56.0062 3976 PlugPlay - ok
20:51:56.0093 3976 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:51:56.0250 3976 PolicyAgent - ok
20:51:56.0296 3976 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:51:56.0484 3976 PptpMiniport - ok
20:51:56.0500 3976 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:51:56.0671 3976 ProtectedStorage - ok
20:51:56.0703 3976 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:51:56.0921 3976 PSched - ok
20:51:56.0953 3976 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:51:57.0156 3976 Ptilink - ok
20:51:57.0203 3976 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:51:57.0265 3976 PxHelp20 - ok
20:51:57.0281 3976 ql1080 - ok
20:51:57.0281 3976 Ql10wnt - ok
20:51:57.0296 3976 ql12160 - ok
20:51:57.0312 3976 ql1240 - ok
20:51:57.0328 3976 ql1280 - ok
20:51:57.0359 3976 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:51:57.0578 3976 RasAcd - ok
20:51:57.0609 3976 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:51:57.0812 3976 RasAuto - ok
20:51:57.0859 3976 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:51:58.0062 3976 Rasl2tp - ok
20:51:58.0109 3976 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:51:58.0328 3976 RasMan - ok
20:51:58.0343 3976 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:51:58.0546 3976 RasPppoe - ok
20:51:58.0578 3976 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:51:58.0781 3976 Raspti - ok
20:51:58.0812 3976 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:51:59.0031 3976 Rdbss - ok
20:51:59.0062 3976 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:51:59.0265 3976 RDPCDD - ok
20:51:59.0328 3976 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:51:59.0578 3976 rdpdr - ok
20:51:59.0640 3976 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:51:59.0734 3976 RDPWD - ok
20:51:59.0796 3976 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:52:00.0015 3976 RDSessMgr - ok
20:52:00.0046 3976 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:52:00.0265 3976 redbook - ok
20:52:00.0312 3976 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:52:00.0515 3976 RemoteAccess - ok
20:52:00.0578 3976 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:52:00.0765 3976 RemoteRegistry - ok
20:52:00.0781 3976 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:52:01.0015 3976 RpcLocator - ok
20:52:01.0078 3976 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:52:01.0109 3976 RpcSs - ok
20:52:01.0156 3976 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:52:01.0359 3976 RSVP - ok
20:52:01.0437 3976 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
20:52:01.0515 3976 RTL8023xp - ok
20:52:01.0562 3976 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:52:01.0765 3976 rtl8139 - ok
20:52:01.0796 3976 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
20:52:01.0968 3976 SamSs - ok
20:52:02.0000 3976 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:52:02.0203 3976 SCardSvr - ok
20:52:02.0265 3976 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:52:02.0500 3976 Schedule - ok
20:52:02.0531 3976 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:52:02.0640 3976 Secdrv - ok
20:52:02.0656 3976 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:52:02.0875 3976 seclogon - ok
20:52:02.0921 3976 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
20:52:03.0093 3976 SENS - ok
20:52:03.0125 3976 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:52:03.0343 3976 Serial - ok
20:52:03.0390 3976 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:52:03.0593 3976 Sfloppy - ok
20:52:03.0656 3976 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:52:03.0843 3976 SharedAccess - ok
20:52:03.0875 3976 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:52:03.0953 3976 ShellHWDetection - ok
20:52:03.0953 3976 Simbad - ok
20:52:03.0968 3976 Sparrow - ok
20:52:04.0046 3976 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:52:04.0250 3976 splitter - ok
20:52:04.0312 3976 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:52:04.0359 3976 Spooler - ok
20:52:04.0406 3976 [ 94610C8653635E4459316A0050D55CE7 ] Sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:52:04.0531 3976 Sr - ok
20:52:04.0546 3976 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
20:52:04.0671 3976 srservice - ok
20:52:04.0734 3976 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:52:04.0843 3976 Srv - ok
20:52:04.0875 3976 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:52:05.0015 3976 SSDPSRV - ok
20:52:05.0062 3976 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:52:05.0109 3976 ssmdrv - ok
20:52:05.0140 3976 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:52:05.0390 3976 stisvc - ok
20:52:05.0421 3976 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:52:05.0609 3976 swenum - ok
20:52:05.0687 3976 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:52:05.0906 3976 swmidi - ok
20:52:05.0906 3976 SwPrv - ok
20:52:05.0921 3976 symc810 - ok
20:52:05.0953 3976 symc8xx - ok
20:52:05.0968 3976 sym_hi - ok
20:52:05.0984 3976 sym_u3 - ok
20:52:06.0000 3976 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:52:06.0234 3976 sysaudio - ok
20:52:06.0296 3976 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:52:06.0531 3976 SysmonLog - ok
20:52:06.0578 3976 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:52:06.0796 3976 TapiSrv - ok
20:52:06.0828 3976 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:52:06.0968 3976 Tcpip - ok
20:52:07.0015 3976 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:52:07.0218 3976 TDPIPE - ok
20:52:07.0250 3976 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:52:07.0453 3976 TDTCP - ok
20:52:07.0484 3976 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:52:07.0687 3976 TermDD - ok
20:52:07.0734 3976 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
20:52:07.0984 3976 TermService - ok
20:52:08.0015 3976 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:52:08.0031 3976 Themes - ok
20:52:08.0062 3976 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:52:08.0187 3976 TlntSvr - ok
20:52:08.0203 3976 TosIde - ok
20:52:08.0218 3976 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:52:08.0468 3976 TrkWks - ok
20:52:08.0515 3976 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:52:08.0734 3976 Udfs - ok
20:52:08.0750 3976 ultra - ok
20:52:08.0843 3976 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:52:09.0078 3976 Update - ok
20:52:09.0125 3976 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
20:52:09.0281 3976 upnphost - ok
20:52:09.0296 3976 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
20:52:09.0515 3976 UPS - ok
20:52:09.0578 3976 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:52:09.0781 3976 usbccgp - ok
20:52:09.0812 3976 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:52:10.0015 3976 usbehci - ok
20:52:10.0046 3976 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:52:10.0265 3976 usbhub - ok
20:52:10.0312 3976 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:52:10.0515 3976 usbohci - ok
20:52:10.0593 3976 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:52:10.0796 3976 usbprint - ok
20:52:10.0859 3976 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:52:11.0062 3976 usbscan - ok
20:52:11.0109 3976 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
20:52:11.0328 3976 usbser - ok
20:52:11.0406 3976 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:52:11.0593 3976 USBSTOR - ok
20:52:11.0625 3976 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:52:11.0828 3976 VgaSave - ok
20:52:11.0843 3976 ViaIde - ok
20:52:11.0875 3976 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:52:12.0078 3976 VolSnap - ok
20:52:12.0140 3976 [ A006D9BC9118BDB4976FF04DC587EB2D ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
20:52:12.0250 3976 Vsdatant - ok
20:52:12.0312 3976 vsmon - ok
20:52:12.0343 3976 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
20:52:12.0484 3976 VSS - ok
20:52:12.0515 3976 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
20:52:12.0750 3976 W32Time - ok
20:52:12.0796 3976 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:52:13.0031 3976 Wanarp - ok
20:52:13.0093 3976 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:52:13.0171 3976 Wdf01000 - ok
20:52:13.0187 3976 WDICA - ok
20:52:13.0218 3976 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:52:13.0437 3976 wdmaud - ok
20:52:13.0484 3976 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:52:13.0687 3976 WebClient - ok
20:52:13.0765 3976 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:52:14.0015 3976 winmgmt - ok
20:52:14.0093 3976 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:52:14.0250 3976 WmdmPmSN - ok
20:52:14.0328 3976 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:52:14.0390 3976 Wmi - ok
20:52:14.0437 3976 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:52:14.0671 3976 WmiApSrv - ok
20:52:15.0187 3976 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:52:15.0359 3976 WMPNetworkSvc - ok
20:52:15.0421 3976 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:52:15.0609 3976 WS2IFSL - ok
20:52:15.0671 3976 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:52:15.0906 3976 wscsvc - ok
20:52:15.0953 3976 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:52:16.0125 3976 wuauserv - ok
20:52:16.0203 3976 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:52:16.0265 3976 WudfPf - ok
20:52:16.0296 3976 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:52:16.0375 3976 WudfRd - ok
20:52:16.0390 3976 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:52:16.0453 3976 WudfSvc - ok
20:52:16.0500 3976 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:52:16.0750 3976 WZCSVC - ok
20:52:16.0765 3976 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:52:17.0000 3976 xmlprov - ok
20:52:17.0000 3976 ================ Scan global ===============================
20:52:17.0031 3976 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
20:52:17.0109 3976 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
20:52:17.0218 3976 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
20:52:17.0234 3976 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
20:52:17.0234 3976 [Global] - ok
20:52:17.0250 3976 ================ Scan MBR ==================================
20:52:17.0265 3976 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
20:52:17.0578 3976 \Device\Harddisk0\DR0 - ok
20:52:17.0593 3976 ================ Scan VBR ==================================
20:52:17.0593 3976 [ 06926A31DFA318164723BB074AAB243D ] \Device\Harddisk0\DR0\Partition1
20:52:17.0593 3976 \Device\Harddisk0\DR0\Partition1 - ok
20:52:17.0609 3976 ============================================================
20:52:17.0609 3976 Scan finished
20:52:17.0609 3976 ============================================================
20:52:17.0734 3896 Detected object count: 1
20:52:17.0734 3896 Actual detected object count: 1
20:53:00.0859 3896 hid8103 ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:00.0859 3896 hid8103 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#29 Příspěvek od **Márty84** » 05 bře 2013 21:01

Zopakujte krok s RogueKillerem

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

PabloPicasso · #30 Příspěvek od **PabloPicasso** » 05 bře 2013 21:18

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Administrator [Práva správce]
Mód : Kontrola -- Datum : 03/05/2013 21:18:14
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\WINDOWS\system32\notepad.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x80567B6D -> HOOKED (Unknown @ 0xF7BBCF1C)
SSDT[41] : NtCreateKey @ 0x805737EF -> HOOKED (Unknown @ 0xF7BBCED6)
SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0xF7BBCECC)
SSDT[63] : NtDeleteKey @ 0x80595A22 -> HOOKED (Unknown @ 0xF7BBCEDB)
SSDT[65] : NtDeleteValueKey @ 0x80593642 -> HOOKED (Unknown @ 0xF7BBCEE5)
SSDT[98] : NtLoadKey @ 0x805ADC0B -> HOOKED (Unknown @ 0xF7BBCEEA)
SSDT[177] : NtQueryValueKey @ 0x8056A499 -> HOOKED (Unknown @ 0xF7BBCF3F)
SSDT[193] : NtReplaceKey @ 0x8064FE38 -> HOOKED (Unknown @ 0xF7BBCEF4)
SSDT[204] : NtRestoreKey @ 0x8064F9CD -> HOOKED (Unknown @ 0xF7BBCEEF)
SSDT[213] : NtSetContextThread @ 0x8062E773 -> HOOKED (Unknown @ 0xF7BBCF2B)
SSDT[237] : NtSetSecurityObject @ 0x8059818E -> HOOKED (Unknown @ 0xF7BBCF35)
SSDT[247] : NtSetValueKey @ 0x8057DA5B -> HOOKED (Unknown @ 0xF7BBCEE0)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2060BH PL +++++
--- User ---
[MBR] edead83709c4a0ae0f03ea46ef009254
[BSP] cac5a8f58b834a1c1f7a1d1ae38bbb29 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[7]_S_03052013_02d2118.txt >>
RKreport[1]_S_02182013_02d2227.txt ; RKreport[2]_S_02182013_02d2228.txt ; RKreport[3]_S_02192013_02d2153.txt ; RKreport[4]_D_02192013_02d2156.txt ; RKreport[5]_S_02202013_02d0020.txt ;
RKreport[6]_S_02202013_02d0021.txt ; RKreport[7]_S_03052013_02d2118.txt

VIRY.CZ

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu