Prosím o kontrolu

[vaclavka83]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Miluji tě at 2013-04-14 13:06:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (18%) free of 45 GB
Total RAM: 3326 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:06:33, on 14.4.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Miluji tě\Plocha\RSIT.exe
C:\Program Files\trend micro\Miluji tě.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink PowerDVD9\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink PowerDVD9\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Miluji tě\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4889788031
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7498 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1770027372-839522115-1004Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1770027372-839522115-1004UA.job
C:\WINDOWS\tasks\Your File Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Miluji tě\Data aplikací\Mozilla\Firefox\Profiles\74w2tjyj.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112555 ... 0755435&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Miluji tě\Data aplikací\Mozilla\Firefox\Profiles\74w2tjyj.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-20 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Avast5\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-20 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Avast5\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\Avast5\avastUI.exe [2013-03-07 4767304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-06-08 19552872]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-11-02 2508104]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872]
"RemoteControl9"=C:\Program Files\CyberLink PowerDVD9\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink PowerDVD9\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-11-19 75048]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2012-09-07 2777296]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2013-04-03 3684488]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"C-Media Mixer"=Mixer.exe /startup []
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2009-02-04 204288]
""= []
"Facebook Update"=C:\Documents and Settings\Miluji tě\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2013-02-25 138096]
"Steam"=C:\Program Files\Steam\steam.exe [2013-03-29 1631144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMISR]
C:\Program Files\KYE\WebMate\BM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

C:\Documents and Settings\Miluji tě\Nabídka Start\Programy\Po spuštění
ATI Tray Tools.lnk - C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-05-27 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\CyberLink PowerDVD9\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink PowerDVD9\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Games\Call of dutty 6\Modern Warfare 2\iw4mp.exe"="D:\Games\Call of dutty 6\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"D:\Games\Frontlines\Binaries\FFOW.exe"="D:\Games\Frontlines\Binaries\FFOW.exe:*:Enabled:Frontlines Game"
"D:\Games\Frontlines\Binaries\FFOW-Dedicated-Logging.exe"="D:\Games\Frontlines\Binaries\FFOW-Dedicated-Logging.exe:*:Enabled:Frontlines Game"
"D:\Games\Medal of honor Pacific assault\mohpa.exe"="D:\Games\Medal of honor Pacific assault\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
"D:\Games\Medal of honor\MOHAA.EXE"="D:\Games\Medal of honor\MOHAA.EXE:*:Enabled:Medal of Honor Allied Assault"
"D:\Games\Medal of honor\MOHAA_server.exe"="D:\Games\Medal of honor\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"D:\Games\Medal Of Honor AA\MOHAA.EXE"="D:\Games\Medal Of Honor AA\MOHAA.EXE:*:Enabled:Medal of Honor Allied Assault"
"D:\Games\Medal Of Honor AA\moh_spearhead.exe"="D:\Games\Medal Of Honor AA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"D:\Games\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="D:\Games\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"D:\Games\Call of Duty - Black Ops\BlackOps.exe"="D:\Games\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"D:\Games\Call of Duty - Black Ops\BlackOpsMP.exe"="D:\Games\Call of Duty - Black Ops\BlackOpsMP.exe:*:Enabled:BlackOpsMP"
"D:\Games\Battlefield 2\BFBC2Updater.exe"="D:\Games\Battlefield 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"D:\Games\Race Driver GRID\GRID.exe"="D:\Games\Race Driver GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"D:\Games\Apache Air Assault\apache.exe"="D:\Games\Apache Air Assault\apache.exe:*:Disabled:apache"
"D:\Games\Apache Air Assault\yuPlay\yuPlay.exe"="D:\Games\Apache Air Assault\yuPlay\yuPlay.exe:*:Disabled:Apache: Air Assault - yuPlay client"
"D:\Games\Apache Air Assault\launcher.exe"="D:\Games\Apache Air Assault\launcher.exe:*:Disabled:Apache: Air Assault Launcher"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe"="C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"
"D:\Dovnload\Mass effect 3\Mass Effect 3_RELOADED_ (2012)\Mass Effect 3_RELOADED_ (2012)\Mass Effect 3\Binaries\Win32\MassEffect3.exe"="D:\Dovnload\Mass effect 3\Mass Effect 3_RELOADED_ (2012)\Mass Effect 3_RELOADED_ (2012)\Mass Effect 3\Binaries\Win32\MassEffect3.exe:*:Enabled:Mass Effect(TM) 3"
"C:\Program Files\YourFileDownloader\Downloader.exe"="C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader"
"C:\Program Files\YourFileDownloader\YourFile.exe"="C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader"
"C:\Documents and Settings\Miluji tě\Plocha\Return to Castle Wolfenstein CZ\Return to Castle Wolfenstein\Return to Castle Wolfenstein\WolfMP.exe"="C:\Documents and Settings\Miluji tě\Plocha\Return to Castle Wolfenstein CZ\Return to Castle Wolfenstein\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"D:\Games\Wolfenstein enemy territory\ET.exe"="D:\Games\Wolfenstein enemy territory\ET.exe:*:Enabled:ET"
"D:\Games\Wolfenstein enemy territory\ETDED.exe"="D:\Games\Wolfenstein enemy territory\ETDED.exe:*:Enabled:ETDED"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\World_of_Tanks\WOTLauncher.exe"="C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"D:\Games\World_of_Tanks\WOTLauncher.exe"="D:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"D:\Games\World_of_Tanks\WorldOfTanks.exe"="D:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Documents and Settings\Miluji tě\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Miluji tě\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"D:\Games\Call of dutty Modern Warfare 3\Call of Duty- Modern Warfare 3\iw5mp_server.exe"="D:\Games\Call of dutty Modern Warfare 3\Call of Duty- Modern Warfare 3\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink PowerDVD9\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink PowerDVD9\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======List of files/folders created in the last 1 month======

2013-04-14 13:06:29 ----D---- C:\rsit
2013-04-14 13:02:49 ----A---- C:\WINDOWS\ntbtlog.txt
2013-04-13 12:32:52 ----ASH---- C:\pagefile.sys
2013-04-12 13:36:44 ----D---- C:\Program Files\Mozilla Firefox
2013-04-10 11:37:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-10 11:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-10 11:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-10 11:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
2013-04-04 09:17:56 ----D---- C:\Program Files\Mozilla Firefox.bak
2013-04-02 12:29:20 ----D---- C:\Program Files\dumps
2013-04-02 12:28:41 ----D---- C:\Program Files\Steam
2013-04-01 15:42:29 ----A---- C:\WINDOWS\system32\dwmapi.dll
2013-04-01 15:42:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Logs
2013-03-22 22:12:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\SoftSafe
2013-03-22 22:11:08 ----D---- C:\Program Files\Optimizer Pro
2013-03-22 22:09:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate
2013-03-20 09:01:08 ----A---- C:\WINDOWS\system32\javaws.exe
2013-03-20 09:01:04 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-03-20 09:01:04 ----A---- C:\WINDOWS\system32\javaw.exe
2013-03-20 09:01:04 ----A---- C:\WINDOWS\system32\java.exe
2013-03-18 17:16:50 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-03-18 17:16:50 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-03-18 17:16:49 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-03-18 07:11:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$

======List of files/folders modified in the last 1 month======

2013-04-14 13:06:30 ----D---- C:\Program Files\trend micro
2013-04-14 13:02:49 ----D---- C:\WINDOWS
2013-04-13 13:08:59 ----D---- C:\WINDOWS\system32
2013-04-13 13:08:37 ----D---- C:\WINDOWS\Prefetch
2013-04-13 13:08:22 ----D---- C:\WINDOWS\Temp
2013-04-13 12:41:38 ----D---- C:\Program Files\CCleaner
2013-04-13 12:37:39 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-13 12:36:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-04-13 12:35:39 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-12 14:15:22 ----SHD---- C:\WINDOWS\Installer
2013-04-12 14:15:13 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-04-12 14:10:14 ----D---- C:\Documents and Settings\Miluji tě\Data aplikací\Nokia
2013-04-12 13:37:14 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-04-12 13:37:13 ----RD---- C:\Program Files
2013-04-12 10:34:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-11 22:01:00 ----HD---- C:\WINDOWS\inf
2013-04-11 19:37:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2013-04-10 11:38:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-10 11:38:06 ----D---- C:\Program Files\Internet Explorer
2013-04-10 11:37:56 ----D---- C:\WINDOWS\ie8updates
2013-04-10 11:37:51 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-10 11:37:49 ----A---- C:\WINDOWS\imsins.BAK
2013-04-10 11:31:12 ----A---- C:\WINDOWS\system32\MRT.exe
2013-04-09 10:50:40 ----D---- C:\Program Files\Spyware Terminator
2013-04-01 16:05:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-04-01 15:48:16 ----SD---- C:\WINDOWS\Tasks
2013-04-01 15:42:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Temp
2013-04-01 15:37:17 ----RSD---- C:\WINDOWS\assembly
2013-04-01 15:36:53 ----D---- C:\WINDOWS\system32\DirectX
2013-04-01 15:36:40 ----D---- C:\WINDOWS\Logs
2013-03-24 00:07:44 ----D---- C:\Program Files\Avast5
2013-03-20 09:05:20 ----D---- C:\Program Files\Java
2013-03-20 09:00:51 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2013-03-20 09:00:51 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-03-18 17:16:50 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-01 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-03-07 49760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2010-07-01 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2010-07-01 12400]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
S1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/04 17:38:22]; \??\C:\Program Files\CyberLink PowerDVD9\PowerDVD9\000.fcl []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
S2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 aqnwm5ns;aqnwm5ns; C:\WINDOWS\system32\drivers\aqnwm5ns.sys []
S3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-05-27 4830720]
S3 CamSuiteVAC;CamSuite Virtual Audio; C:\WINDOWS\system32\DRIVERS\CamSuiteVAC.sys [2008-09-20 37560]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2009-05-20 1872192]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\MILUJI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 huawei_cdcacm;huawei_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-06-08 6056040]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-11-09 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-11-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-11-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-11-09 8576]
S3 PAC7302;iLook 300; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-10-29 458112]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-11-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-09 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-05-27 602112]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast5\AvastSvc.exe [2013-03-07 45248]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-20 170912]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-07-18 75136]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2012-09-07 587472]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-13 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vaclavka83]

Udělal jsem špatný LOG??

[Roli]

Udělal jsem špatný LOG??

Zdravím, ne ne jen tu nejsme celý den tak to chce trochu trpělivosti.

Tohle fixni v HJT :

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink PowerDVD9\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink PowerDVD9\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Miluji tě\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Miluji tě.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

NMIndexingService - Nero AG

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[vaclavka83]

ComboFix 13-04-14.01 - Miluji tě 14.04.2013 22:07:15.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2496 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miluji tý\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET48.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-14 do 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 11:06 . 2013-04-14 11:06 -------- d-----w- C:\rsit
2013-04-13 11:08 . 2013-04-13 11:08 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-04-13 11:08 . 2013-04-13 11:08 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-04-13 11:08 . 2013-04-13 11:08 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-04-13 11:08 . 2013-04-13 11:08 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-04-13 11:08 . 2013-04-13 11:08 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-04-13 11:07 . 2013-04-13 11:07 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-04-13 11:07 . 2013-04-13 11:07 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-04-13 11:07 . 2013-04-13 11:07 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-04-13 11:07 . 2013-04-13 11:07 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-04-13 11:07 . 2013-04-13 11:07 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-04-13 11:07 . 2013-04-13 11:07 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-04-13 11:07 . 2013-04-13 11:07 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-04-13 11:07 . 2013-04-13 11:07 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-04-13 11:07 . 2013-04-13 11:07 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-04-13 11:07 . 2013-04-13 11:07 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-04-13 11:07 . 2013-04-13 11:07 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-04-13 11:07 . 2013-04-13 11:07 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-04-02 10:28 . 2013-04-14 14:32 -------- d-----w- c:\program files\Steam
2013-04-01 13:42 . 2011-12-12 12:18 67072 ----a-w- c:\windows\system32\dwmapi.dll
2013-04-01 13:42 . 2013-04-01 13:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logs
2013-03-22 20:12 . 2013-03-22 20:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SoftSafe
2013-03-22 20:09 . 2013-03-23 01:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate
2013-03-20 07:01 . 2013-03-20 07:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-18 15:16 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-18 15:16 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-18 15:16 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-18 05:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-18 05:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 10:37 . 2012-04-12 13:20 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-13 10:37 . 2011-05-21 17:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-20 07:00 . 2012-06-25 16:55 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-20 07:00 . 2012-06-25 16:55 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-20 07:00 . 2010-07-02 04:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 23:33 . 2011-07-25 17:17 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2010-06-28 15:47 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2010-06-28 15:47 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2010-06-28 15:47 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2010-06-28 15:47 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2010-07-01 16:16 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2010-06-28 15:47 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2006-03-02 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2010-06-28 15:13 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-21 21:29 . 2010-07-04 18:34 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-21 21:29 . 2012-07-18 11:57 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-01-21 21:29 . 2010-07-04 18:34 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-12 11:36 . 2013-04-12 11:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Miluji tě\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2013-02-25 138096]
"Steam"="c:\program files\Steam\steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
c:\documents and settings\Miluji tě\Nabídka Start\Programy\Po spuštění\
ATI Tray Tools.lnk - c:\program files\Ray Adams\ATI Tray Tools\atitray.exe [2010-4-22 883200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 12:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink PowerDVD9\\PowerDVD9\\PowerDVD9.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"d:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Documents and Settings\\Miluji tě\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Games\\Call of dutty Modern Warfare 3\\Call of Duty- Modern Warfare 3\\iw5mp_server.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [18.3.2013 17:16 49248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.7.2010 21:46 691696]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 19:17 765736]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.6.2010 17:47 368176]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2012 5:30 32768]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/04 17:38];c:\program files\CyberLink PowerDVD9\PowerDVD9\000.fcl [5.8.2009 22:58 87536]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.6.2010 17:47 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [18.3.2013 17:16 66336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [9.1.2012 5:29 587472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.6.2010 19:53 1691480]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [18.3.2013 17:16 164736]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [28.8.2010 12:53 37560]
S3 cpuz130;cpuz130;\??\c:\docume~1\MILUJI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MILUJI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.1.2013 5:48 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.1.2013 5:48 8576]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:37]
.
2013-04-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Avast5\AvastEmUpdate.exe [2012-07-10 23:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\documents and settings\Miluji tě\Data aplikací\Mozilla\Firefox\Profiles\74w2tjyj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=270612_510&babsrc=KW_ss&mntrId=fcc7c973000000000000001d60755435&q=
FF - ExtSQL: !HIDDEN! 2010-07-01 18:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=270612_510
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fcc7c973000000000000001d60755435
FF - user.js: extensions.BabylonToolbar_i.hardId - fcc7c973000000000000001d60755435
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15518
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BMISR - c:\program files\KYE\WebMate\BM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-14 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-04-14 22:12:10
ComboFix-quarantined-files.txt 2013-04-14 20:12
.
Před spuštěním: Volných bajtů: 10 482 139 136
Po spuštění: Volných bajtů: 10 582 687 744
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - D46233D6CDCB8908ACA37A4449423F93

[vaclavka83]

Tak jsem to snad udělal správně??

[Roli]

Tak jsem to snad udělal správně??

Je to správně.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox:: 
FF - ProfilePath - c:\documents and settings\Miluji tě\Data aplikací\Mozilla\Firefox\Profiles\74w2tjyj.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555 ... 0755435&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=270612_510
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fcc7c973000000000000001d60755435
FF - user.js: extensions.BabylonToolbar_i.hardId - fcc7c973000000000000001d60755435
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15518
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[vaclavka83]

ComboFix 13-04-15.01 - Miluji tě 15.04.2013 22:57:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.1382 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miluji tý\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miluji tý\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-15 do 2013-04-15 )))))))))))))))))))))))))))))))
.
.
2013-04-15 15:41 . 2013-04-15 15:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-04-14 20:15 . 2013-04-14 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-14 20:13 . 2013-04-14 20:13 -------- d-----w- c:\program files\Optimizer Pro
2013-04-14 20:13 . 2013-04-14 20:13 -------- d-----w- c:\program files\dumps
2013-04-14 11:06 . 2013-04-14 11:06 -------- d-----w- C:\rsit
2013-04-13 11:08 . 2013-04-13 11:08 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXTBOX.JS
2013-04-13 11:08 . 2013-04-13 11:08 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TILEBOX.JS
2013-04-13 11:08 . 2013-04-13 11:08 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UICORE.JS
2013-04-13 11:08 . 2013-04-13 11:08 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\USERTILE.JS
2013-04-13 11:08 . 2013-04-13 11:08 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UIRESOURCE.JS
2013-04-13 11:07 . 2013-04-13 11:07 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\SAVEDUSER.JS
2013-04-13 11:07 . 2013-04-13 11:07 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXT.JS
2013-04-13 11:07 . 2013-04-13 11:07 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\QUERYSTRING.JS
2013-04-13 11:07 . 2013-04-13 11:07 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\NEWUSERCOMM.JS
2013-04-13 11:07 . 2013-04-13 11:07 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\IMAGE.JS
2013-04-13 11:07 . 2013-04-13 11:07 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LINK.JS
2013-04-13 11:07 . 2013-04-13 11:07 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LOCALIZATION.JS
2013-04-13 11:07 . 2013-04-13 11:07 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2013-04-13 11:07 . 2013-04-13 11:07 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2013-04-13 11:07 . 2013-04-13 11:07 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\EXTERNALWRAPPER.JS
2013-04-13 11:07 . 2013-04-13 11:07 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\COMBOBOX.JS
2013-04-13 11:07 . 2013-04-13 11:07 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\DIVWRAPPER.JS
2013-04-02 10:28 . 2013-04-15 15:47 -------- d-----w- c:\program files\Steam
2013-04-01 13:42 . 2011-12-12 12:18 67072 ----a-w- c:\windows\system32\dwmapi.dll
2013-04-01 13:42 . 2013-04-01 13:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logs
2013-03-22 20:12 . 2013-03-22 20:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SoftSafe
2013-03-22 20:09 . 2013-03-23 01:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate
2013-03-20 07:01 . 2013-03-20 07:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-18 15:16 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-18 15:16 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-18 15:16 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-18 05:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-18 05:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 07:00 . 2012-06-25 16:55 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-20 07:00 . 2012-06-25 16:55 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-20 07:00 . 2010-07-02 04:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 16:36 . 2012-04-12 13:20 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:36 . 2011-05-21 17:34 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 23:33 . 2011-07-25 17:17 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2010-06-28 15:47 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2010-06-28 15:47 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2010-06-28 15:47 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2010-06-28 15:47 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2010-07-01 16:16 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2010-06-28 15:47 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2006-03-02 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2010-06-28 15:13 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-21 21:29 . 2010-07-04 18:34 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-21 21:29 . 2012-07-18 11:57 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-01-21 21:29 . 2010-07-04 18:34 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-15 13:19 . 2013-04-15 13:18 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288]
"Facebook Update"="c:\documents and settings\Miluji tě\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2013-02-25 138096]
"Steam"="c:\program files\Steam\steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"RemoteControl9"="c:\program files\CyberLink PowerDVD9\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink PowerDVD9\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-11-19 75048]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CmPCIaudio"="CMICNFG3.cpl" [BU]
"avast"="c:\program files\Avast5\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miluji tě\Nabídka Start\Programy\Po spuštění\
ATI Tray Tools.lnk - c:\program files\Ray Adams\ATI Tray Tools\atitray.exe [2010-4-22 883200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMISR]
c:\program files\KYE\WebMate\BM.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 12:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink PowerDVD9\\PowerDVD9\\PowerDVD9.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"d:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Documents and Settings\\Miluji tě\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Games\\Call of dutty Modern Warfare 3\\Call of Duty- Modern Warfare 3\\iw5mp_server.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [18.3.2013 17:16 49248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.7.2010 21:46 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.6.2010 17:47 368176]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.4.2010 6:15 19232]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2012 5:30 32768]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/04 17:38];c:\program files\CyberLink PowerDVD9\PowerDVD9\000.fcl [5.8.2009 22:58 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.6.2010 17:47 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [18.3.2013 17:16 66336]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [9.1.2012 5:29 587472]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [28.8.2010 12:53 37560]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 19:17 765736]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.6.2010 19:53 1691480]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [18.3.2013 17:16 164736]
S3 cpuz130;cpuz130;\??\c:\docume~1\MILUJI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MILUJI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.1.2013 5:48 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.1.2013 5:48 8576]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 16:37]
.
2013-04-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Avast5\AvastEmUpdate.exe [2012-07-10 23:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\documents and settings\Miluji tě\Data aplikací\Mozilla\Firefox\Profiles\74w2tjyj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=270612_510&babsrc=KW_ss&mntrId=fcc7c973000000000000001d60755435&q=
FF - ExtSQL: !HIDDEN! 2010-07-01 18:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=270612_510
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fcc7c973000000000000001d60755435
FF - user.js: extensions.BabylonToolbar_i.hardId - fcc7c973000000000000001d60755435
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15518
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-15 23:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-04-15 23:03:50
ComboFix-quarantined-files.txt 2013-04-15 21:03
ComboFix2.txt 2013-04-14 20:12
.
Před spuštěním: 7 448 801 280
Po spuštění: 7 485 779 968
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 02986EF674A2366EAD40FE119CA7CA58

[Roli]

Neklaplo to, uděláme to tedy trošku jinak.


Přesuň ComboFix i skript na místní disk C a proveď tu akci



ještě jednou a opět mi sem dej log.

[vaclavka83]

ComboFix 13-04-15.01 - Miluji tě 17.04.2013 11:50:43.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2565 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-17 do 2013-04-17 )))))))))))))))))))))))))))))))
.
.
2013-04-15 15:41 . 2013-04-15 15:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-04-14 20:15 . 2013-04-14 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-14 20:13 . 2013-04-14 20:13 -------- d-----w- c:\program files\Optimizer Pro
2013-04-14 20:13 . 2013-04-14 20:13 -------- d-----w- c:\program files\dumps
2013-04-14 11:06 . 2013-04-14 11:06 -------- d-----w- C:\rsit
2013-04-13 11:08 . 2013-04-13 11:08 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXTBOX.JS
2013-04-13 11:08 . 2013-04-13 11:08 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TILEBOX.JS
2013-04-13 11:08 . 2013-04-13 11:08 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UICORE.JS
2013-04-13 11:08 . 2013-04-13 11:08 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\USERTILE.JS
2013-04-13 11:08 . 2013-04-13 11:08 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UIRESOURCE.JS
2013-04-13 11:07 . 2013-04-13 11:07 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\SAVEDUSER.JS
2013-04-13 11:07 . 2013-04-13 11:07 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXT.JS
2013-04-13 11:07 . 2013-04-13 11:07 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\QUERYSTRING.JS
2013-04-13 11:07 . 2013-04-13 11:07 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\NEWUSERCOMM.JS
2013-04-13 11:07 . 2013-04-13 11:07 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\IMAGE.JS
2013-04-13 11:07 . 2013-04-13 11:07 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LINK.JS
2013-04-13 11:07 . 2013-04-13 11:07 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LOCALIZATION.JS
2013-04-13 11:07 . 2013-04-13 11:07 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2013-04-13 11:07 . 2013-04-13 11:07 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2013-04-13 11:07 . 2013-04-13 11:07 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\EXTERNALWRAPPER.JS
2013-04-13 11:07 . 2013-04-13 11:07 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\COMBOBOX.JS
2013-04-13 11:07 . 2013-04-13 11:07 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\DIVWRAPPER.JS
2013-04-02 10:28 . 2013-04-15 15:47 -------- d-----w- c:\program files\Steam
2013-04-01 13:42 . 2013-04-01 13:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logs
2013-03-22 20:12 . 2013-03-22 20:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SoftSafe
2013-03-22 20:09 . 2013-03-23 01:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate
2013-03-20 07:01 . 2013-03-20 07:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-18 15:16 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-18 15:16 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-18 15:16 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 07:00 . 2012-06-25 16:55 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-20 07:00 . 2012-06-25 16:55 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-20 07:00 . 2010-07-02 04:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 16:36 . 2012-04-12 13:20 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:36 . 2011-05-21 17:34 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 23:33 . 2011-07-25 17:17 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2010-06-28 15:47 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2010-06-28 15:47 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2010-06-28 15:47 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2010-06-28 15:47 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2010-07-01 16:16 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2010-06-28 15:47 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2006-03-02 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2010-06-28 15:13 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-21 21:29 . 2010-07-04 18:34 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-21 21:29 . 2012-07-18 11:57 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-01-21 21:29 . 2010-07-04 18:34 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-15 13:19 . 2013-04-15 13:18 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288]
"Facebook Update"="c:\documents and settings\Miluji tě\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2013-02-25 138096]
"Steam"="c:\program files\Steam\steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"RemoteControl9"="c:\program files\CyberLink PowerDVD9\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink PowerDVD9\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-11-19 75048]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CmPCIaudio"="CMICNFG3.cpl" [BU]
"avast"="c:\program files\Avast5\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miluji tě\Nabídka Start\Programy\Po spuštění\
ATI Tray Tools.lnk - c:\program files\Ray Adams\ATI Tray Tools\atitray.exe [2010-4-22 883200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMISR]
c:\program files\KYE\WebMate\BM.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 12:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink PowerDVD9\\PowerDVD9\\PowerDVD9.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"d:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Documents and Settings\\Miluji tě\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Games\\Call of dutty Modern Warfare 3\\Call of Duty- Modern Warfare 3\\iw5mp_server.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [18.3.2013 17:16 49248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.7.2010 21:46 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.6.2010 17:47 368176]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.4.2010 6:15 19232]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2012 5:30 32768]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/04 17:38];c:\program files\CyberLink PowerDVD9\PowerDVD9\000.fcl [5.8.2009 22:58 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.6.2010 17:47 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [18.3.2013 17:16 66336]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [9.1.2012 5:29 587472]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [28.8.2010 12:53 37560]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 19:17 765736]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.6.2010 19:53 1691480]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [18.3.2013 17:16 164736]
S3 cpuz130;cpuz130;\??\c:\docume~1\MILUJI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MILUJI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.1.2013 5:48 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.1.2013 5:48 8576]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 16:37]
.
2013-04-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Avast5\AvastEmUpdate.exe [2012-07-10 23:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\documents and settings\Miluji tě\Data aplikací\Mozilla\Firefox\Profiles\74w2tjyj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2010-07-01 18:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2844)
c:\program files\Ray Adams\ATI Tray Tools\raphook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-04-17 11:56:48
ComboFix-quarantined-files.txt 2013-04-17 09:56
ComboFix2.txt 2013-04-15 21:03
ComboFix3.txt 2013-04-14 20:12
.
Před spuštěním: 7 341 309 952
Po spuštění: 7 325 937 664
.
- - End Of File - - F204A24082BAE6CF0823288CFC8CE886

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni TDSSKiller a ulož ho na plochu.

Spusť aplikaci, vyber volbu Spustit kontrolu a klik na Start sken

Pokud aplikace najde infikovaný soubor, ukáže se Ti předvolená akce Cure,

v tom případě potvrď tlačítko Continue

Pokud bude chtít apliakce restartovat počítač, klikni na tlačítko Reboot Now

Pokud si restart nevyžádá, klikni na tlačítko Report.

Po té na Tebe vypadne log, jeho obsah zkopíruj sem.

Pokud se log nezobrazí, je uložený na C:\TDSSKiller

[vaclavka83]

23:33:18.0359 1484 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:33:18.0484 1484 ============================================================
23:33:18.0484 1484 Current date / time: 2013/04/17 23:33:18.0484
23:33:18.0484 1484 SystemInfo:
23:33:18.0484 1484
23:33:18.0484 1484 OS Version: 5.1.2600 ServicePack: 3.0
23:33:18.0484 1484 Product type: Workstation
23:33:18.0484 1484 ComputerName: OBYVAK
23:33:18.0484 1484 UserName: Miluji tě
23:33:18.0484 1484 Windows directory: C:\WINDOWS
23:33:18.0484 1484 System windows directory: C:\WINDOWS
23:33:18.0484 1484 Processor architecture: Intel x86
23:33:18.0484 1484 Number of processors: 2
23:33:18.0484 1484 Page size: 0x1000
23:33:18.0484 1484 Boot type: Normal boot
23:33:18.0484 1484 ============================================================
23:33:19.0640 1484 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:33:19.0640 1484 ============================================================
23:33:19.0640 1484 \Device\Harddisk0\DR0:
23:33:19.0656 1484 MBR partitions:
23:33:19.0656 1484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57E52EA
23:33:19.0671 1484 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57E5368, BlocksNum 0xD22F898
23:33:19.0671 1484 ============================================================
23:33:19.0687 1484 C: <-> \Device\Harddisk0\DR0\Partition1
23:33:19.0703 1484 D: <-> \Device\Harddisk0\DR0\Partition2
23:33:19.0703 1484 ============================================================
23:33:19.0703 1484 Initialize success
23:33:19.0703 1484 ============================================================
23:33:24.0640 2092 ============================================================
23:33:24.0640 2092 Scan started
23:33:24.0640 2092 Mode: Manual;
23:33:24.0640 2092 ============================================================
23:33:26.0187 2092 ================ Scan system memory ========================
23:33:27.0312 2092 System memory - ok
23:33:27.0312 2092 ================ Scan services =============================
23:33:27.0375 2092 Abiosdsk - ok
23:33:27.0375 2092 abp480n5 - ok
23:33:27.0406 2092 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:33:27.0406 2092 ACPI - ok
23:33:27.0437 2092 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:33:27.0437 2092 ACPIEC - ok
23:33:27.0484 2092 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:33:27.0484 2092 AdobeFlashPlayerUpdateSvc - ok
23:33:27.0484 2092 adpu160m - ok
23:33:27.0515 2092 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:33:27.0515 2092 aec - ok
23:33:27.0546 2092 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:33:27.0546 2092 AFD - ok
23:33:27.0562 2092 Aha154x - ok
23:33:27.0562 2092 aic78u2 - ok
23:33:27.0562 2092 aic78xx - ok
23:33:27.0578 2092 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:33:27.0578 2092 Alerter - ok
23:33:27.0593 2092 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
23:33:27.0593 2092 ALG - ok
23:33:27.0609 2092 AliIde - ok
23:33:27.0656 2092 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
23:33:27.0703 2092 Ambfilt - ok
23:33:27.0718 2092 [ FCFFA85CFD4BF7A4711012847048DCA3 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:33:27.0718 2092 AmdK8 - ok
23:33:27.0718 2092 AmdLLD - ok
23:33:27.0750 2092 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
23:33:27.0750 2092 AmdPPM - ok
23:33:27.0750 2092 amsint - ok
23:33:27.0765 2092 AppMgmt - ok
23:33:27.0765 2092 asc - ok
23:33:27.0765 2092 asc3350p - ok
23:33:27.0781 2092 asc3550 - ok
23:33:27.0796 2092 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
23:33:27.0812 2092 AsIO - ok
23:33:27.0859 2092 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:33:27.0859 2092 aspnet_state - ok
23:33:27.0875 2092 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:33:27.0875 2092 aswFsBlk - ok
23:33:27.0890 2092 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
23:33:27.0890 2092 aswMonFlt - ok
23:33:27.0906 2092 [ C1A411B7CCD604554D96EFDAC2F83617 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
23:33:27.0921 2092 aswRdr - ok
23:33:27.0921 2092 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
23:33:27.0921 2092 aswRvrt - ok
23:33:27.0968 2092 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
23:33:27.0984 2092 aswSnx - ok
23:33:28.0000 2092 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:33:28.0015 2092 aswSP - ok
23:33:28.0031 2092 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:33:28.0031 2092 aswTdi - ok
23:33:28.0046 2092 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
23:33:28.0046 2092 aswVmm - ok
23:33:28.0062 2092 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:33:28.0062 2092 AsyncMac - ok
23:33:28.0078 2092 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:33:28.0078 2092 atapi - ok
23:33:28.0078 2092 Atdisk - ok
23:33:28.0109 2092 [ 1BD87FEC00508DCFC23AF4727BA14333 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:33:28.0109 2092 Ati HotKey Poller - ok
23:33:28.0234 2092 [ CAADF7AA3ABC6AFCB3D02B129DE9863A ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:33:28.0328 2092 ati2mtag - ok
23:33:28.0359 2092 [ 029CBC24A51EF75F3DA94467DC22B5F1 ] atitray C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
23:33:28.0375 2092 atitray - ok
23:33:28.0390 2092 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:33:28.0390 2092 Atmarpc - ok
23:33:28.0406 2092 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:33:28.0406 2092 AudioSrv - ok
23:33:28.0421 2092 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:33:28.0437 2092 audstub - ok
23:33:28.0468 2092 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\Avast5\AvastSvc.exe
23:33:28.0468 2092 avast! Antivirus - ok
23:33:28.0500 2092 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:33:28.0500 2092 Beep - ok
23:33:28.0531 2092 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
23:33:28.0531 2092 BITS - ok
23:33:28.0562 2092 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
23:33:28.0562 2092 Browser - ok
23:33:28.0578 2092 [ E292176878F933E6A3CC46D6109EF1BB ] CamSuiteVAC C:\WINDOWS\system32\DRIVERS\CamSuiteVAC.sys
23:33:28.0578 2092 CamSuiteVAC - ok
23:33:28.0687 2092 catchme - ok
23:33:28.0718 2092 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:33:28.0718 2092 cbidf2k - ok
23:33:28.0750 2092 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:33:28.0750 2092 CCDECODE - ok
23:33:28.0750 2092 cd20xrnt - ok
23:33:28.0765 2092 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:33:28.0765 2092 Cdaudio - ok
23:33:28.0781 2092 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:33:28.0796 2092 Cdfs - ok
23:33:28.0796 2092 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:33:28.0812 2092 Cdrom - ok
23:33:28.0812 2092 Changer - ok
23:33:28.0843 2092 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:33:28.0843 2092 CiSvc - ok
23:33:28.0859 2092 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:33:28.0859 2092 ClipSrv - ok
23:33:28.0890 2092 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:33:28.0890 2092 clr_optimization_v2.0.50727_32 - ok
23:33:28.0890 2092 CmdIde - ok
23:33:28.0921 2092 [ E5842CCF0953D3D46D5E26427B67E901 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
23:33:28.0937 2092 cmpci - ok
23:33:28.0984 2092 [ F6C6004322BAFBEB9801D5A7BBBBB26B ] cmuda3 C:\WINDOWS\system32\drivers\cmudax3.sys
23:33:29.0000 2092 cmuda3 - ok
23:33:29.0000 2092 COMSysApp - ok
23:33:29.0015 2092 Cpqarray - ok
23:33:29.0015 2092 cpuz130 - ok
23:33:29.0046 2092 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:33:29.0046 2092 CryptSvc - ok
23:33:29.0046 2092 dac2w2k - ok
23:33:29.0046 2092 dac960nt - ok
23:33:29.0093 2092 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:33:29.0093 2092 DcomLaunch - ok
23:33:29.0109 2092 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:33:29.0125 2092 Dhcp - ok
23:33:29.0140 2092 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:33:29.0140 2092 Disk - ok
23:33:29.0140 2092 dmadmin - ok
23:33:29.0187 2092 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:33:29.0203 2092 dmboot - ok
23:33:29.0218 2092 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:33:29.0218 2092 dmio - ok
23:33:29.0234 2092 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:33:29.0234 2092 dmload - ok
23:33:29.0250 2092 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:33:29.0265 2092 dmserver - ok
23:33:29.0281 2092 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:33:29.0281 2092 DMusic - ok
23:33:29.0296 2092 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:33:29.0312 2092 Dnscache - ok
23:33:29.0328 2092 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:33:29.0328 2092 Dot3svc - ok
23:33:29.0328 2092 dpti2o - ok
23:33:29.0343 2092 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:33:29.0343 2092 drmkaud - ok
23:33:29.0359 2092 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:33:29.0375 2092 EapHost - ok
23:33:29.0375 2092 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:33:29.0390 2092 ERSvc - ok
23:33:29.0406 2092 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
23:33:29.0406 2092 Eventlog - ok
23:33:29.0437 2092 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
23:33:29.0453 2092 EventSystem - ok
23:33:29.0453 2092 ew_hwusbdev - ok
23:33:29.0468 2092 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:33:29.0468 2092 Fastfat - ok
23:33:29.0500 2092 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:33:29.0500 2092 FastUserSwitchingCompatibility - ok
23:33:29.0515 2092 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:33:29.0515 2092 Fdc - ok
23:33:29.0531 2092 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:33:29.0531 2092 Fips - ok
23:33:29.0531 2092 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:33:29.0546 2092 Flpydisk - ok
23:33:29.0562 2092 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:33:29.0578 2092 FltMgr - ok
23:33:29.0609 2092 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:33:29.0609 2092 FontCache3.0.0.0 - ok
23:33:29.0625 2092 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:33:29.0625 2092 Fs_Rec - ok
23:33:29.0640 2092 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:33:29.0640 2092 Ftdisk - ok
23:33:29.0671 2092 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:33:29.0671 2092 gameenum - ok
23:33:29.0687 2092 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:33:29.0687 2092 Gpc - ok
23:33:29.0718 2092 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:33:29.0718 2092 HDAudBus - ok
23:33:29.0750 2092 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:33:29.0750 2092 helpsvc - ok
23:33:29.0750 2092 HidServ - ok
23:33:29.0781 2092 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:33:29.0781 2092 HidUsb - ok
23:33:29.0796 2092 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:33:29.0812 2092 hkmsvc - ok
23:33:29.0812 2092 hpn - ok
23:33:29.0843 2092 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:33:29.0843 2092 HTTP - ok
23:33:29.0875 2092 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:33:29.0875 2092 HTTPFilter - ok
23:33:29.0890 2092 huawei_cdcacm - ok
23:33:29.0890 2092 huawei_enumerator - ok
23:33:29.0906 2092 i2omgmt - ok
23:33:29.0906 2092 i2omp - ok
23:33:29.0921 2092 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:33:29.0921 2092 i8042prt - ok
23:33:29.0968 2092 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:33:29.0984 2092 idsvc - ok
23:33:30.0000 2092 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:33:30.0015 2092 Imapi - ok
23:33:30.0031 2092 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:33:30.0031 2092 ImapiService - ok
23:33:30.0046 2092 ini910u - ok
23:33:30.0171 2092 [ 994186286E1DF03B5BCBA765A9320E0F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:33:30.0281 2092 IntcAzAudAddService - ok
23:33:30.0281 2092 IntelIde - ok
23:33:30.0312 2092 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:33:30.0312 2092 Ip6Fw - ok
23:33:30.0343 2092 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:33:30.0343 2092 IpFilterDriver - ok
23:33:30.0343 2092 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:33:30.0343 2092 IpInIp - ok
23:33:30.0375 2092 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:33:30.0375 2092 IpNat - ok
23:33:30.0390 2092 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:33:30.0390 2092 IPSec - ok
23:33:30.0406 2092 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:33:30.0406 2092 IRENUM - ok
23:33:30.0421 2092 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:33:30.0421 2092 isapnp - ok
23:33:30.0500 2092 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:33:30.0500 2092 JavaQuickStarterService - ok
23:33:30.0515 2092 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:33:30.0515 2092 Kbdclass - ok
23:33:30.0531 2092 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:33:30.0546 2092 kmixer - ok
23:33:30.0562 2092 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:33:30.0562 2092 KSecDD - ok
23:33:30.0593 2092 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:33:30.0593 2092 lanmanserver - ok
23:33:30.0625 2092 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:33:30.0625 2092 lanmanworkstation - ok
23:33:30.0640 2092 lbrtfdc - ok
23:33:30.0656 2092 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:33:30.0656 2092 LmHosts - ok
23:33:30.0687 2092 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:33:30.0687 2092 Messenger - ok
23:33:30.0703 2092 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:33:30.0703 2092 mnmdd - ok
23:33:30.0734 2092 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:33:30.0734 2092 mnmsrvc - ok
23:33:30.0750 2092 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:33:30.0750 2092 Modem - ok
23:33:30.0796 2092 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
23:33:30.0828 2092 Monfilt - ok
23:33:30.0843 2092 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:33:30.0843 2092 Mouclass - ok
23:33:30.0843 2092 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:33:30.0859 2092 MountMgr - ok
23:33:30.0890 2092 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:33:30.0890 2092 MozillaMaintenance - ok
23:33:30.0906 2092 mraid35x - ok
23:33:30.0921 2092 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:33:30.0921 2092 MRxDAV - ok
23:33:30.0953 2092 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:33:30.0953 2092 MRxSmb - ok
23:33:30.0984 2092 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:33:30.0984 2092 MSDTC - ok
23:33:31.0000 2092 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:33:31.0000 2092 Msfs - ok
23:33:31.0000 2092 MSIServer - ok
23:33:31.0015 2092 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:33:31.0015 2092 MSKSSRV - ok
23:33:31.0031 2092 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:33:31.0031 2092 MSPCLOCK - ok
23:33:31.0046 2092 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:33:31.0046 2092 MSPQM - ok
23:33:31.0062 2092 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:33:31.0062 2092 mssmbios - ok
23:33:31.0078 2092 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:33:31.0078 2092 MSTEE - ok
23:33:31.0093 2092 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:33:31.0093 2092 MTsensor - ok
23:33:31.0109 2092 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:33:31.0125 2092 Mup - ok
23:33:31.0140 2092 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:33:31.0140 2092 NABTSFEC - ok
23:33:31.0156 2092 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:33:31.0171 2092 napagent - ok
23:33:31.0187 2092 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:33:31.0187 2092 NDIS - ok
23:33:31.0203 2092 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:33:31.0203 2092 NdisIP - ok
23:33:31.0234 2092 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:33:31.0234 2092 NdisTapi - ok
23:33:31.0234 2092 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:33:31.0234 2092 Ndisuio - ok
23:33:31.0250 2092 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:33:31.0250 2092 NdisWan - ok
23:33:31.0281 2092 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:33:31.0281 2092 NDProxy - ok
23:33:31.0296 2092 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:33:31.0296 2092 NetBIOS - ok
23:33:31.0312 2092 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:33:31.0312 2092 NetBT - ok
23:33:31.0328 2092 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
23:33:31.0343 2092 NetDDE - ok
23:33:31.0343 2092 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:33:31.0343 2092 NetDDEdsdm - ok
23:33:31.0359 2092 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:33:31.0359 2092 Netlogon - ok
23:33:31.0390 2092 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
23:33:31.0390 2092 Netman - ok
23:33:31.0421 2092 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:33:31.0421 2092 NetTcpPortSharing - ok
23:33:31.0453 2092 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
23:33:31.0453 2092 Nla - ok
23:33:31.0515 2092 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:33:31.0531 2092 NMIndexingService - ok
23:33:31.0562 2092 [ 33A4B24A4C4DCF3C168E2C1151A62FC5 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
23:33:31.0562 2092 nmwcd - ok
23:33:31.0578 2092 [ A77265EF7BF998B8BB22A1A23E72B45D ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:33:31.0578 2092 nmwcdc - ok
23:33:31.0609 2092 [ 62A8B306AACFC53D6FB08D8D36EAF61F ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
23:33:31.0609 2092 nmwcdnsu - ok
23:33:31.0640 2092 [ C0AD13045C82CC9569595223C7568B7F ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
23:33:31.0640 2092 nmwcdnsuc - ok
23:33:31.0656 2092 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:33:31.0656 2092 Npfs - ok
23:33:31.0671 2092 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:33:31.0687 2092 Ntfs - ok
23:33:31.0703 2092 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:33:31.0703 2092 NtLmSsp - ok
23:33:31.0734 2092 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:33:31.0750 2092 NtmsSvc - ok
23:33:31.0765 2092 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:33:31.0765 2092 Null - ok
23:33:31.0781 2092 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:33:31.0781 2092 NwlnkFlt - ok
23:33:31.0796 2092 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:33:31.0796 2092 NwlnkFwd - ok
23:33:31.0828 2092 [ 3F988A7C348F6990DC65C744469BF296 ] PAC7302 C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
23:33:31.0828 2092 PAC7302 - ok
23:33:31.0843 2092 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:33:31.0843 2092 Parport - ok
23:33:31.0859 2092 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:33:31.0859 2092 PartMgr - ok
23:33:31.0890 2092 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:33:31.0890 2092 ParVdm - ok
23:33:31.0921 2092 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:33:31.0921 2092 pccsmcfd - ok
23:33:31.0937 2092 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:33:31.0937 2092 PCI - ok
23:33:31.0937 2092 PCIDump - ok
23:33:31.0953 2092 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:33:31.0953 2092 PCIIde - ok
23:33:31.0968 2092 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:33:31.0968 2092 Pcmcia - ok
23:33:31.0968 2092 PDCOMP - ok
23:33:31.0984 2092 PDFRAME - ok
23:33:31.0984 2092 PDRELI - ok
23:33:31.0984 2092 PDRFRAME - ok
23:33:32.0000 2092 perc2 - ok
23:33:32.0000 2092 perc2hib - ok
23:33:32.0031 2092 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
23:33:32.0031 2092 PlugPlay - ok
23:33:32.0046 2092 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
23:33:32.0046 2092 PnkBstrA - ok
23:33:32.0062 2092 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:33:32.0062 2092 PolicyAgent - ok
23:33:32.0078 2092 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:33:32.0078 2092 PptpMiniport - ok
23:33:32.0078 2092 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:33:32.0078 2092 Processor - ok
23:33:32.0093 2092 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:33:32.0093 2092 ProtectedStorage - ok
23:33:32.0093 2092 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:33:32.0093 2092 PSched - ok
23:33:32.0109 2092 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:33:32.0125 2092 Ptilink - ok
23:33:32.0125 2092 ql1080 - ok
23:33:32.0125 2092 Ql10wnt - ok
23:33:32.0125 2092 ql12160 - ok
23:33:32.0140 2092 ql1240 - ok
23:33:32.0140 2092 ql1280 - ok
23:33:32.0156 2092 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:33:32.0156 2092 RasAcd - ok
23:33:32.0187 2092 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:33:32.0187 2092 RasAuto - ok
23:33:32.0203 2092 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:33:32.0203 2092 Rasl2tp - ok
23:33:32.0234 2092 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:33:32.0234 2092 RasMan - ok
23:33:32.0234 2092 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:33:32.0234 2092 RasPppoe - ok
23:33:32.0250 2092 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:33:32.0250 2092 Raspti - ok
23:33:32.0250 2092 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:33:32.0265 2092 Rdbss - ok
23:33:32.0265 2092 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:33:32.0265 2092 RDPCDD - ok
23:33:32.0296 2092 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:33:32.0312 2092 RDPWD - ok
23:33:32.0328 2092 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:33:32.0328 2092 RDSessMgr - ok
23:33:32.0359 2092 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:33:32.0359 2092 redbook - ok
23:33:32.0375 2092 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:33:32.0390 2092 RemoteAccess - ok
23:33:32.0390 2092 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
23:33:32.0390 2092 RpcLocator - ok
23:33:32.0421 2092 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:33:32.0421 2092 RpcSs - ok
23:33:32.0453 2092 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:33:32.0453 2092 RSVP - ok
23:33:32.0562 2092 [ EB5A4E5437C643517F9D0FA0535310AF ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
23:33:32.0625 2092 RTHDMIAzAudService - ok
23:33:32.0656 2092 [ C6D34A1874CD2B212DC3E788091C64B4 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:33:32.0656 2092 RTLE8023xp - ok
23:33:32.0671 2092 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
23:33:32.0671 2092 SamSs - ok
23:33:32.0703 2092 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:33:32.0703 2092 SCardSvr - ok
23:33:32.0718 2092 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:33:32.0734 2092 Schedule - ok
23:33:32.0750 2092 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:33:32.0750 2092 Secdrv - ok
23:33:32.0765 2092 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:33:32.0765 2092 seclogon - ok
23:33:32.0781 2092 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
23:33:32.0796 2092 SENS - ok
23:33:32.0812 2092 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:33:32.0812 2092 serenum - ok
23:33:32.0828 2092 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:33:32.0828 2092 Serial - ok
23:33:32.0890 2092 [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:33:32.0906 2092 ServiceLayer - ok
23:33:32.0921 2092 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:33:32.0921 2092 Sfloppy - ok
23:33:32.0953 2092 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:33:32.0953 2092 SharedAccess - ok
23:33:32.0968 2092 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:33:32.0984 2092 ShellHWDetection - ok
23:33:32.0984 2092 Simbad - ok
23:33:33.0015 2092 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:33:33.0015 2092 SkypeUpdate - ok
23:33:33.0031 2092 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:33:33.0031 2092 SLIP - ok
23:33:33.0031 2092 Sparrow - ok
23:33:33.0062 2092 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:33:33.0062 2092 splitter - ok
23:33:33.0078 2092 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:33:33.0078 2092 Spooler - ok
23:33:33.0109 2092 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:33:33.0125 2092 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
23:33:33.0125 2092 sptd ( LockedFile.Multi.Generic ) - warning
23:33:33.0125 2092 sptd - detected LockedFile.Multi.Generic (1)
23:33:33.0140 2092 [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
23:33:33.0140 2092 sp_rsdrv2 - ok
23:33:33.0156 2092 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:33:33.0156 2092 sr - ok
23:33:33.0171 2092 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
23:33:33.0187 2092 srservice - ok
23:33:33.0203 2092 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:33:33.0203 2092 Srv - ok
23:33:33.0234 2092 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:33:33.0234 2092 SSDPSRV - ok
23:33:33.0265 2092 [ 5FEB12BD9A298DE1A3110B8CBA050AC4 ] ST2012_Svc C:\Program Files\Spyware Terminator\st_rsser.exe
23:33:33.0265 2092 ST2012_Svc - ok
23:33:33.0281 2092 Steam Client Service - ok
23:33:33.0296 2092 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:33:33.0312 2092 stisvc - ok
23:33:33.0328 2092 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:33:33.0328 2092 streamip - ok
23:33:33.0343 2092 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:33:33.0343 2092 swenum - ok
23:33:33.0359 2092 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:33:33.0359 2092 swmidi - ok
23:33:33.0359 2092 SwPrv - ok
23:33:33.0375 2092 symc810 - ok
23:33:33.0375 2092 symc8xx - ok
23:33:33.0375 2092 sym_hi - ok
23:33:33.0390 2092 sym_u3 - ok
23:33:33.0406 2092 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:33:33.0406 2092 sysaudio - ok
23:33:33.0421 2092 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:33:33.0437 2092 SysmonLog - ok
23:33:33.0453 2092 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:33:33.0453 2092 TapiSrv - ok
23:33:33.0500 2092 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:33:33.0500 2092 Tcpip - ok
23:33:33.0531 2092 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:33:33.0531 2092 TDPIPE - ok
23:33:33.0531 2092 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:33:33.0531 2092 TDTCP - ok
23:33:33.0546 2092 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:33:33.0546 2092 TermDD - ok
23:33:33.0578 2092 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
23:33:33.0593 2092 TermService - ok
23:33:33.0609 2092 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:33:33.0609 2092 Themes - ok
23:33:33.0609 2092 TosIde - ok
23:33:33.0640 2092 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:33:33.0656 2092 TrkWks - ok
23:33:33.0671 2092 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:33:33.0671 2092 Udfs - ok
23:33:33.0671 2092 ultra - ok
23:33:33.0718 2092 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:33:33.0718 2092 Update - ok
23:33:33.0750 2092 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
23:33:33.0750 2092 upnphost - ok
23:33:33.0781 2092 [ B671514497DF7417F83919A6A5BD6BB9 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:33:33.0781 2092 upperdev - ok
23:33:33.0796 2092 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
23:33:33.0796 2092 UPS - ok
23:33:33.0812 2092 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:33:33.0812 2092 usbccgp - ok
23:33:33.0843 2092 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:33:33.0843 2092 usbehci - ok
23:33:33.0859 2092 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:33:33.0859 2092 usbhub - ok
23:33:33.0875 2092 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:33:33.0875 2092 usbohci - ok
23:33:33.0906 2092 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:33:33.0906 2092 usbprint - ok
23:33:33.0921 2092 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:33:33.0921 2092 usbscan - ok
23:33:33.0953 2092 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
23:33:33.0953 2092 usbser - ok
23:33:33.0968 2092 [ FF358FD3176B2E5605C4ACCD5026A5AC ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:33:33.0968 2092 UsbserFilt - ok
23:33:33.0984 2092 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:33:33.0984 2092 usbstor - ok
23:33:34.0015 2092 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:33:34.0015 2092 VgaSave - ok
23:33:34.0015 2092 ViaIde - ok
23:33:34.0031 2092 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:33:34.0031 2092 VolSnap - ok
23:33:34.0062 2092 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
23:33:34.0062 2092 VSS - ok
23:33:34.0109 2092 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
23:33:34.0109 2092 W32Time - ok
23:33:34.0125 2092 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:33:34.0125 2092 Wanarp - ok
23:33:34.0156 2092 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:33:34.0171 2092 Wdf01000 - ok
23:33:34.0171 2092 WDICA - ok
23:33:34.0187 2092 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:33:34.0187 2092 wdmaud - ok
23:33:34.0203 2092 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:33:34.0203 2092 WebClient - ok
23:33:34.0265 2092 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:33:34.0281 2092 winmgmt - ok
23:33:34.0359 2092 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:33:34.0390 2092 wlidsvc - ok
23:33:34.0421 2092 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:33:34.0421 2092 WmdmPmSN - ok
23:33:34.0437 2092 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:33:34.0437 2092 WmiApSrv - ok
23:33:34.0500 2092 [ 0DCC3A79329F0FDE9B1B5283CACD3F50 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:33:34.0500 2092 WMPNetworkSvc - ok
23:33:34.0515 2092 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:33:34.0515 2092 WpdUsb - ok
23:33:34.0546 2092 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:33:34.0546 2092 WS2IFSL - ok
23:33:34.0562 2092 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:33:34.0578 2092 wscsvc - ok
23:33:34.0593 2092 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:33:34.0593 2092 WSTCODEC - ok
23:33:34.0609 2092 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:33:34.0609 2092 wuauserv - ok
23:33:34.0625 2092 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:33:34.0625 2092 WudfPf - ok
23:33:34.0656 2092 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:33:34.0656 2092 WudfRd - ok
23:33:34.0671 2092 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:33:34.0687 2092 WudfSvc - ok
23:33:34.0703 2092 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:33:34.0718 2092 WZCSVC - ok
23:33:34.0734 2092 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:33:34.0734 2092 xmlprov - ok
23:33:34.0765 2092 [ 74EC37B9EAF9FCA015B933A526825C7A ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files\CyberLink PowerDVD9\PowerDVD9\000.fcl
23:33:34.0781 2092 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
23:33:34.0781 2092 ================ Scan global ===============================
23:33:34.0796 2092 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
23:33:34.0828 2092 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
23:33:34.0859 2092 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
23:33:34.0859 2092 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
23:33:34.0859 2092 [Global] - ok
23:33:34.0875 2092 ================ Scan MBR ==================================
23:33:34.0890 2092 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
23:33:35.0031 2092 \Device\Harddisk0\DR0 - ok
23:33:35.0031 2092 ================ Scan VBR ==================================
23:33:35.0031 2092 [ F2359C370EFF073ACA5AF7F2CB709803 ] \Device\Harddisk0\DR0\Partition1
23:33:35.0046 2092 \Device\Harddisk0\DR0\Partition1 - ok
23:33:35.0046 2092 [ 8567970381C64A47EBFB3E9BB7F72553 ] \Device\Harddisk0\DR0\Partition2
23:33:35.0046 2092 \Device\Harddisk0\DR0\Partition2 - ok
23:33:35.0046 2092 ============================================================
23:33:35.0046 2092 Scan finished
23:33:35.0046 2092 ============================================================
23:33:35.0062 3316 Detected object count: 1
23:33:35.0062 3316 Actual detected object count: 1
23:36:25.0546 3316 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:36:25.0546 3316 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:37:21.0625 2740 Deinitialize success

[vaclavka83]

Tak jsem udělal podle návodu. Ale bylo to trochu jiné než je v popisu. Po skenování to napsalo. (LOCKED FILE SERVICE:SPTD Suspicious objekt, medium risk) Nechal jsem předvolené SKIP a potvrdil. No všechny problémi začali tím, že mi nechtěl naběhnout Windows. A psalo mi to hlášení (DISK BOOT FALLURE, INSERT SYSTEM DISKAND PRESS ENTER) Pak se mi to pomocí Windows instalačního CD podařilo rozběhnout. Tak jsem měl podezření na zavirování?? A nebo,že odchází HDD?? Kontrolu HDD jsem raději ještě nedělal ze strachu, že už by opět nenaběhnul. Ale všechny moje potřebné data se mi podařilo zálohovat na DVD. A sehnal jsem si nový HDD. Píši to k případnému přihlédnutí k dalšímu postupu?? Díky...

[Roli]

No ten HDD bych raději testnul.

Stáhni HD Tune a otestuj HDD.

Benchmark - Test disku Klikni na tlačítko Start a vyčkej dokud se nezaplní celý graf. Poté se dozvíš přenosovou rychlost a přístupový čas pevného disku.

Info Přesná kapacita, souborový systém, podporované funkce, verze firmware, sériové číslo a typ zapojení disků.

Health - Kondice Seznam důležitých parametrů a jejich hodnoty. Ideální je mít všude OK.

Když je nějaká položka žlutá pravděpodobně brzy změní status na failed. Když je červená má status failed, to by znamenalo výměnu disku.

Error Scan - Hledání chyb Klikni na tlačítko Start a program prozkoumá disk zda na něm nejsou vadné bloky.

Pokud na konci testu jsou všechny zelené, je vše v pořádku. Když je byť jeden z nich červený, doporučuji zazálohovat data a počítat s výměnou disku.

Teplota Teploměr nahoře a číslo vedle něj znázorňují teplotu disku. Normální hodnota je pod 50°C. Teplota ale nesmí přesáhnout 60°C, program upozorní když dosáhne hranice 55°C.


Pak dej vědět jak to dopadlo.

[vaclavka83]

HD Tune: WDC WD1600AAJS-60PSA Benchmark

Transfer Rate Minimum : 1.5 MB/sec
Transfer Rate Maximum : 76.5 MB/sec
Transfer Rate Average : 55.8 MB/sec
Access Time : 15.9 ms
Burst Rate : 117.9 MB/sec
CPU Usage : 2.8%
teplota 37C
Ted jdu na další test

[vaclavka83]

v HEALT je vše OK