prosím o kontrolu HJT pc je šílené

John.Ross · Příspěvek od **John.Ross** » 09 črc 2012 12:23

Dobrý den všem, zbláznilo se mi PC kliká si kam chce, dělá si co chce, otvítá zavírá co chce, je to stařenka, kterou jste mi dali do kupy před 2 lety a
ted je zbláznila... že by horko??

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:46, on 9.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Dokumenty\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 5114 bytes

Příspěvek od **Žbeky** » 09 črc 2012 15:27

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

John.Ross · Příspěvek od **John.Ross** » 09 črc 2012 18:21

tady je log.... a ještě jedna věc, neustále v nějakém intervalu naskakuje microsoft feed synchronizace.... že přestala fungovat.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.07.09.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Euromedica :: EUROMEDI-09D832 [administrátor]

Ochrana: Povolena

9.7.2012 17:35:17
mbam-log-2012-07-09 (18-20-13).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 404660
Uplynulý čas: 19 minut, 15 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 4
HKCU\SOFTWARE\5DR8ZAD8GX (Trojan.FakeAlert) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\C8H1KKCTZV (Trojan.FakeAlert) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Příspěvek od **Žbeky** » 09 črc 2012 20:04

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

John.Ross · Příspěvek od **John.Ross** » 09 črc 2012 21:06

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.07.09.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Euromedica :: EUROMEDI-09D832 [administrátor]

Ochrana: Zakázána

9.7.2012 20:35:56
mbam-log-2012-07-09 (20-35-56).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 404773
Uplynulý čas: 27 minut, 38 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 4
HKCU\SOFTWARE\5DR8ZAD8GX (Trojan.FakeAlert) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\C8H1KKCTZV (Trojan.FakeAlert) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

na dalším pracuji......

John.Ross · Příspěvek od **John.Ross** » 09 črc 2012 21:55

ComboFix 12-07-08.02 - Euromedica 09.07.2012 21:26:15.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1214.699 [GMT 2:00]
Spuštěný z: c:\documents and settings\Euromedica.EUROMEDI-09D832\Dokumenty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\COM+.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-09 do 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 12:00 . 2012-07-02 10:23 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-07-09 07:15 . 2001-10-25 14:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-07-09 07:15 . 2001-10-25 14:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-07-09 07:15 . 2008-04-14 06:52 77312 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2012-07-09 07:15 . 2008-04-14 06:52 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2012-07-09 07:15 . 2001-10-25 14:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2012-07-09 07:15 . 2008-04-14 06:52 366080 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2012-07-09 07:15 . 2001-10-25 14:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2012-07-09 07:15 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2012-07-09 07:15 . 2001-10-25 14:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2012-07-09 07:15 . 2001-10-25 14:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-07-09 07:15 . 2008-04-14 06:50 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-07-09 07:15 . 2008-04-14 06:50 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2012-07-09 07:13 . 2001-10-24 10:24 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-07-09 07:12 . 2008-04-13 20:13 208952 -c--a-w- c:\windows\system32\dllcache\imjpmig.exe
2012-07-09 07:11 . 2008-04-14 06:38 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2012-07-09 07:10 . 2008-04-14 06:51 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2012-07-09 07:10 . 2008-04-14 06:51 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2012-07-09 07:07 . 2001-10-25 14:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-07-09 07:07 . 2001-10-25 14:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-07-09 07:00 . 2001-08-17 18:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2012-07-09 06:55 . 2001-10-25 14:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-07-09 06:55 . 2001-10-25 14:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-07-09 06:55 . 2001-10-25 14:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-07-09 06:55 . 2001-10-25 14:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-07-09 06:54 . 2008-04-14 08:52 16825 ----a-r- c:\windows\SET139.tmp
2012-07-09 06:54 . 2008-04-14 08:52 1088840 ----a-r- c:\windows\SET12D.tmp
2012-07-09 06:54 . 2008-04-14 08:59 1246067 ----a-r- c:\windows\SET12A.tmp
2012-07-04 13:05 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-04 12:48 . 2012-07-04 12:48 -------- d-----w- C:\c9a3d5c76888fb824292
2012-07-04 12:36 . 2012-07-04 12:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-04 12:15 . 2012-07-04 12:25 -------- d-----w- C:\fef31c51442c5167ce050796af952b
2012-07-04 11:39 . 2012-07-04 12:31 -------- d-----w- c:\windows\LastGood(2)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 12:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-04-08 16:04 35864 ----a-w- c:\windows\system32\wups(2)(2).dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2(2)(2).dll
2012-06-02 13:19 . 2008-04-11 16:01 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-04-11 16:01 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-04-11 16:01 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-15 13:55 . 2004-08-18 12:00 1863168 ----a-w- c:\windows\system32\win32k(2)(2).sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_13.17.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-09 19:16 . 2012-07-09 19:16 16384 c:\windows\temp\Perflib_Perfdata_558.dat
+ 2012-07-09 15:27 . 2012-04-04 13:56 22344 c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"238d9"="c:\program files\Sfmauhzxxakyg\ugtaoiv.exe" [2010-01-25 2350634]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"238d9"="c:\program files\Sfmauhzxxakyg\ugtaoiv.exe" [2010-01-25 2350634]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-03-11 147456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"STELA LITE"=c:\program files\Stela Lite\mono\StelaLite.exe
"BrowserChoice"="c:\windows\system32\browserchoice.exe" /run
"Facebook Update"="c:\documents and settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SoundMan"=SOUNDMAN.EXE
"VTTrayp"=VTtrayp.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"VTTimer"=VTTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Euromedica.EUROMEDI-09D832\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [9.10.2009 13:33 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [9.10.2009 13:33 52224]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [3.5.2008 10:02 51072]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.7.2012 17:27 654408]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [9.7.2012 13:59 2673064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [7.5.2010 14:36 92008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.7.2012 17:27 22344]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9.7.2012 14:00 25088]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18.12.2008 18:13 47360]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [8.10.2009 12:53 23600]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-09 c:\windows\Tasks\User_Feed_Synchronization-{ED7F9989-D856-4C7D-B7E0-04A828701671}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-09 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1757981266-682003330-1003\RemoteAccess\Profile\
r*]
"AutoConnect"=dword:00000000
.
Celkový čas: 2012-07-09 21:40:55
ComboFix-quarantined-files.txt 2012-07-09 19:40
ComboFix2.txt 2012-07-09 13:23
ComboFix3.txt 2009-06-10 12:20
.
Před spuštěním: Volných bajtů: 21 950 283 776
Po spuštění: Volných bajtů: 21 933 584 384
.
- - End Of File - - 8C1A9636C957AD0A638E4A6AED5B9EE9

John.Ross · Příspěvek od **John.Ross** » 09 črc 2012 21:57

21:08:59.0171 3784 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
21:08:59.0312 3784 ============================================================
21:08:59.0312 3784 Current date / time: 2012/07/09 21:08:59.0312
21:08:59.0312 3784 SystemInfo:
21:08:59.0312 3784
21:08:59.0312 3784 OS Version: 5.1.2600 ServicePack: 3.0
21:08:59.0312 3784 Product type: Workstation
21:08:59.0312 3784 ComputerName: EUROMEDI-09D832
21:08:59.0312 3784 UserName: Euromedica
21:08:59.0312 3784 Windows directory: C:\WINDOWS
21:08:59.0312 3784 System windows directory: C:\WINDOWS
21:08:59.0312 3784 Processor architecture: Intel x86
21:08:59.0312 3784 Number of processors: 1
21:08:59.0312 3784 Page size: 0x1000
21:08:59.0312 3784 Boot type: Normal boot
21:08:59.0312 3784 ============================================================
21:09:02.0203 3784 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:09:02.0203 3784 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:02.0203 3784 ============================================================
21:09:02.0203 3784 \Device\Harddisk0\DR0:
21:09:02.0203 3784 MBR partitions:
21:09:02.0203 3784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
21:09:02.0203 3784 \Device\Harddisk1\DR2:
21:09:02.0250 3784 MBR partitions:
21:09:02.0250 3784 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:09:02.0250 3784 ============================================================
21:09:02.0281 3784 C: <-> \Device\Harddisk0\DR0\Partition0
21:09:02.0296 3784 E: <-> \Device\Harddisk1\DR2\Partition0
21:09:02.0312 3784 ============================================================
21:09:02.0312 3784 Initialize success
21:09:02.0312 3784 ============================================================
21:09:18.0234 2904 ============================================================
21:09:18.0234 2904 Scan started
21:09:18.0234 2904 Mode: Manual;
21:09:18.0234 2904 ============================================================
21:09:18.0921 2904 Abiosdsk - ok
21:09:18.0937 2904 abp480n5 - ok
21:09:19.0046 2904 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:09:19.0046 2904 ACPI - ok
21:09:19.0093 2904 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:09:19.0093 2904 ACPIEC - ok
21:09:19.0125 2904 adpu160m - ok
21:09:19.0171 2904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:09:19.0171 2904 aec - ok
21:09:19.0265 2904 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
21:09:19.0265 2904 AFD - ok
21:09:19.0296 2904 Aha154x - ok
21:09:19.0328 2904 aic78u2 - ok
21:09:19.0359 2904 aic78xx - ok
21:09:19.0468 2904 akshasp (d5987b854a62867d399a3d3d744547e5) C:\WINDOWS\system32\DRIVERS\akshasp.sys
21:09:19.0484 2904 akshasp - ok
21:09:19.0546 2904 aksusb (25c07de96a774622001935e36693c9c2) C:\WINDOWS\system32\DRIVERS\aksusb.sys
21:09:19.0546 2904 aksusb - ok
21:09:20.0281 2904 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:09:20.0343 2904 ALCXWDM - ok
21:09:20.0515 2904 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:09:20.0531 2904 Alerter - ok
21:09:20.0593 2904 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:09:20.0593 2904 ALG - ok
21:09:20.0656 2904 AliIde - ok
21:09:20.0671 2904 amsint - ok
21:09:20.0734 2904 Angelnt (4a8cb8fea9dcb6f93017f413e2646001) C:\WINDOWS\System32\Drivers\ANGELNT.SYS
21:09:20.0734 2904 Angelnt - ok
21:09:20.0843 2904 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
21:09:20.0843 2904 AppMgmt - ok
21:09:20.0875 2904 asc - ok
21:09:20.0906 2904 asc3350p - ok
21:09:20.0921 2904 asc3550 - ok
21:09:21.0484 2904 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:09:21.0500 2904 aspnet_state - ok
21:09:21.0546 2904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:09:21.0546 2904 AsyncMac - ok
21:09:21.0640 2904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:09:21.0640 2904 atapi - ok
21:09:21.0656 2904 Atdisk - ok
21:09:21.0734 2904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:09:21.0734 2904 Atmarpc - ok
21:09:21.0812 2904 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:09:21.0812 2904 AudioSrv - ok
21:09:21.0875 2904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:09:21.0875 2904 audstub - ok
21:09:22.0046 2904 Basics Service (55fed228fe147ecb9c47a1c55388896e) C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
21:09:22.0046 2904 Basics Service - ok
21:09:22.0109 2904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:09:22.0109 2904 Beep - ok
21:09:22.0312 2904 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:09:22.0328 2904 BITS - ok
21:09:22.0500 2904 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:09:22.0515 2904 Browser - ok
21:09:22.0578 2904 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:09:22.0578 2904 BrScnUsb - ok
21:09:22.0640 2904 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:09:22.0640 2904 BthEnum - ok
21:09:22.0703 2904 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:09:22.0703 2904 BthPan - ok
21:09:22.0796 2904 BTHPORT (164f186e09f26ba47b89e4db9b0aaf1e) C:\WINDOWS\system32\Drivers\BTHport.sys
21:09:22.0796 2904 BTHPORT - ok
21:09:22.0843 2904 BthServ (70ca4b3f634c9dca200832f8da76e009) C:\WINDOWS\System32\bthserv.dll
21:09:22.0843 2904 BthServ - ok
21:09:22.0906 2904 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:09:22.0906 2904 BTHUSB - ok
21:09:22.0921 2904 catchme - ok
21:09:23.0000 2904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:09:23.0000 2904 cbidf2k - ok
21:09:23.0046 2904 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:09:23.0046 2904 CCDECODE - ok
21:09:23.0062 2904 cd20xrnt - ok
21:09:23.0156 2904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:09:23.0156 2904 Cdaudio - ok
21:09:23.0218 2904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:09:23.0218 2904 Cdfs - ok
21:09:23.0250 2904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:09:23.0250 2904 Cdrom - ok
21:09:23.0265 2904 Changer - ok
21:09:23.0312 2904 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:09:23.0312 2904 CiSvc - ok
21:09:23.0390 2904 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:09:23.0390 2904 ClipSrv - ok
21:09:23.0546 2904 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:23.0578 2904 clr_optimization_v2.0.50727_32 - ok
21:09:23.0609 2904 CmdIde - ok
21:09:23.0625 2904 COMSysApp - ok
21:09:23.0671 2904 Cpqarray - ok
21:09:23.0750 2904 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:09:23.0765 2904 CryptSvc - ok
21:09:23.0781 2904 dac2w2k - ok
21:09:23.0828 2904 dac960nt - ok
21:09:23.0906 2904 DcomLaunch (c868f3ae15cf71a93f2aa3a32856d839) C:\WINDOWS\system32\rpcss.dll
21:09:23.0906 2904 DcomLaunch - ok
21:09:24.0015 2904 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:09:24.0015 2904 Dhcp - ok
21:09:24.0093 2904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:09:24.0093 2904 Disk - ok
21:09:24.0125 2904 dmadmin - ok
21:09:24.0296 2904 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:09:24.0312 2904 dmboot - ok
21:09:24.0359 2904 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\DRIVERS\dmio.sys
21:09:24.0359 2904 dmio - ok
21:09:24.0437 2904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:09:24.0437 2904 dmload - ok
21:09:24.0484 2904 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:09:24.0484 2904 dmserver - ok
21:09:24.0562 2904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:09:24.0562 2904 DMusic - ok
21:09:24.0625 2904 Dnscache (0634b791684b84f4a331f3d3536feef8) C:\WINDOWS\System32\dnsrslvr.dll
21:09:24.0640 2904 Dnscache - ok
21:09:24.0921 2904 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:09:24.0921 2904 Dot3svc - ok
21:09:24.0953 2904 dpti2o - ok
21:09:25.0000 2904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:09:25.0000 2904 drmkaud - ok
21:09:25.0062 2904 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:09:25.0078 2904 EapHost - ok
21:09:25.0125 2904 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:09:25.0125 2904 ERSvc - ok
21:09:25.0171 2904 Eventlog (f0d2ae69035092bf22dad6b50fab85c2) C:\WINDOWS\system32\services.exe
21:09:25.0187 2904 Eventlog - ok
21:09:25.0312 2904 EventSystem (260c69fd67687b0dc062fc3d31655857) C:\WINDOWS\system32\es.dll
21:09:25.0328 2904 EventSystem - ok
21:09:25.0375 2904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:09:25.0375 2904 Fastfat - ok
21:09:25.0484 2904 FastUserSwitchingCompatibility (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
21:09:25.0500 2904 FastUserSwitchingCompatibility - ok
21:09:25.0531 2904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:09:25.0546 2904 Fdc - ok
21:09:25.0593 2904 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:09:25.0593 2904 FETNDIS - ok
21:09:25.0671 2904 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:09:25.0671 2904 Fips - ok
21:09:25.0718 2904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:09:25.0718 2904 Flpydisk - ok
21:09:25.0796 2904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:09:25.0796 2904 FltMgr - ok
21:09:25.0953 2904 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:09:25.0953 2904 FontCache3.0.0.0 - ok
21:09:26.0015 2904 FreshIO - ok
21:09:26.0078 2904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:09:26.0078 2904 Fs_Rec - ok
21:09:26.0156 2904 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
21:09:26.0156 2904 FTDIBUS - ok
21:09:26.0218 2904 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:09:26.0218 2904 Ftdisk - ok
21:09:26.0296 2904 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
21:09:26.0296 2904 FTSER2K - ok
21:09:26.0375 2904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:09:26.0375 2904 Gpc - ok
21:09:26.0765 2904 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
21:09:26.0796 2904 Hardlock - ok
21:09:26.0875 2904 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:09:26.0875 2904 helpsvc - ok
21:09:26.0906 2904 HidServ - ok
21:09:26.0984 2904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:09:26.0984 2904 HidUsb - ok
21:09:27.0031 2904 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:09:27.0031 2904 hkmsvc - ok
21:09:27.0062 2904 hpn - ok
21:09:27.0203 2904 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
21:09:27.0218 2904 HTTP - ok
21:09:27.0421 2904 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:09:27.0437 2904 HTTPFilter - ok
21:09:27.0468 2904 i2omgmt - ok
21:09:27.0484 2904 i2omp - ok
21:09:27.0546 2904 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:09:27.0546 2904 i8042prt - ok
21:09:27.0781 2904 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:09:27.0828 2904 idsvc - ok
21:09:27.0906 2904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:09:27.0906 2904 Imapi - ok
21:09:27.0968 2904 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:09:27.0984 2904 ImapiService - ok
21:09:28.0015 2904 ini910u - ok
21:09:28.0062 2904 IntelIde - ok
21:09:28.0156 2904 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:09:28.0156 2904 intelppm - ok
21:09:28.0203 2904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:09:28.0203 2904 Ip6Fw - ok
21:09:28.0250 2904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:09:28.0250 2904 IpFilterDriver - ok
21:09:28.0281 2904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:09:28.0281 2904 IpInIp - ok
21:09:28.0390 2904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:09:28.0406 2904 IpNat - ok
21:09:28.0453 2904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:09:28.0453 2904 IPSec - ok
21:09:28.0515 2904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:09:28.0515 2904 IRENUM - ok
21:09:28.0593 2904 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:09:28.0593 2904 isapnp - ok
21:09:28.0828 2904 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
21:09:28.0843 2904 JavaQuickStarterService - ok
21:09:28.0890 2904 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:09:28.0890 2904 Kbdclass - ok
21:09:28.0937 2904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:09:28.0937 2904 kmixer - ok
21:09:29.0031 2904 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
21:09:29.0031 2904 KSecDD - ok
21:09:29.0078 2904 lanmanserver (21920ac69594ab021237054fa728fe46) C:\WINDOWS\System32\srvsvc.dll
21:09:29.0078 2904 lanmanserver - ok
21:09:29.0140 2904 lanmanworkstation (5190783f51a2d7a8495202c664d7c963) C:\WINDOWS\System32\wkssvc.dll
21:09:29.0156 2904 lanmanworkstation - ok
21:09:29.0187 2904 lbrtfdc - ok
21:09:29.0250 2904 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:09:29.0250 2904 LmHosts - ok
21:09:29.0328 2904 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:09:29.0328 2904 MBAMProtector - ok
21:09:29.0421 2904 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:09:29.0453 2904 MBAMService - ok
21:09:29.0546 2904 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:09:29.0546 2904 Messenger - ok
21:09:29.0671 2904 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:09:29.0671 2904 Microsoft Office Groove Audit Service - ok
21:09:29.0921 2904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:09:29.0921 2904 mnmdd - ok
21:09:30.0000 2904 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:09:30.0015 2904 mnmsrvc - ok
21:09:30.0078 2904 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:09:30.0078 2904 Modem - ok
21:09:30.0109 2904 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:09:30.0125 2904 Mouclass - ok
21:09:30.0187 2904 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:09:30.0187 2904 mouhid - ok
21:09:30.0250 2904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:09:30.0250 2904 MountMgr - ok
21:09:30.0281 2904 mraid35x - ok
21:09:30.0312 2904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:09:30.0328 2904 MRxDAV - ok
21:09:30.0453 2904 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:09:30.0468 2904 MRxSmb - ok
21:09:30.0531 2904 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:09:30.0531 2904 MSDTC - ok
21:09:30.0609 2904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:09:30.0609 2904 Msfs - ok
21:09:30.0640 2904 MSIServer - ok
21:09:30.0703 2904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:09:30.0703 2904 MSKSSRV - ok
21:09:30.0734 2904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:09:30.0734 2904 MSPCLOCK - ok
21:09:30.0765 2904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:09:30.0765 2904 MSPQM - ok
21:09:30.0875 2904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:09:30.0875 2904 mssmbios - ok
21:09:30.0906 2904 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:09:30.0921 2904 MSTEE - ok
21:09:30.0953 2904 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:09:30.0968 2904 Mup - ok
21:09:31.0046 2904 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:09:31.0046 2904 NABTSFEC - ok
21:09:31.0140 2904 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:09:31.0156 2904 napagent - ok
21:09:31.0218 2904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:09:31.0218 2904 NDIS - ok
21:09:31.0296 2904 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:09:31.0296 2904 NdisIP - ok
21:09:31.0343 2904 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:09:31.0343 2904 NdisTapi - ok
21:09:31.0375 2904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:09:31.0375 2904 Ndisuio - ok
21:09:31.0406 2904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:09:31.0421 2904 NdisWan - ok
21:09:31.0437 2904 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:09:31.0437 2904 NDProxy - ok
21:09:31.0515 2904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:09:31.0515 2904 NetBIOS - ok
21:09:31.0593 2904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:09:31.0593 2904 NetBT - ok
21:09:31.0656 2904 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:09:31.0671 2904 NetDDE - ok
21:09:31.0734 2904 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:09:31.0750 2904 NetDDEdsdm - ok
21:09:31.0796 2904 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:09:31.0796 2904 Netlogon - ok
21:09:31.0859 2904 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:09:31.0859 2904 Netman - ok
21:09:32.0031 2904 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:32.0031 2904 NetTcpPortSharing - ok
21:09:32.0156 2904 Nla (aac97dab5f8a0573cf10e0eac42a7724) C:\WINDOWS\System32\mswsock.dll
21:09:32.0171 2904 Nla - ok
21:09:32.0375 2904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:09:32.0375 2904 Npfs - ok
21:09:32.0468 2904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:09:32.0484 2904 Ntfs - ok
21:09:32.0515 2904 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:09:32.0515 2904 NtLmSsp - ok
21:09:32.0656 2904 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:09:32.0671 2904 NtmsSvc - ok
21:09:32.0718 2904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:09:32.0718 2904 Null - ok
21:09:32.0765 2904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:09:32.0765 2904 NwlnkFlt - ok
21:09:32.0843 2904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:09:32.0843 2904 NwlnkFwd - ok
21:09:33.0062 2904 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:33.0093 2904 odserv - ok
21:09:33.0171 2904 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:33.0171 2904 ose - ok
21:09:33.0296 2904 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:09:33.0296 2904 Parport - ok
21:09:33.0343 2904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:09:33.0343 2904 PartMgr - ok
21:09:33.0390 2904 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:09:33.0390 2904 ParVdm - ok
21:09:33.0453 2904 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:09:33.0453 2904 PCI - ok
21:09:33.0484 2904 PCIDump - ok
21:09:33.0546 2904 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\drivers\PCIIde.sys
21:09:33.0562 2904 PCIIde - ok
21:09:33.0640 2904 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:09:33.0640 2904 Pcmcia - ok
21:09:33.0703 2904 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:09:33.0703 2904 pcouffin - ok
21:09:33.0750 2904 PDCOMP - ok
21:09:33.0796 2904 PDFRAME - ok
21:09:33.0828 2904 PDRELI - ok
21:09:33.0843 2904 PDRFRAME - ok
21:09:33.0859 2904 perc2 - ok
21:09:33.0890 2904 perc2hib - ok
21:09:34.0031 2904 PlugPlay (f0d2ae69035092bf22dad6b50fab85c2) C:\WINDOWS\system32\services.exe
21:09:34.0046 2904 PlugPlay - ok
21:09:34.0093 2904 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:09:34.0109 2904 PolicyAgent - ok
21:09:34.0187 2904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:09:34.0187 2904 PptpMiniport - ok
21:09:34.0234 2904 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:09:34.0234 2904 ProtectedStorage - ok
21:09:34.0281 2904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:09:34.0281 2904 PSched - ok
21:09:34.0328 2904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:09:34.0328 2904 Ptilink - ok
21:09:34.0343 2904 ql1080 - ok
21:09:34.0375 2904 Ql10wnt - ok
21:09:34.0437 2904 ql12160 - ok
21:09:34.0500 2904 ql1240 - ok
21:09:34.0515 2904 ql1280 - ok
21:09:34.0546 2904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:09:34.0546 2904 RasAcd - ok
21:09:34.0593 2904 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:09:34.0593 2904 RasAuto - ok
21:09:34.0671 2904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:09:34.0671 2904 Rasl2tp - ok
21:09:34.0953 2904 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:09:34.0968 2904 RasMan - ok
21:09:35.0015 2904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:09:35.0031 2904 RasPppoe - ok
21:09:35.0093 2904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:09:35.0093 2904 Raspti - ok
21:09:35.0171 2904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:09:35.0171 2904 Rdbss - ok
21:09:35.0218 2904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:09:35.0218 2904 RDPCDD - ok
21:09:35.0343 2904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:09:35.0359 2904 rdpdr - ok
21:09:35.0437 2904 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:09:35.0437 2904 RDPWD - ok
21:09:35.0531 2904 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:09:35.0531 2904 RDSessMgr - ok
21:09:35.0593 2904 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:09:35.0593 2904 redbook - ok
21:09:35.0718 2904 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:09:35.0718 2904 RemoteAccess - ok
21:09:35.0781 2904 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
21:09:35.0781 2904 RemoteRegistry - ok
21:09:35.0875 2904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:09:35.0875 2904 RFCOMM - ok
21:09:35.0937 2904 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:09:35.0937 2904 RpcLocator - ok
21:09:36.0062 2904 RpcSs (c868f3ae15cf71a93f2aa3a32856d839) C:\WINDOWS\System32\rpcss.dll
21:09:36.0078 2904 RpcSs - ok
21:09:36.0171 2904 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:09:36.0171 2904 RSVP - ok
21:09:36.0234 2904 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:09:36.0250 2904 SamSs - ok
21:09:36.0328 2904 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:09:36.0328 2904 SCardSvr - ok
21:09:36.0421 2904 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:09:36.0437 2904 Schedule - ok
21:09:36.0515 2904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:09:36.0515 2904 Secdrv - ok
21:09:36.0562 2904 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:09:36.0578 2904 seclogon - ok
21:09:36.0625 2904 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:09:36.0625 2904 SENS - ok
21:09:36.0656 2904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:09:36.0656 2904 serenum - ok
21:09:36.0687 2904 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:09:36.0687 2904 Serial - ok
21:09:36.0812 2904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:09:36.0812 2904 Sfloppy - ok
21:09:36.0875 2904 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:09:36.0906 2904 SharedAccess - ok
21:09:37.0015 2904 ShellHWDetection (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
21:09:37.0015 2904 ShellHWDetection - ok
21:09:37.0046 2904 Simbad - ok
21:09:37.0093 2904 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:09:37.0093 2904 SLIP - ok
21:09:37.0125 2904 Sparrow - ok
21:09:37.0390 2904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:09:37.0406 2904 splitter - ok
21:09:37.0468 2904 Spooler (cb1090bca0e7b40d0b5b4e4d66531809) C:\WINDOWS\system32\spoolsv.exe
21:09:37.0468 2904 Spooler - ok
21:09:37.0515 2904 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:09:37.0515 2904 sr - ok
21:09:37.0609 2904 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:09:37.0609 2904 srservice - ok
21:09:37.0718 2904 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
21:09:37.0718 2904 Srv - ok
21:09:37.0765 2904 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:09:37.0781 2904 SSDPSRV - ok
21:09:37.0890 2904 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:09:37.0906 2904 stisvc - ok
21:09:37.0953 2904 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:09:37.0953 2904 streamip - ok
21:09:38.0000 2904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:09:38.0000 2904 swenum - ok
21:09:38.0078 2904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:09:38.0078 2904 swmidi - ok
21:09:38.0109 2904 SwPrv - ok
21:09:38.0140 2904 symc810 - ok
21:09:38.0171 2904 symc8xx - ok
21:09:38.0187 2904 sym_hi - ok
21:09:38.0218 2904 sym_u3 - ok
21:09:38.0312 2904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:09:38.0312 2904 sysaudio - ok
21:09:38.0359 2904 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:09:38.0359 2904 SysmonLog - ok
21:09:38.0437 2904 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:09:38.0453 2904 TapiSrv - ok
21:09:38.0562 2904 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:09:38.0562 2904 Tcpip - ok
21:09:38.0640 2904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:09:38.0640 2904 TDPIPE - ok
21:09:38.0687 2904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:09:38.0687 2904 TDTCP - ok
21:09:39.0187 2904 TeamViewer7 (4a84526076717f87f3e1ad24ab28fb5a) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:09:39.0328 2904 TeamViewer7 - ok
21:09:39.0484 2904 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
21:09:39.0484 2904 teamviewervpn - ok
21:09:39.0578 2904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:09:39.0578 2904 TermDD - ok
21:09:39.0656 2904 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:09:39.0671 2904 TermService - ok
21:09:39.0953 2904 Themes (b927443008910b412bec72fc41c1bad0) C:\WINDOWS\System32\shsvcs.dll
21:09:39.0953 2904 Themes - ok
21:09:40.0015 2904 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
21:09:40.0031 2904 TlntSvr - ok
21:09:40.0156 2904 TomTomHOMEService (e80cc0c9c45649a4ce23ea70a607f56e) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:09:40.0171 2904 TomTomHOMEService - ok
21:09:40.0203 2904 TosIde - ok
21:09:40.0265 2904 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:09:40.0265 2904 TrkWks - ok
21:09:40.0343 2904 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
21:09:40.0343 2904 TVICHW32 - ok
21:09:40.0437 2904 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
21:09:40.0453 2904 uagp35 - ok
21:09:40.0500 2904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:09:40.0515 2904 Udfs - ok
21:09:40.0531 2904 ultra - ok
21:09:40.0609 2904 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
21:09:40.0609 2904 UMWdf - ok
21:09:40.0703 2904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:09:40.0718 2904 Update - ok
21:09:40.0828 2904 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:09:40.0843 2904 upnphost - ok
21:09:40.0890 2904 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:09:40.0890 2904 UPS - ok
21:09:40.0953 2904 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:09:40.0953 2904 usbbus - ok
21:09:41.0031 2904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:09:41.0031 2904 usbccgp - ok
21:09:41.0062 2904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:09:41.0062 2904 usbehci - ok
21:09:41.0093 2904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:09:41.0093 2904 usbhub - ok
21:09:41.0156 2904 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:09:41.0156 2904 USBModem - ok
21:09:41.0234 2904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:09:41.0234 2904 usbprint - ok
21:09:41.0312 2904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:09:41.0312 2904 usbscan - ok
21:09:41.0359 2904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:09:41.0359 2904 USBSTOR - ok
21:09:41.0437 2904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:09:41.0437 2904 usbuhci - ok
21:09:41.0500 2904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:09:41.0500 2904 VgaSave - ok
21:09:41.0812 2904 viagfx (bcb2353661cb74a28c2e3e08ccfdff12) C:\WINDOWS\system32\DRIVERS\vtmini.sys
21:09:41.0812 2904 viagfx - ok
21:09:41.0875 2904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys
21:09:41.0875 2904 ViaIde - ok
21:09:41.0906 2904 ViBus (fd85c55b66797542a8c8a7348ed0675a) C:\WINDOWS\system32\DRIVERS\ViBus.sys
21:09:41.0906 2904 ViBus - ok
21:09:41.0984 2904 videX32 (510b5097e81cd36d603d7d5c93820bbd) C:\WINDOWS\system32\DRIVERS\videX32.sys
21:09:41.0984 2904 videX32 - ok
21:09:42.0046 2904 ViPrt (7c69b1b6dec5f8584aa352e522af1476) C:\WINDOWS\system32\DRIVERS\ViPrt.sys
21:09:42.0046 2904 ViPrt - ok
21:09:42.0093 2904 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:09:42.0093 2904 VolSnap - ok
21:09:42.0281 2904 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:09:42.0296 2904 VSS - ok
21:09:42.0453 2904 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:09:42.0468 2904 W32Time - ok
21:09:42.0531 2904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:09:42.0531 2904 Wanarp - ok
21:09:42.0546 2904 WDICA - ok
21:09:42.0609 2904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:09:42.0609 2904 wdmaud - ok
21:09:42.0671 2904 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:09:42.0687 2904 WebClient - ok
21:09:42.0796 2904 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:09:42.0796 2904 winmgmt - ok
21:09:42.0937 2904 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll
21:09:42.0937 2904 WmdmPmSN - ok
21:09:43.0093 2904 Wmi (6538d6bde04b56737fe743c24d4ce83d) C:\WINDOWS\System32\advapi32.dll
21:09:43.0109 2904 Wmi - ok
21:09:43.0234 2904 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:09:43.0234 2904 WmiApSrv - ok
21:09:43.0500 2904 WMPNetworkSvc (0dcc3a79329f0fde9b1b5283cacd3f50) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:09:43.0546 2904 WMPNetworkSvc - ok
21:09:43.0609 2904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:09:43.0609 2904 WS2IFSL - ok
21:09:43.0671 2904 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:09:43.0671 2904 wscsvc - ok
21:09:43.0734 2904 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:09:43.0734 2904 WSTCODEC - ok
21:09:43.0796 2904 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:09:43.0796 2904 wuauserv - ok
21:09:43.0875 2904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:09:43.0875 2904 WudfPf - ok
21:09:43.0953 2904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:09:43.0953 2904 WudfRd - ok
21:09:43.0984 2904 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:09:43.0984 2904 WudfSvc - ok
21:09:44.0078 2904 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:09:44.0109 2904 WZCSVC - ok
21:09:44.0187 2904 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:09:44.0187 2904 xmlprov - ok
21:09:44.0281 2904 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
21:09:45.0312 2904 \Device\Harddisk0\DR0 - ok
21:09:45.0359 2904 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
21:09:45.0375 2904 \Device\Harddisk1\DR2 - ok
21:09:45.0406 2904 Boot (0x1200) (eab511370d46758e4e50f3beef98198c) \Device\Harddisk0\DR0\Partition0
21:09:45.0406 2904 \Device\Harddisk0\DR0\Partition0 - ok
21:09:45.0421 2904 Boot (0x1200) (f39a9a58d09778795092841f46f31ed1) \Device\Harddisk1\DR2\Partition0
21:09:45.0421 2904 \Device\Harddisk1\DR2\Partition0 - ok
21:09:45.0437 2904 ============================================================
21:09:45.0437 2904 Scan finished
21:09:45.0437 2904 ============================================================
21:09:45.0484 3052 Detected object count: 0
21:09:45.0484 3052 Actual detected object count: 0

Příspěvek od **jaro3** » 09 črc 2012 23:03

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
ClearJavaCache::

Kód: Vybrat vše

KillAll::
Collect::
c:\program files\Sfmauhzxxakyg\ugtaoiv.exe

File::
c:\windows\SET139.tmp
c:\windows\SET12D.tmp
c:\windows\SET12A.tmp
c:\windows\system32\wups2(2)(2).dll
c:\windows\system32\win32k(2)(2).sys
c:\windows\temp\Perflib_Perfdata_558.dat
c:\documents and settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe

Folder::
c:\windows\LastGood(2)
c:\program files\Sfmauhzxxakyg

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"238d9"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"238d9"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facebook Update"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

John.Ross · Příspěvek od **John.Ross** » 12 črc 2012 21:30

malinko jsem se zasekl, když hodím ten script do combofixu, tak to naběhne, provádí svou práci ale nikdy nedojede do konce a nevyhodí log. zkouše jsem to dva dny po sobě a nic :( combo jede třeba celý den a noc a nic.

Příspěvek od **memphisto** » 12 črc 2012 21:38

Zkus to v nouzovém režimu

John.Ross · Příspěvek od **John.Ross** » 13 črc 2012 00:28

v nouzovém to taky nešlo, tak jsem znovu stáhl combofix a nechal script projet a je to snad tady....

ComboFix 12-07-12.02 - Euromedica 12.07.2012 23:40:56.5.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1214.790 [GMT 2:00]
Spuštěný z: c:\documents and settings\Euromedica.EUROMEDI-09D832\Dokumenty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-12 do 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 20:34 . 2012-07-12 20:34 -------- d-----w- c:\documents and settings\Administrator.EUROMEDI-09D832
2012-07-11 23:01 . 2012-07-11 23:01 -------- d-----w- c:\windows\LastGood
2012-07-10 12:27 . 2012-07-10 12:27 -------- d-----w- c:\documents and settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Sun
2012-07-10 12:26 . 2012-07-10 12:26 -------- d-----w- c:\program files\Oracle
2012-07-10 12:26 . 2012-07-10 12:26 -------- d-----w- c:\documents and settings\Euromedica.EUROMEDI-09D832\Data aplikací\Oracle
2012-07-10 12:26 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-09 15:27 . 2012-07-09 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-09 15:27 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 12:00 . 2012-07-02 10:23 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-07-09 07:15 . 2001-10-25 14:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-07-09 07:15 . 2001-10-25 14:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-07-09 07:15 . 2008-04-14 06:52 77312 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2012-07-09 07:15 . 2008-04-14 06:52 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2012-07-09 07:15 . 2001-10-25 14:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2012-07-09 07:15 . 2008-04-14 06:52 366080 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2012-07-09 07:15 . 2001-10-25 14:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2012-07-09 07:15 . 2001-10-25 14:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2012-07-09 07:15 . 2001-10-25 14:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2012-07-09 07:15 . 2001-10-25 14:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-07-09 07:15 . 2008-04-14 06:50 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-07-09 07:15 . 2008-04-14 06:50 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2012-07-09 07:13 . 2001-10-24 10:24 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-07-09 07:12 . 2008-04-13 20:13 208952 -c--a-w- c:\windows\system32\dllcache\imjpmig.exe
2012-07-09 07:11 . 2008-04-14 06:38 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2012-07-09 07:10 . 2008-04-14 06:51 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2012-07-09 07:10 . 2008-04-14 06:51 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2012-07-09 07:07 . 2001-10-25 14:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-07-09 07:07 . 2001-10-25 14:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-07-09 07:00 . 2001-08-17 18:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2012-07-09 06:55 . 2001-10-25 14:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-07-09 06:55 . 2001-10-25 14:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-07-09 06:55 . 2001-10-25 14:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-07-09 06:55 . 2001-10-25 14:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-07-09 06:54 . 2008-04-14 08:52 16825 ----a-r- c:\windows\SET139.tmp
2012-07-09 06:54 . 2008-04-14 08:52 1088840 ----a-r- c:\windows\SET12D.tmp
2012-07-09 06:54 . 2008-04-14 08:59 1246067 ----a-r- c:\windows\SET12A.tmp
2012-07-04 13:05 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-04 12:48 . 2012-07-04 12:48 -------- d-----w- C:\c9a3d5c76888fb824292
2012-07-04 12:36 . 2012-07-04 12:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-04 12:15 . 2012-07-04 12:25 -------- d-----w- C:\fef31c51442c5167ce050796af952b
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2012-06-02 13:19 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-04-08 16:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-04-08 16:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-04-08 16:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-06-02 13:19 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-08 16:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-04-08 16:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-04-08 16:04 35864 ----a-w- c:\windows\system32\wups(2)(2).dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2(2)(2).dll
2012-06-02 13:19 . 2008-04-08 16:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-04-08 16:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-04-11 16:01 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-04-11 16:01 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-04-11 16:01 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-15 13:55 . 2004-08-18 12:00 1863168 ----a-w- c:\windows\system32\win32k(2)(2).sys
2012-05-04 17:29 . 2008-04-08 18:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2010-05-03 11:14 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_13.17.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-08 16:04 . 2012-06-02 13:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2008-04-08 16:04 . 2012-06-02 13:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2012-06-02 13:19 . 2012-06-02 13:19 97304 c:\windows\system32\dllcache\cdm.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 26488 c:\windows\SoftwareDistribution\Download\bdd028eaa713ddb20d4e1defac9064d6\update\spcustom.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 18296 c:\windows\SoftwareDistribution\Download\bdd028eaa713ddb20d4e1defac9064d6\spmsg.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 26488 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\update\spcustom.dll
- 2012-07-04 11:57 . 2012-05-05 03:16 16896 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\update\mpsyschk.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 18296 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\spmsg.dll
- 2012-07-04 11:56 . 2010-07-05 13:13 26488 c:\windows\SoftwareDistribution\Download\225374e59d8804605b4045708801c218\update\spcustom.dll
- 2012-07-04 11:56 . 2010-07-05 13:13 18296 c:\windows\SoftwareDistribution\Download\225374e59d8804605b4045708801c218\spmsg.dll
+ 2011-02-07 20:32 . 2011-02-07 20:32 9845 c:\windows\system32\mswoneoie.dll
- 2011-01-16 13:14 . 2011-01-16 13:14 9845 c:\windows\system32\mswoneoie.dll
+ 2012-07-10 12:26 . 2012-05-04 17:29 227720 c:\windows\system32\javaws.exe
+ 2012-07-10 12:26 . 2012-07-10 12:25 174064 c:\windows\system32\javaw.exe
+ 2012-07-10 12:26 . 2012-07-10 12:25 174064 c:\windows\system32\java.exe
+ 2008-04-08 16:04 . 2012-06-02 13:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2008-04-08 16:04 . 2012-06-02 13:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2008-04-08 16:04 . 2012-06-02 13:19 577048 c:\windows\system32\dllcache\wuapi.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 391032 c:\windows\SoftwareDistribution\Download\bdd028eaa713ddb20d4e1defac9064d6\update\updspapi.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 759160 c:\windows\SoftwareDistribution\Download\bdd028eaa713ddb20d4e1defac9064d6\update\update.exe
- 2012-07-04 11:57 . 2010-07-05 13:13 233848 c:\windows\SoftwareDistribution\Download\bdd028eaa713ddb20d4e1defac9064d6\spuninst.exe
- 2012-05-31 13:19 . 2012-05-31 13:19 602624 c:\windows\SoftwareDistribution\Download\bdd028eaa713ddb20d4e1defac9064d6\sp3qfe\crypt32.dll
- 2012-05-31 13:22 . 2012-05-31 13:22 602112 c:\windows\SoftwareDistribution\Download\bdd028eaa713ddb20d4e1defac9064d6\sp3gdr\crypt32.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 391032 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\update\updspapi.dll
- 2012-07-04 11:57 . 2010-07-05 13:13 759160 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\update\update.exe
- 2012-07-04 11:57 . 2010-07-05 13:13 233848 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\spuninst.exe
- 2012-07-04 11:56 . 2010-07-05 13:13 391032 c:\windows\SoftwareDistribution\Download\225374e59d8804605b4045708801c218\update\updspapi.dll
- 2012-07-04 11:56 . 2010-07-05 13:13 759160 c:\windows\SoftwareDistribution\Download\225374e59d8804605b4045708801c218\update\update.exe
- 2012-07-04 11:56 . 2010-07-05 13:13 233848 c:\windows\SoftwareDistribution\Download\225374e59d8804605b4045708801c218\spuninst.exe
- 2012-07-04 11:56 . 2012-05-02 13:45 139656 c:\windows\SoftwareDistribution\Download\225374e59d8804605b4045708801c218\SP3QFE\rdpwd.sys
- 2012-07-04 11:56 . 2012-05-02 13:46 139656 c:\windows\SoftwareDistribution\Download\225374e59d8804605b4045708801c218\SP3GDR\rdpwd.sys
+ 2012-07-10 12:27 . 2012-07-10 12:27 176128 c:\windows\Installer\799d7.msi
+ 2012-07-10 12:26 . 2012-07-10 12:26 457216 c:\windows\Installer\799c7.msi
+ 2012-07-10 12:25 . 2012-07-10 12:25 863744 c:\windows\Installer\799c3.msi
+ 2008-04-08 16:04 . 2012-06-02 13:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
- 2012-05-05 03:14 . 2012-05-05 03:14 2194816 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3qfe\ntoskrnl.exe
- 2012-05-05 03:14 . 2012-05-05 03:14 2028544 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3qfe\ntkrpamp.exe
- 2012-05-05 03:14 . 2012-05-05 03:14 2071296 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3qfe\ntkrnlpa.exe
- 2012-05-05 03:14 . 2012-05-05 03:14 2150400 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3qfe\ntkrnlmp.exe
- 2012-05-05 03:14 . 2012-05-05 03:14 2194816 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3gdr\ntoskrnl.exe
- 2012-05-05 03:14 . 2012-05-05 03:14 2028544 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3gdr\ntkrpamp.exe
- 2012-05-05 03:14 . 2012-05-05 03:14 2071296 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3gdr\ntkrnlpa.exe
- 2012-05-05 03:14 . 2012-05-05 03:14 2150400 c:\windows\SoftwareDistribution\Download\3a4b683ecca2f07fbf154e5e144e9b49\sp3gdr\ntkrnlmp.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"238d9"="c:\program files\Sfmauhzxxakyg\ugtaoiv.exe" [2010-01-25 2350634]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"238d9"="c:\program files\Sfmauhzxxakyg\ugtaoiv.exe" [2010-01-25 2350634]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-03-11 147456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"STELA LITE"=c:\program files\Stela Lite\mono\StelaLite.exe
"BrowserChoice"="c:\windows\system32\browserchoice.exe" /run
"Facebook Update"="c:\documents and settings\Euromedica.EUROMEDI-09D832\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SoundMan"=SOUNDMAN.EXE
"VTTrayp"=VTtrayp.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"VTTimer"=VTTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Euromedica.EUROMEDI-09D832\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [9.10.2009 13:33 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [9.10.2009 13:33 52224]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [9.7.2012 13:59 2673064]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9.7.2012 14:00 25088]
S2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [3.5.2008 10:02 51072]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.7.2012 17:27 654408]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [7.5.2010 14:36 92008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.7.2012 17:27 22344]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18.12.2008 18:13 47360]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [8.10.2009 12:53 23600]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{ED7F9989-D856-4C7D-B7E0-04A828701671}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 23:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1757981266-682003330-1003\RemoteAccess\Profile\
r*]
"AutoConnect"=dword:00000000
.
Celkový čas: 2012-07-12 23:53:32
ComboFix-quarantined-files.txt 2012-07-12 21:53
ComboFix2.txt 2012-07-09 19:40
ComboFix3.txt 2012-07-09 13:23
ComboFix4.txt 2009-06-10 12:20
.
Před spuštěním: Volných bajtů: 20 961 656 832
Po spuštění: Volných bajtů: 20 974 284 800
.
- - End Of File - - B3EB27D3DA61AAA53385198FCF783C75

John.Ross · Příspěvek od **John.Ross** » 13 črc 2012 00:37

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-13 00:30:47
-----------------------------
00:30:47.390 OS Version: Windows 5.1.2600 Service Pack 3
00:30:47.390 Number of processors: 1 586 0x204
00:30:47.390 ComputerName: EUROMEDI-09D832 UserName: Euromedica
00:30:48.187 Initialize success
00:31:00.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:31:00.203 Disk 0 Vendor: ST340016A 3.19 Size: 38166MB BusType: 3
00:31:00.265 Disk 0 MBR read successfully
00:31:00.312 Disk 0 MBR scan
00:31:00.343 Disk 0 Windows XP default MBR code
00:31:00.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
00:31:00.421 Disk 0 scanning sectors +78156225
00:31:00.531 Disk 0 scanning C:\WINDOWS\system32\drivers
00:31:15.125 Service scanning
00:31:32.359 Modules scanning
00:31:39.281 Disk 0 trace - called modules:
00:31:39.312 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
00:31:39.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b14030]
00:31:39.328 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000061[0x88b152e0]
00:31:39.343 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x88b89d98]
00:31:39.375 Scan finished successfully
00:36:33.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Plocha\MBR.dat"
00:36:33.437 The log file has been saved successfully to "C:\Documents and Settings\Euromedica.EUROMEDI-09D832\Plocha\aswMBR.txt"

PC-HELP.CZ

CNEWS

prosím o kontrolu HJT pc je šílené

prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené

Re: prosím o kontrolu HJT pc je šílené