Pravděpodobné stažení viru - problém s registry Vyřešeno

[Hastalda]

...a log z TDSKiller:

22:53:54.0390 1184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:54:02.0656 1184 ============================================================
22:54:02.0656 1184 Current date / time: 2014/02/26 22:54:02.0656
22:54:02.0656 1184 SystemInfo:
22:54:02.0656 1184
22:54:02.0656 1184 OS Version: 5.1.2600 ServicePack: 3.0
22:54:02.0656 1184 Product type: Workstation
22:54:02.0656 1184 ComputerName: UGLY
22:54:02.0656 1184 UserName: 1102
22:54:02.0656 1184 Windows directory: C:\windows
22:54:02.0656 1184 System windows directory: C:\windows
22:54:02.0656 1184 Processor architecture: Intel x86
22:54:02.0656 1184 Number of processors: 1
22:54:02.0656 1184 Page size: 0x1000
22:54:02.0656 1184 Boot type: Normal boot
22:54:02.0656 1184 ============================================================
22:54:02.0968 1184 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:54:02.0968 1184 ============================================================
22:54:02.0968 1184 \Device\Harddisk0\DR0:
22:54:02.0968 1184 MBR partitions:
22:54:02.0968 1184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
22:54:02.0968 1184 ============================================================
22:54:03.0000 1184 C: <-> \Device\Harddisk0\DR0\Partition1
22:54:03.0000 1184 ============================================================
22:54:03.0000 1184 Initialize success
22:54:03.0000 1184 ============================================================
22:54:09.0062 3192 ============================================================
22:54:09.0062 3192 Scan started
22:54:09.0062 3192 Mode: Manual;
22:54:09.0062 3192 ============================================================
22:54:09.0140 3192 ================ Scan system memory ========================
22:54:09.0156 3192 System memory - ok
22:54:09.0156 3192 ================ Scan services =============================
22:54:09.0328 3192 Abiosdsk - ok
22:54:09.0328 3192 abp480n5 - ok
22:54:09.0390 3192 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
22:54:09.0390 3192 ACPI - ok
22:54:09.0453 3192 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
22:54:09.0453 3192 ACPIEC - ok
22:54:09.0546 3192 [ F7AB315A4D400CA876381D1E188A2E20 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:54:09.0546 3192 AdobeFlashPlayerUpdateSvc - ok
22:54:09.0562 3192 adpu160m - ok
22:54:09.0578 3192 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
22:54:09.0578 3192 aec - ok
22:54:09.0625 3192 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
22:54:09.0625 3192 AFD - ok
22:54:09.0640 3192 Aha154x - ok
22:54:09.0640 3192 aic78u2 - ok
22:54:09.0656 3192 aic78xx - ok
22:54:09.0843 3192 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\windows\system32\drivers\ALCXWDM.SYS
22:54:09.0859 3192 ALCXWDM - ok
22:54:09.0937 3192 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\windows\system32\alrsvc.dll
22:54:09.0937 3192 Alerter - ok
22:54:09.0953 3192 [ 88842DE939A827577BF24243699AC80A ] ALG C:\windows\System32\alg.exe
22:54:09.0953 3192 ALG - ok
22:54:09.0953 3192 AliIde - ok
22:54:10.0015 3192 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\windows\system32\DRIVERS\AmdK8.sys
22:54:10.0015 3192 AmdK8 - ok
22:54:10.0031 3192 amsint - ok
22:54:10.0078 3192 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\windows\System32\appmgmts.dll
22:54:10.0093 3192 AppMgmt - ok
22:54:10.0093 3192 asc - ok
22:54:10.0109 3192 asc3350p - ok
22:54:10.0109 3192 asc3550 - ok
22:54:10.0218 3192 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:54:10.0218 3192 aspnet_state - ok
22:54:10.0234 3192 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:54:10.0234 3192 AsyncMac - ok
22:54:10.0250 3192 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
22:54:10.0250 3192 atapi - ok
22:54:10.0265 3192 Atdisk - ok
22:54:10.0312 3192 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
22:54:10.0312 3192 atksgt - ok
22:54:10.0328 3192 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
22:54:10.0328 3192 Atmarpc - ok
22:54:10.0390 3192 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\windows\System32\audiosrv.dll
22:54:10.0390 3192 AudioSrv - ok
22:54:10.0421 3192 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
22:54:10.0421 3192 audstub - ok
22:54:10.0562 3192 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
22:54:10.0562 3192 Autodesk Licensing Service - ok
22:54:10.0593 3192 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
22:54:10.0593 3192 Beep - ok
22:54:10.0640 3192 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\windows\system32\qmgr.dll
22:54:10.0656 3192 BITS - ok
22:54:10.0703 3192 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\windows\System32\browser.dll
22:54:10.0703 3192 Browser - ok
22:54:10.0765 3192 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
22:54:10.0765 3192 cbidf2k - ok
22:54:10.0765 3192 cd20xrnt - ok
22:54:10.0828 3192 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
22:54:10.0828 3192 Cdaudio - ok
22:54:10.0828 3192 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
22:54:10.0843 3192 Cdfs - ok
22:54:10.0890 3192 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\windows\system32\drivers\cdrbsdrv.sys
22:54:10.0890 3192 cdrbsdrv - ok
22:54:10.0906 3192 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:54:10.0906 3192 Cdrom - ok
22:54:10.0921 3192 Changer - ok
22:54:10.0953 3192 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\windows\system32\cisvc.exe
22:54:10.0953 3192 CiSvc - ok
22:54:10.0984 3192 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\windows\system32\clipsrv.exe
22:54:10.0984 3192 ClipSrv - ok
22:54:11.0015 3192 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:11.0015 3192 clr_optimization_v2.0.50727_32 - ok
22:54:11.0031 3192 CmdIde - ok
22:54:11.0031 3192 COMSysApp - ok
22:54:11.0046 3192 Cpqarray - ok
22:54:11.0093 3192 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\windows\System32\cryptsvc.dll
22:54:11.0093 3192 CryptSvc - ok
22:54:11.0109 3192 dac2w2k - ok
22:54:11.0109 3192 dac960nt - ok
22:54:11.0171 3192 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\windows\system32\rpcss.dll
22:54:11.0171 3192 DcomLaunch - ok
22:54:11.0218 3192 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\windows\System32\dhcpcsvc.dll
22:54:11.0218 3192 Dhcp - ok
22:54:11.0234 3192 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
22:54:11.0234 3192 Disk - ok
22:54:11.0234 3192 dmadmin - ok
22:54:11.0281 3192 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\windows\system32\drivers\dmboot.sys
22:54:11.0296 3192 dmboot - ok
22:54:11.0312 3192 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\windows\system32\drivers\dmio.sys
22:54:11.0312 3192 dmio - ok
22:54:11.0343 3192 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
22:54:11.0343 3192 dmload - ok
22:54:11.0375 3192 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\windows\System32\dmserver.dll
22:54:11.0375 3192 dmserver - ok
22:54:11.0421 3192 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
22:54:11.0421 3192 DMusic - ok
22:54:11.0468 3192 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:54:11.0468 3192 Dnscache - ok
22:54:11.0531 3192 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\windows\System32\dot3svc.dll
22:54:11.0531 3192 Dot3svc - ok
22:54:11.0546 3192 dpti2o - ok
22:54:11.0578 3192 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:54:11.0578 3192 drmkaud - ok
22:54:11.0625 3192 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
22:54:11.0625 3192 dtsoftbus01 - ok
22:54:11.0671 3192 [ 9307BB1B5C3ED19517056E1F122D8C77 ] eamon C:\windows\system32\DRIVERS\eamon.sys
22:54:11.0671 3192 eamon - ok
22:54:11.0718 3192 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\windows\System32\eapsvc.dll
22:54:11.0718 3192 EapHost - ok
22:54:11.0765 3192 [ DF91159321C0991A2E2EB97C84DC4110 ] easdrv C:\windows\system32\DRIVERS\easdrv.sys
22:54:11.0765 3192 easdrv - ok
22:54:11.0843 3192 [ 18773D7229A47612C063E39B8EA07EBB ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:54:11.0843 3192 EhttpSrv - ok
22:54:11.0890 3192 [ 69EDD345F4EC07BA35E3D0D718D89071 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
22:54:11.0890 3192 ekrn - ok
22:54:11.0906 3192 [ E5FD8F94EA5E8BE3E5AEFBCADFDEC2CF ] epfw C:\windows\system32\DRIVERS\epfw.sys
22:54:11.0906 3192 epfw - ok
22:54:11.0921 3192 [ E0B251DC16C6DF74BD6B2B8F5AAD7ABB ] Epfwndis C:\windows\system32\DRIVERS\Epfwndis.sys
22:54:11.0921 3192 Epfwndis - ok
22:54:11.0937 3192 [ 269ADC224B5946AD75D8368CE91F5ED7 ] epfwtdi C:\windows\system32\DRIVERS\epfwtdi.sys
22:54:11.0937 3192 epfwtdi - ok
22:54:11.0968 3192 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\windows\System32\ersvc.dll
22:54:11.0968 3192 ERSvc - ok
22:54:12.0031 3192 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\windows\system32\services.exe
22:54:12.0031 3192 Eventlog - ok
22:54:12.0093 3192 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
22:54:12.0109 3192 EventSystem - ok
22:54:12.0125 3192 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
22:54:12.0125 3192 Fastfat - ok
22:54:12.0171 3192 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
22:54:12.0187 3192 FastUserSwitchingCompatibility - ok
22:54:12.0203 3192 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
22:54:12.0203 3192 Fdc - ok
22:54:12.0250 3192 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\windows\system32\drivers\Fips.sys
22:54:12.0250 3192 Fips - ok
22:54:12.0281 3192 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:54:12.0281 3192 Flpydisk - ok
22:54:12.0281 3192 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:54:12.0281 3192 FltMgr - ok
22:54:12.0343 3192 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:54:12.0343 3192 FontCache3.0.0.0 - ok
22:54:12.0375 3192 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:54:12.0375 3192 Fs_Rec - ok
22:54:12.0390 3192 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
22:54:12.0390 3192 Ftdisk - ok
22:54:12.0406 3192 GMSIPCI - ok
22:54:12.0437 3192 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
22:54:12.0437 3192 Gpc - ok
22:54:12.0531 3192 [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru C:\Program Files\Guard-ICQ\GuardICQ.exe
22:54:12.0546 3192 Guard.Mail.ru - ok
22:54:12.0656 3192 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:12.0656 3192 gupdate - ok
22:54:12.0656 3192 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:12.0656 3192 gupdatem - ok
22:54:12.0734 3192 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:54:12.0734 3192 helpsvc - ok
22:54:12.0750 3192 HidServ - ok
22:54:12.0812 3192 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:54:12.0812 3192 HidUsb - ok
22:54:12.0843 3192 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\windows\System32\kmsvc.dll
22:54:12.0843 3192 hkmsvc - ok
22:54:12.0859 3192 hpn - ok
22:54:13.0031 3192 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:54:13.0031 3192 hpqcxs08 - ok
22:54:13.0078 3192 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:54:13.0078 3192 hpqddsvc - ok
22:54:13.0140 3192 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:54:13.0187 3192 HPSLPSVC - ok
22:54:13.0234 3192 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\windows\system32\DRIVERS\HPZid412.sys
22:54:13.0234 3192 HPZid412 - ok
22:54:13.0296 3192 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\windows\system32\DRIVERS\HPZipr12.sys
22:54:13.0296 3192 HPZipr12 - ok
22:54:13.0343 3192 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\windows\system32\DRIVERS\HPZius12.sys
22:54:13.0343 3192 HPZius12 - ok
22:54:13.0390 3192 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
22:54:13.0406 3192 HTTP - ok
22:54:13.0437 3192 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\windows\System32\w3ssl.dll
22:54:13.0437 3192 HTTPFilter - ok
22:54:13.0453 3192 i2omgmt - ok
22:54:13.0453 3192 i2omp - ok
22:54:13.0484 3192 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:54:13.0484 3192 i8042prt - ok
22:54:13.0609 3192 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:54:13.0609 3192 idsvc - ok
22:54:13.0625 3192 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
22:54:13.0625 3192 Imapi - ok
22:54:13.0687 3192 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\windows\system32\imapi.exe
22:54:13.0687 3192 ImapiService - ok
22:54:13.0687 3192 ini910u - ok
22:54:13.0703 3192 IntelIde - ok
22:54:13.0765 3192 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
22:54:13.0765 3192 Ip6Fw - ok
22:54:13.0796 3192 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:54:13.0812 3192 IpFilterDriver - ok
22:54:13.0812 3192 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
22:54:13.0812 3192 IpInIp - ok
22:54:13.0875 3192 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
22:54:13.0875 3192 IpNat - ok
22:54:13.0890 3192 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
22:54:13.0890 3192 IPSec - ok
22:54:13.0906 3192 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
22:54:13.0906 3192 IRENUM - ok
22:54:13.0937 3192 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
22:54:13.0937 3192 isapnp - ok
22:54:13.0953 3192 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:54:13.0953 3192 Kbdclass - ok
22:54:14.0000 3192 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
22:54:14.0015 3192 kmixer - ok
22:54:14.0031 3192 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
22:54:14.0046 3192 KSecDD - ok
22:54:14.0078 3192 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\windows\System32\srvsvc.dll
22:54:14.0078 3192 lanmanserver - ok
22:54:14.0125 3192 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\windows\System32\wkssvc.dll
22:54:14.0125 3192 lanmanworkstation - ok
22:54:14.0140 3192 lbrtfdc - ok
22:54:14.0187 3192 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
22:54:14.0187 3192 lirsgt - ok
22:54:14.0250 3192 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\windows\System32\lmhsvc.dll
22:54:14.0250 3192 LmHosts - ok
22:54:14.0281 3192 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\windows\System32\msgsvc.dll
22:54:14.0281 3192 Messenger - ok
22:54:14.0312 3192 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
22:54:14.0312 3192 mnmdd - ok
22:54:14.0359 3192 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:54:14.0359 3192 mnmsrvc - ok
22:54:14.0390 3192 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\windows\system32\drivers\Modem.sys
22:54:14.0390 3192 Modem - ok
22:54:14.0406 3192 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:54:14.0406 3192 Mouclass - ok
22:54:14.0453 3192 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:54:14.0453 3192 mouhid - ok
22:54:14.0453 3192 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
22:54:14.0453 3192 MountMgr - ok
22:54:14.0468 3192 mraid35x - ok
22:54:14.0484 3192 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
22:54:14.0484 3192 MRxDAV - ok
22:54:14.0531 3192 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:54:14.0531 3192 MRxSmb - ok
22:54:14.0578 3192 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:54:14.0578 3192 MSDTC - ok
22:54:14.0593 3192 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:54:14.0593 3192 Msfs - ok
22:54:14.0593 3192 MSICPL - ok
22:54:14.0609 3192 MSIServer - ok
22:54:14.0640 3192 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:54:14.0640 3192 MSKSSRV - ok
22:54:14.0656 3192 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:54:14.0656 3192 MSPCLOCK - ok
22:54:14.0703 3192 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:54:14.0703 3192 MSPQM - ok
22:54:14.0703 3192 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:54:14.0703 3192 mssmbios - ok
22:54:14.0734 3192 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
22:54:14.0734 3192 Mup - ok
22:54:14.0796 3192 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\windows\System32\qagentrt.dll
22:54:14.0812 3192 napagent - ok
22:54:14.0953 3192 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:54:14.0968 3192 NBService - ok
22:54:14.0984 3192 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
22:54:14.0984 3192 NDIS - ok
22:54:15.0031 3192 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:54:15.0031 3192 NdisTapi - ok

[Reklama]

[Hastalda]

22:54:15.0078 3192 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:54:15.0078 3192 Ndisuio - ok
22:54:15.0109 3192 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:54:15.0125 3192 NdisWan - ok
22:54:15.0156 3192 [ 2F597BB467E05B1FE3830EABD821B8E0 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:54:15.0156 3192 NDProxy - ok
22:54:15.0203 3192 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
22:54:15.0203 3192 Net Driver HPZ12 - ok
22:54:15.0234 3192 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:54:15.0234 3192 NetBIOS - ok
22:54:15.0281 3192 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:54:15.0281 3192 NetBT - ok
22:54:15.0328 3192 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\windows\system32\netdde.exe
22:54:15.0343 3192 NetDDE - ok
22:54:15.0343 3192 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\windows\system32\netdde.exe
22:54:15.0343 3192 NetDDEdsdm - ok
22:54:15.0390 3192 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\windows\system32\lsass.exe
22:54:15.0390 3192 Netlogon - ok
22:54:15.0437 3192 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\windows\System32\netman.dll
22:54:15.0437 3192 Netman - ok
22:54:15.0484 3192 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:15.0484 3192 NetTcpPortSharing - ok
22:54:15.0515 3192 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\windows\System32\mswsock.dll
22:54:15.0515 3192 Nla - ok
22:54:15.0625 3192 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:54:15.0625 3192 NMIndexingService - ok
22:54:15.0718 3192 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
22:54:15.0718 3192 NMSAccess - ok
22:54:15.0781 3192 [ A32EA921CD2E99E9C180B1D478B4DA0F ] Nokia USB Generic C:\windows\system32\drivers\nmwcdc.sys
22:54:15.0781 3192 Nokia USB Generic - ok
22:54:15.0812 3192 [ EEFF633BC334D09DC4DB5BF48E466A0A ] Nokia USB Modem C:\windows\system32\drivers\nmwcdcm.sys
22:54:15.0812 3192 Nokia USB Modem - ok
22:54:15.0843 3192 [ D2E494F5B5748628CE2823C187CDDA7F ] Nokia USB Phone Parent C:\windows\system32\drivers\nmwcd.sys
22:54:15.0843 3192 Nokia USB Phone Parent - ok
22:54:15.0875 3192 [ EEFF633BC334D09DC4DB5BF48E466A0A ] Nokia USB Port C:\windows\system32\drivers\nmwcdcj.sys
22:54:15.0875 3192 Nokia USB Port - ok
22:54:15.0906 3192 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
22:54:15.0906 3192 Npfs - ok
22:54:15.0921 3192 NTACCESS - ok
22:54:15.0984 3192 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:54:15.0984 3192 Ntfs - ok
22:54:15.0984 3192 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\windows\system32\lsass.exe
22:54:15.0984 3192 NtLmSsp - ok
22:54:16.0046 3192 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
22:54:16.0062 3192 NtmsSvc - ok
22:54:16.0078 3192 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
22:54:16.0078 3192 Null - ok
22:54:16.0531 3192 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\windows\system32\DRIVERS\nv4_mini.sys
22:54:16.0609 3192 nv - ok
22:54:16.0671 3192 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\windows\system32\DRIVERS\nvata.sys
22:54:16.0671 3192 nvata - ok
22:54:16.0703 3192 [ 720CC533EECB65553BD86B139CA04433 ] NVENETFD C:\windows\system32\DRIVERS\NVENETFD.sys
22:54:16.0703 3192 NVENETFD - ok
22:54:16.0734 3192 [ 5F9F545CC5904DD8765F84EE1D056406 ] nvnetbus C:\windows\system32\DRIVERS\nvnetbus.sys
22:54:16.0734 3192 nvnetbus - ok
22:54:16.0765 3192 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
22:54:16.0765 3192 NwlnkFlt - ok
22:54:16.0796 3192 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
22:54:16.0796 3192 NwlnkFwd - ok
22:54:16.0859 3192 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:16.0859 3192 ose - ok
22:54:16.0921 3192 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\windows\system32\DRIVERS\parport.sys
22:54:16.0921 3192 Parport - ok
22:54:16.0937 3192 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
22:54:16.0937 3192 PartMgr - ok
22:54:16.0968 3192 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\windows\system32\drivers\ParVdm.sys
22:54:16.0968 3192 ParVdm - ok
22:54:17.0000 3192 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\windows\system32\DRIVERS\pci.sys
22:54:17.0000 3192 PCI - ok
22:54:17.0015 3192 PCIDump - ok
22:54:17.0031 3192 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\windows\system32\DRIVERS\pciide.sys
22:54:17.0031 3192 PCIIde - ok
22:54:17.0046 3192 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
22:54:17.0046 3192 Pcmcia - ok
22:54:17.0093 3192 [ CD2425FD848E5FA09C9A213DA56817A9 ] Pcouffin C:\windows\system32\Drivers\Pcouffin.sys
22:54:17.0093 3192 Pcouffin - ok
22:54:17.0093 3192 PDCOMP - ok
22:54:17.0109 3192 PDFRAME - ok
22:54:17.0109 3192 PDRELI - ok
22:54:17.0125 3192 PDRFRAME - ok
22:54:17.0125 3192 perc2 - ok
22:54:17.0140 3192 perc2hib - ok
22:54:17.0171 3192 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\windows\system32\services.exe
22:54:17.0171 3192 PlugPlay - ok
22:54:17.0218 3192 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
22:54:17.0218 3192 Pml Driver HPZ12 - ok
22:54:17.0234 3192 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\windows\system32\lsass.exe
22:54:17.0234 3192 PolicyAgent - ok
22:54:17.0296 3192 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:54:17.0296 3192 PptpMiniport - ok
22:54:17.0312 3192 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\windows\system32\DRIVERS\processr.sys
22:54:17.0312 3192 Processor - ok
22:54:17.0312 3192 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\windows\system32\lsass.exe
22:54:17.0312 3192 ProtectedStorage - ok
22:54:17.0328 3192 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
22:54:17.0328 3192 PSched - ok
22:54:17.0343 3192 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
22:54:17.0343 3192 Ptilink - ok
22:54:17.0375 3192 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
22:54:17.0375 3192 PxHelp20 - ok
22:54:17.0375 3192 ql1080 - ok
22:54:17.0390 3192 Ql10wnt - ok
22:54:17.0390 3192 ql12160 - ok
22:54:17.0406 3192 ql1240 - ok
22:54:17.0406 3192 ql1280 - ok
22:54:17.0437 3192 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:54:17.0437 3192 RasAcd - ok
22:54:17.0468 3192 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\windows\System32\rasauto.dll
22:54:17.0484 3192 RasAuto - ok
22:54:17.0515 3192 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:54:17.0515 3192 Rasl2tp - ok
22:54:17.0562 3192 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\windows\System32\rasmans.dll
22:54:17.0578 3192 RasMan - ok
22:54:17.0578 3192 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:54:17.0578 3192 RasPppoe - ok
22:54:17.0593 3192 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
22:54:17.0593 3192 Raspti - ok
22:54:17.0656 3192 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:54:17.0656 3192 Rdbss - ok
22:54:17.0656 3192 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:54:17.0656 3192 RDPCDD - ok
22:54:17.0687 3192 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
22:54:17.0687 3192 rdpdr - ok
22:54:17.0750 3192 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:54:17.0750 3192 RDPWD - ok
22:54:17.0796 3192 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:54:17.0796 3192 RDSessMgr - ok
22:54:17.0812 3192 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
22:54:17.0812 3192 redbook - ok
22:54:17.0859 3192 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\windows\System32\mprdim.dll
22:54:17.0859 3192 RemoteAccess - ok
22:54:17.0906 3192 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\windows\system32\regsvc.dll
22:54:17.0906 3192 RemoteRegistry - ok
22:54:17.0937 3192 [ 07CF2D08A49D6ABA475D00C7E7E4186B ] rockusb C:\windows\system32\DRIVERS\rockusb.sys
22:54:17.0937 3192 rockusb - ok
22:54:17.0968 3192 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\windows\system32\locator.exe
22:54:17.0968 3192 RpcLocator - ok
22:54:18.0015 3192 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\windows\System32\rpcss.dll
22:54:18.0015 3192 RpcSs - ok
22:54:18.0062 3192 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\windows\system32\rsvp.exe
22:54:18.0062 3192 RSVP - ok
22:54:18.0062 3192 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\windows\system32\lsass.exe
22:54:18.0062 3192 SamSs - ok
22:54:18.0109 3192 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\windows\System32\SCardSvr.exe
22:54:18.0125 3192 SCardSvr - ok
22:54:18.0171 3192 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\windows\system32\schedsvc.dll
22:54:18.0171 3192 Schedule - ok
22:54:18.0234 3192 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
22:54:18.0234 3192 Secdrv - ok
22:54:18.0281 3192 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\windows\System32\seclogon.dll
22:54:18.0281 3192 seclogon - ok
22:54:18.0328 3192 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\windows\system32\sens.dll
22:54:18.0328 3192 SENS - ok
22:54:18.0375 3192 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
22:54:18.0375 3192 serenum - ok
22:54:18.0390 3192 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\windows\system32\DRIVERS\serial.sys
22:54:18.0390 3192 Serial - ok
22:54:18.0500 3192 [ BF1ADC427620E14F45BC00447524A1DC ] ServiceLayer C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
22:54:18.0500 3192 ServiceLayer - ok
22:54:18.0546 3192 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
22:54:18.0546 3192 Sfloppy - ok
22:54:18.0593 3192 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\windows\System32\ipnathlp.dll
22:54:18.0593 3192 SharedAccess - ok
22:54:18.0625 3192 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:54:18.0625 3192 ShellHWDetection - ok
22:54:18.0625 3192 Simbad - ok
22:54:18.0687 3192 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:54:18.0687 3192 SkypeUpdate - ok
22:54:18.0703 3192 Sparrow - ok
22:54:18.0750 3192 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
22:54:18.0750 3192 splitter - ok
22:54:18.0812 3192 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
22:54:18.0812 3192 Spooler - ok
22:54:18.0859 3192 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\windows\system32\DRIVERS\sr.sys
22:54:18.0859 3192 sr - ok
22:54:18.0906 3192 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\windows\system32\srsvc.dll
22:54:18.0921 3192 srservice - ok
22:54:18.0968 3192 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
22:54:18.0984 3192 Srv - ok
22:54:19.0031 3192 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:54:19.0031 3192 SSDPSRV - ok
22:54:19.0093 3192 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\windows\system32\wiaservc.dll
22:54:19.0109 3192 stisvc - ok
22:54:19.0156 3192 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:54:19.0156 3192 swenum - ok
22:54:19.0171 3192 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
22:54:19.0171 3192 swmidi - ok
22:54:19.0171 3192 SwPrv - ok
22:54:19.0187 3192 symc810 - ok
22:54:19.0187 3192 symc8xx - ok
22:54:19.0203 3192 sym_hi - ok
22:54:19.0203 3192 sym_u3 - ok
22:54:19.0234 3192 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
22:54:19.0234 3192 sysaudio - ok
22:54:19.0265 3192 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\windows\system32\smlogsvc.exe
22:54:19.0265 3192 SysmonLog - ok
22:54:19.0312 3192 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\windows\System32\tapisrv.dll
22:54:19.0312 3192 TapiSrv - ok
22:54:19.0375 3192 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
22:54:19.0375 3192 Tcpip - ok
22:54:19.0421 3192 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
22:54:19.0421 3192 TDPIPE - ok
22:54:19.0421 3192 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
22:54:19.0421 3192 TDTCP - ok
22:54:19.0468 3192 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:54:19.0468 3192 TermDD - ok
22:54:19.0531 3192 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\windows\System32\termsrv.dll
22:54:19.0546 3192 TermService - ok
22:54:19.0562 3192 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\windows\System32\shsvcs.dll
22:54:19.0562 3192 Themes - ok
22:54:19.0609 3192 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:54:19.0609 3192 TlntSvr - ok
22:54:19.0609 3192 TosIde - ok
22:54:19.0656 3192 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\windows\system32\trkwks.dll
22:54:19.0656 3192 TrkWks - ok
22:54:19.0703 3192 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
22:54:19.0703 3192 Udfs - ok
22:54:19.0718 3192 ultra - ok
22:54:19.0781 3192 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
22:54:19.0781 3192 Update - ok
22:54:19.0812 3192 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\windows\System32\upnphost.dll
22:54:19.0812 3192 upnphost - ok
22:54:19.0859 3192 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\windows\System32\ups.exe
22:54:19.0859 3192 UPS - ok
22:54:19.0890 3192 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:54:19.0890 3192 usbccgp - ok
22:54:19.0906 3192 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:54:19.0906 3192 usbehci - ok
22:54:19.0953 3192 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:54:19.0953 3192 usbhub - ok
22:54:20.0000 3192 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
22:54:20.0000 3192 usbohci - ok
22:54:20.0031 3192 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:54:20.0031 3192 usbprint - ok
22:54:20.0078 3192 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
22:54:20.0078 3192 usbscan - ok
22:54:20.0093 3192 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:54:20.0093 3192 USBSTOR - ok
22:54:20.0125 3192 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
22:54:20.0125 3192 VgaSave - ok
22:54:20.0140 3192 ViaIde - ok
22:54:20.0187 3192 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
22:54:20.0187 3192 VolSnap - ok
22:54:20.0234 3192 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\windows\System32\vssvc.exe
22:54:20.0250 3192 VSS - ok
22:54:20.0296 3192 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\windows\system32\w32time.dll
22:54:20.0312 3192 W32Time - ok
22:54:20.0312 3192 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
22:54:20.0312 3192 Wanarp - ok
22:54:20.0328 3192 WDICA - ok
22:54:20.0359 3192 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
22:54:20.0359 3192 wdmaud - ok
22:54:20.0421 3192 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\windows\System32\webclnt.dll
22:54:20.0421 3192 WebClient - ok
22:54:20.0484 3192 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:54:20.0484 3192 winmgmt - ok
22:54:20.0593 3192 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:54:20.0609 3192 wlidsvc - ok
22:54:20.0640 3192 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll
22:54:20.0640 3192 WmdmPmSN - ok
22:54:20.0703 3192 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\windows\System32\advapi32.dll
22:54:20.0703 3192 Wmi - ok
22:54:20.0750 3192 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:54:20.0750 3192 WmiApSrv - ok
22:54:20.0859 3192 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:54:20.0859 3192 WMPNetworkSvc - ok
22:54:20.0906 3192 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
22:54:20.0906 3192 WS2IFSL - ok
22:54:20.0953 3192 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\windows\system32\wscsvc.dll
22:54:20.0953 3192 wscsvc - ok
22:54:21.0000 3192 [ C1364564800EE9784192145324A23308 ] wuauserv C:\windows\system32\wuauserv.dll
22:54:21.0000 3192 wuauserv - ok
22:54:21.0046 3192 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
22:54:21.0046 3192 WudfPf - ok
22:54:21.0062 3192 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
22:54:21.0062 3192 WudfRd - ok
22:54:21.0078 3192 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll
22:54:21.0078 3192 WudfSvc - ok
22:54:21.0140 3192 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\windows\System32\wzcsvc.dll
22:54:21.0171 3192 WZCSVC - ok
22:54:21.0218 3192 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\windows\System32\xmlprov.dll
22:54:21.0234 3192 xmlprov - ok
22:54:21.0234 3192 ================ Scan global ===============================
22:54:21.0281 3192 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\windows\system32\basesrv.dll
22:54:21.0328 3192 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\windows\system32\winsrv.dll
22:54:21.0359 3192 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\windows\system32\winsrv.dll
22:54:21.0375 3192 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\windows\system32\services.exe
22:54:21.0375 3192 [Global] - ok
22:54:21.0375 3192 ================ Scan MBR ==================================
22:54:21.0390 3192 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
22:54:21.0515 3192 \Device\Harddisk0\DR0 - ok
22:54:21.0515 3192 ================ Scan VBR ==================================
22:54:21.0515 3192 [ DE0575E787F4652E506336DDC29C2CE7 ] \Device\Harddisk0\DR0\Partition1
22:54:21.0515 3192 \Device\Harddisk0\DR0\Partition1 - ok
22:54:21.0515 3192 ============================================================
22:54:21.0515 3192 Scan finished
22:54:21.0515 3192 ============================================================
22:54:21.0531 1800 Detected object count: 0
22:54:21.0531 1800 Actual detected object count: 0
22:55:30.0203 1740 Deinitialize success

[Hastalda]

Nevím proč, ale po restartu a opětovném zapnutí PC se mi z ničeho nic změnilo "oko" esetu z barvy modré na oranžovou a hlasí, že není zajištěna maximální ochrana. Když rozkliknu - je uvedeno, že Antivirus a Antispyware, Personální firewall a Antispamová ochrana je zajištěna, ale virová databáze byla zastavena. Vůbec to nechápu...

Ještě se mi po přihlášení na krátkou dobu podbarvily ikony - některých programů - na ploše PC (ale nevím, jestli má nějaký dopad).

Jinak jsem nechala smazat vyhledané prvky a logy jsem vložila.

[Hastalda]

Ještě jedna věc - teďka mi potřetí vyskočilo malé okno s hláškou: "Stack overflow at line: 20", ale opět netuším oč jde, k čemu se vztahuje a zda má nějaký význam/problém ?? Radši uvádim, pokud by mělo nějakou souvislost...

[jaro3]

Přetečení zásobníku nejspíš RAM nestačí dodávat data.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Hastalda]

Po spuštění ComboFixu hlásilo, že není nainstalována nějaká konzole pro zotavení a nabídlo její instalaci, radši jsem ale potvrdila "NE" - snad správně. Tak vkládám log:

ComboFix 14-02-24.02 - 1102 27.02.2014 11:30:53.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.597 [GMT 1:00]
Spuštěný z: c:\documents and settings\1102\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-27 do 2014-02-27 )))))))))))))))))))))))))))))))
.
.
2014-02-26 19:55 . 2014-02-26 19:55 -------- d-----w- c:\windows\ERUNT
2014-02-26 11:05 . 2014-02-26 19:48 -------- d-----w- C:\AdwCleaner
2014-02-25 19:27 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-25 19:27 . 2014-02-25 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 21:27 . 2012-06-12 09:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-20 21:27 . 2011-10-01 18:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 03:38 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:08 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2004-08-17 13:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-17 13:49 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 57344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2013-03-17 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDUiP6220DMon"="c:\program files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 69632]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-03-22 851968]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2013-03-17 1564368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.5.2012 10:11 242240]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.7.2008 8:53 468224]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [8.3.2008 21:05 47360]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [17.3.2013 11:14 1564368]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19.4.2013 14:14 161384]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [8.12.2011 15:02 80680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 21:27]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-11 10:34]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-11 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: Interfaces\{34500D98-2486-431E-A3B7-698B3FC9DB9E}: NameServer = 194.228.41.65,194.228.41.113
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-27 11:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2014-02-27 11:42:48
ComboFix-quarantined-files.txt 2014-02-27 10:42
.
Před spuštěním: Volných bajtů: 25 938 698 240
Po spuštění: Volných bajtů: 25 908 359 168
.
- - End Of File - - 6C7042014411243C1E73D757D96F0688
413FC2A0C716421B3158746D63736515

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Hastalda]

Vkládám logy:

Nový log z ComboFix:

ComboFix 14-02-24.02 - 1102 27.02.2014 19:52:31.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.648 [GMT 1:00]
Spuštěný z: c:\documents and settings\1102\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\1102\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.22.5\goopdate.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.22.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.22.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.22.5\psmachine.dll
c:\program files\Google\Update\1.3.22.5\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.2.2041\GoogleEarth-Win-Bundle-7.1.2.2041.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-27 do 2014-02-27 )))))))))))))))))))))))))))))))
.
.
2014-02-26 19:55 . 2014-02-26 19:55 -------- d-----w- c:\windows\ERUNT
2014-02-26 11:05 . 2014-02-26 19:48 -------- d-----w- C:\AdwCleaner
2014-02-25 19:27 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-25 19:27 . 2014-02-25 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 21:27 . 2012-06-12 09:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-20 21:27 . 2011-10-01 18:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 03:38 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:08 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2004-08-17 13:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-17 13:49 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 57344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2013-03-17 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDUiP6220DMon"="c:\program files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 69632]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-03-22 851968]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2013-03-17 1564368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.5.2012 10:11 242240]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.7.2008 8:53 468224]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [17.3.2013 11:14 1564368]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [8.3.2008 21:05 47360]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [8.12.2011 15:02 80680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 21:27]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: Interfaces\{34500D98-2486-431E-A3B7-698B3FC9DB9E}: NameServer = 194.228.41.65,194.228.41.113
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-27 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3940)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Celkový čas: 2014-02-27 20:10:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-27 19:10
ComboFix2.txt 2014-02-27 10:42
.
Před spuštěním: Volných bajtů: 25 804 668 928
Po spuštění: Volných bajtů: 25 785 647 104
.
- - End Of File - - 6E9617972DD3FC6297644A9FE1885D4E
413FC2A0C716421B3158746D63736515

[Hastalda]

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:23, on 27.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\windows\explorer.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{34500D98-2486-431E-A3B7-698B3FC9DB9E}: NameServer = 194.228.41.65,194.228.41.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{34500D98-2486-431E-A3B7-698B3FC9DB9E}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/1102/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8166 bytes

[Hastalda]

a log z aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-27 20:15:49
-----------------------------
20:15:49.875 OS Version: Windows 5.1.2600 Service Pack 3
20:15:49.875 Number of processors: 1 586 0x2F02
20:15:49.875 ComputerName: UGLY UserName: 1102
20:15:50.343 Initialize success
20:16:01.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
20:16:01.625 Disk 0 Vendor: WDC_WD2000JS-00NCB1 10.02E02 Size: 190782MB BusType: 3
20:16:01.781 Disk 0 MBR read successfully
20:16:01.781 Disk 0 MBR scan
20:16:01.781 Disk 0 Windows XP default MBR code
20:16:01.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63
20:16:01.781 Disk 0 scanning sectors +390700800
20:16:01.843 Disk 0 scanning C:\windows\system32\drivers
20:16:13.609 Service scanning
20:16:16.640 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
20:16:18.453 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
20:16:19.921 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
20:16:24.781 Modules scanning
20:16:31.359 Disk 0 trace - called modules:
20:16:31.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
20:16:31.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f7eab8]
20:16:31.859 3 CLASSPNP.SYS[f7594fd7] -> nt!IofCallDriver -> \Device\00000072[0x86f7ff18]
20:16:31.859 5 ACPI.sys[f742b620] -> nt!IofCallDriver -> \Device\00000071[0x86f7e030]
20:16:31.859 Scan finished successfully
20:16:45.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\1102\Plocha\MBR.dat"
20:16:45.968 The log file has been saved successfully to "C:\Documents and Settings\1102\Plocha\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"


Co problémy?

[Hastalda]

Dneska jsem měla během dne trochu problémy s načítáním webových stránek, někdy se "kouslo" třeba i na půl minuty, na stránkách, kde byly obrázky, banery apod. byl jen červený křížek, nic jiného se nezobrazovalo. Stránky, kde jsem potřebovala login (např. pracovní databáze, e-mail-pošta nebo třeba stránky PC-HELP), se mi načítalo přihlášení stále a stále, až spadlo do "error" (po opětovném restartu už login prošel). Podobně pracovaly office, excel se mi v rámci kontingenčních tabulek "kousal" a musela jsem vždy "natvrdo" uzavírat a opětovně nastavit.

K poslednímu postupu jsem se tak dostala až teď - všechno jsem udělala podle popsaného, vyčistila a pak fixla ty položky v HJT a ! po restartu se už neobjevila žádná z avizovaných chybových hlášek, ani všechna upozornění ohledně registrů, ani ohledně paměti, ani ta hláška ohledně přetečení zásobníku dat. Dokonce se mi už ani nepodbarvují ikony některých programů na ploše (což se do včerejška pořád po přihlášení dělo). Nevím jestli bych měla něco překontrolovat, ale rozhodně to teďka vypadá dobře. Jaro3, kéž by..

Jediné, že mi Eset zůstal od včerejška červený - upozorňující, že není zajištěna maximální kontrola PC, ale když rozkliknu "oko", Antivirová a Antispamová ochrana, stejně jako Personální firewall běží standardně. Tak nevim... Tady bych se chtěla poradit, jestli by teda nebylo lepší k tomu esetu (ESET Smart Security) doinstalovat ještě COMODO Internet security ??? ..nebo to mám radši nechat takhle, naprosto vůbec tomu nerozumím..

Každopádně to podle mě už teďka vypadá dobře - ty problémy s registry se už neobjevují, ani nevyskakují ty pop-up zprávy.