Prosím o kontrolu, Eset hlásí vir WIN:32 Vyřešeno

[honzabalaz]

prosím o kontrolu logu,eset mi nahlásil vir WIN 32 a nemihu se ho zbavit,děkuji.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:36, on 4.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.humlak.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O24 - Desktop Component 0: (no name) - http://www.seznam.cz/st/img/settings/skin-9.gif

--
End of file - 11582 bytes

[Reklama]

[memphisto]

Odinstaluj McAfee Security Scan

v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: CENZURA Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[honzabalaz]

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.04.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HONZA :: DOMA-2505171A1F [administrator]

4.2.2013 16:31:29
MBAM-log-2013-02-04 (16-43-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216446
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run|NVIDIA driver monitor (Trojan.Agent.Gen) -> Data: C:\Documents and Settings\HONZA\Dokumenty\Downloads\P17535732.JPG-www.facebook.exe -> No action taken.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\nvsvc32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HONZA\Nabídka Start\.url (Malware.Trace) -> No action taken.

(end)

[honzabalaz]

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HONZA - DOMA-2505171A1F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HONZA\Plocha\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin.xml
File Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin-1.xml
File Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin-2.xml
File Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin-3.xml
File Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\SweetIm.xml
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Found : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found : C:\Documents and Settings\All Users\Data aplikací\SweetIM
Folder Found : C:\Documents and Settings\HONZA\Data aplikací\Desktopicon
Folder Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Folder Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\extensions\toolbar@ask.com
Folder Found : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\SweetIMToolbarData
Folder Found : C:\Documents and Settings\HONZA\Data aplikací\OpenCandy
Folder Found : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\APN
Folder Found : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\AskToolbar
Folder Found : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\OpenCandy
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\ICQ6Toolbar
Folder Found : C:\Program Files\CENZURA Toolbar

***** [Registry] *****

Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-117609710-2139871995-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-117609710-2139871995-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.startup.homepage", "hxxp://eu.ask.com/?l=dis&o=APN10374&gct=hp");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SGT&o=APN10374&local[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "ICQ Search");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "ICQ Search");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://start.icq.com/");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.simapp_id", "{738088E5-BAED-11DE-B083-001C253F1E78}");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Found : user_pref("sweetim.toolbar.version", "1.1.0.0");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.icq.com/search/afe_results.php?[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

Found [l.13] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10374cr&gct=hp",
Found [l.66] : icon_url = "hxxp://www.ask.com/favicon.ico",
Found [l.69] : keyword = "ask.com",
Found [l.72] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=SGT&o=APN10374&locale=en_EU&apn_uid=ac29759f-b34b-48fd-864b-eb87cbd89182&apn_ptnrs=%5EAHO&apn_sauid=88720A68-190B-4EA0-9E4E-9447206E78B3&apn_dtid=%5EYYYYYY%5EYY%5ECZ&q={searchTerms}",
Found [l.73] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Found [l.1745] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10374cr&gct=hp",

*************************

AdwCleaner[R1].txt - [10112 octets] - [04/02/2013 16:46:52]

########## EOF - C:\AdwCleaner[R1].txt - [10173 octets] ##########

[Žbeky]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“)
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt), jeho obsah sem celý vlož.

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[honzabalaz]

# AdwCleaner v2.110 - Logfile created 02/05/2013 at 11:13:23
# Updated 03/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HONZA - DOMA-2505171A1F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HONZA\Plocha\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\searchplugins\SweetIm.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\SweetIM
Folder Deleted : C:\Documents and Settings\HONZA\Data aplikací\Desktopicon
Folder Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Folder Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\HONZA\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\APN
Folder Deleted : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\OpenCandy
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\CENZURA Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\HONZA\Data aplikací\Mozilla\Firefox\Profiles\z7v4z4h6.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://eu.ask.com/?l=dis&o=APN10374&gct=hp");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SGT&o=APN10374&local[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "ICQ Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "ICQ Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://start.icq.com/");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{738088E5-BAED-11DE-B083-001C253F1E78}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.1.0.0");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.icq.com/search/afe_results.php?[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\HONZA\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10374cr&gct=hp",
Deleted [l.66] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.69] : keyword = "ask.com",
Deleted [l.72] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=SGT&o=APN10374&locale=en_[...]
Deleted [l.73] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Deleted [l.1745] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10374cr&gct=hp",

*************************

AdwCleaner[R1].txt - [10243 octets] - [04/02/2013 16:46:52]
AdwCleaner[R2].txt - [10334 octets] - [05/02/2013 11:12:58]
AdwCleaner[S1].txt - [380 octets] - [05/02/2013 11:11:51]
AdwCleaner[S2].txt - [10043 octets] - [05/02/2013 11:13:23]

########## EOF - C:\AdwCleaner[S2].txt - [10104 octets] ##########

[honzabalaz]

první log nemohu najít z mbam, ale udělal jsem to ještě jednou a tady je log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.04.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HONZA :: DOMA-2505171A1F [administrator]

5.2.2013 11:37:41
mbam-log-2013-02-05 (11-37-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216007
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[honzabalaz]

11:59:25.0453 3772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:59:25.0609 3772 ============================================================
11:59:25.0609 3772 Current date / time: 2013/02/05 11:59:25.0609
11:59:25.0609 3772 SystemInfo:
11:59:25.0609 3772
11:59:25.0609 3772 OS Version: 5.1.2600 ServicePack: 3.0
11:59:25.0609 3772 Product type: Workstation
11:59:25.0609 3772 ComputerName: DOMA-2505171A1F
11:59:25.0609 3772 UserName: HONZA
11:59:25.0609 3772 Windows directory: C:\WINDOWS
11:59:25.0609 3772 System windows directory: C:\WINDOWS
11:59:25.0609 3772 Processor architecture: Intel x86
11:59:25.0609 3772 Number of processors: 1
11:59:25.0609 3772 Page size: 0x1000
11:59:25.0609 3772 Boot type: Normal boot
11:59:25.0609 3772 ============================================================
11:59:26.0687 3772 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:59:26.0734 3772 ============================================================
11:59:26.0734 3772 \Device\Harddisk0\DR0:
11:59:26.0734 3772 MBR partitions:
11:59:26.0734 3772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
11:59:26.0750 3772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9A1F0, BlocksNum 0xF82A787
11:59:26.0750 3772 ============================================================
11:59:26.0765 3772 C: <-> \Device\Harddisk0\DR0\Partition1
11:59:26.0796 3772 D: <-> \Device\Harddisk0\DR0\Partition2
11:59:26.0796 3772 ============================================================
11:59:26.0796 3772 Initialize success
11:59:26.0796 3772 ============================================================
11:59:36.0078 3128 ============================================================
11:59:36.0078 3128 Scan started
11:59:36.0078 3128 Mode: Manual;
11:59:36.0078 3128 ============================================================
11:59:37.0203 3128 ================ Scan system memory ========================
11:59:37.0203 3128 System memory - ok
11:59:37.0203 3128 ================ Scan services =============================
11:59:37.0296 3128 Abiosdsk - ok
11:59:37.0312 3128 abp480n5 - ok
11:59:37.0343 3128 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:59:37.0343 3128 ACPI - ok
11:59:37.0375 3128 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:59:37.0375 3128 ACPIEC - ok
11:59:37.0421 3128 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:59:37.0437 3128 AdobeFlashPlayerUpdateSvc - ok
11:59:37.0437 3128 adpu160m - ok
11:59:37.0468 3128 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:59:37.0468 3128 aec - ok
11:59:37.0484 3128 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:59:37.0484 3128 AFD - ok
11:59:37.0500 3128 Aha154x - ok
11:59:37.0500 3128 aic78u2 - ok
11:59:37.0515 3128 aic78xx - ok
11:59:37.0546 3128 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:59:37.0562 3128 Alerter - ok
11:59:37.0578 3128 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
11:59:37.0578 3128 ALG - ok
11:59:37.0578 3128 AliIde - ok
11:59:37.0593 3128 amsint - ok
11:59:37.0609 3128 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:59:37.0609 3128 AppMgmt - ok
11:59:37.0625 3128 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:59:37.0625 3128 Arp1394 - ok
11:59:37.0640 3128 asc - ok
11:59:37.0640 3128 asc3350p - ok
11:59:37.0656 3128 asc3550 - ok
11:59:37.0718 3128 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:59:37.0718 3128 aspnet_state - ok
11:59:37.0750 3128 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:59:37.0750 3128 AsyncMac - ok
11:59:37.0781 3128 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:59:37.0781 3128 atapi - ok
11:59:37.0796 3128 Atdisk - ok
11:59:37.0828 3128 [ 1CE690D5C4BAF51B6CFB3EC9CB1A74F5 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:59:37.0828 3128 Ati HotKey Poller - ok
11:59:37.0890 3128 [ CD5C874245435C9CE7E347E28CF3C6B5 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:59:37.0921 3128 ati2mtag - ok
11:59:37.0968 3128 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:59:37.0968 3128 Atmarpc - ok
11:59:37.0984 3128 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:59:37.0984 3128 AudioSrv - ok
11:59:38.0000 3128 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:59:38.0015 3128 audstub - ok
11:59:38.0046 3128 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:59:38.0062 3128 Beep - ok
11:59:38.0109 3128 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
11:59:38.0125 3128 BITS - ok
11:59:38.0156 3128 [ 249276D3EF1E74B992299CB96099E4D7 ] Browser C:\WINDOWS\System32\browser.dll
11:59:38.0156 3128 Browser - ok
11:59:38.0156 3128 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:59:38.0156 3128 cbidf2k - ok
11:59:38.0187 3128 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:59:38.0187 3128 CCDECODE - ok
11:59:38.0187 3128 cd20xrnt - ok
11:59:38.0218 3128 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:59:38.0218 3128 Cdaudio - ok
11:59:38.0234 3128 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:59:38.0234 3128 Cdfs - ok
11:59:38.0250 3128 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:59:38.0265 3128 Cdrom - ok
11:59:38.0281 3128 Changer - ok
11:59:38.0296 3128 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:59:38.0296 3128 CiSvc - ok
11:59:38.0328 3128 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:59:38.0328 3128 ClipSrv - ok
11:59:38.0359 3128 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:59:38.0390 3128 clr_optimization_v2.0.50727_32 - ok
11:59:38.0390 3128 CmdIde - ok
11:59:38.0406 3128 COMSysApp - ok
11:59:38.0421 3128 Cpqarray - ok
11:59:38.0437 3128 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:59:38.0437 3128 CryptSvc - ok
11:59:38.0453 3128 dac2w2k - ok
11:59:38.0453 3128 dac960nt - ok
11:59:38.0500 3128 [ C868F3AE15CF71A93F2AA3A32856D839 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:59:38.0500 3128 DcomLaunch - ok
11:59:38.0546 3128 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:59:38.0546 3128 Dhcp - ok
11:59:38.0562 3128 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:59:38.0562 3128 Disk - ok
11:59:38.0562 3128 dmadmin - ok
11:59:38.0593 3128 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:59:38.0609 3128 dmboot - ok
11:59:38.0625 3128 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:59:38.0640 3128 dmio - ok
11:59:38.0656 3128 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:59:38.0656 3128 dmload - ok
11:59:38.0687 3128 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:59:38.0687 3128 dmserver - ok
11:59:38.0718 3128 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:59:38.0718 3128 DMusic - ok
11:59:38.0750 3128 [ 0634B791684B84F4A331F3D3536FEEF8 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:59:38.0750 3128 Dnscache - ok
11:59:38.0765 3128 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:59:38.0765 3128 Dot3svc - ok
11:59:38.0765 3128 dpti2o - ok
11:59:38.0781 3128 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:59:38.0796 3128 drmkaud - ok
11:59:38.0828 3128 [ A777D095402B31B0AAFE7F19C89FB3A1 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
11:59:38.0828 3128 eamon - ok
11:59:38.0859 3128 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:59:38.0859 3128 EapHost - ok
11:59:38.0875 3128 [ E6DFFB60BDBD91749EAB4D45BC8926A9 ] easdrv C:\WINDOWS\system32\DRIVERS\easdrv.sys
11:59:38.0875 3128 easdrv - ok
11:59:38.0953 3128 [ 44E5CFB428C55BDE550F0648B426FBC0 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
11:59:38.0953 3128 EhttpSrv - ok
11:59:39.0000 3128 [ 49485FA5C3A8A5CE866B281E75E99F24 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
11:59:39.0000 3128 ekrn - ok
11:59:39.0015 3128 [ BB2E195088AF3F6091EF9F8E42F0581F ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
11:59:39.0015 3128 epfwtdir - ok
11:59:39.0031 3128 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:59:39.0031 3128 ERSvc - ok
11:59:39.0062 3128 [ F0D2AE69035092BF22DAD6B50FAB85C2 ] Eventlog C:\WINDOWS\system32\services.exe
11:59:39.0062 3128 Eventlog - ok
11:59:39.0093 3128 [ 260C69FD67687B0DC062FC3D31655857 ] EventSystem C:\WINDOWS\system32\es.dll
11:59:39.0093 3128 EventSystem - ok
11:59:39.0140 3128 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:59:39.0140 3128 Fastfat - ok
11:59:39.0156 3128 [ B927443008910B412BEC72FC41C1BAD0 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:59:39.0156 3128 FastUserSwitchingCompatibility - ok
11:59:39.0171 3128 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:59:39.0171 3128 Fdc - ok
11:59:39.0171 3128 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:59:39.0171 3128 Fips - ok
11:59:39.0187 3128 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:59:39.0187 3128 Flpydisk - ok
11:59:39.0218 3128 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:59:39.0218 3128 FltMgr - ok
11:59:39.0437 3128 [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
11:59:39.0437 3128 fssfltr - ok
11:59:39.0500 3128 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:59:39.0515 3128 fsssvc - ok
11:59:39.0531 3128 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:59:39.0531 3128 Fs_Rec - ok
11:59:39.0546 3128 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:59:39.0546 3128 Ftdisk - ok
11:59:39.0578 3128 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:59:39.0578 3128 Gpc - ok
11:59:39.0640 3128 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:59:39.0640 3128 gupdate - ok
11:59:39.0656 3128 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:59:39.0656 3128 gupdatem - ok
11:59:39.0687 3128 [ 016E55316CE89E8AC8F77A6818842345 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:59:39.0703 3128 gusvc - ok
11:59:39.0734 3128 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:59:39.0734 3128 HDAudBus - ok
11:59:39.0781 3128 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:59:39.0781 3128 helpsvc - ok
11:59:39.0812 3128 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:59:39.0812 3128 HidServ - ok
11:59:39.0843 3128 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:59:39.0843 3128 hidusb - ok
11:59:39.0890 3128 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:59:39.0890 3128 hkmsvc - ok
11:59:39.0890 3128 hpn - ok
11:59:40.0000 3128 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:59:40.0000 3128 hpqcxs08 - ok
11:59:40.0015 3128 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:59:40.0015 3128 hpqddsvc - ok
11:59:40.0046 3128 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:59:40.0046 3128 HPZid412 - ok
11:59:40.0078 3128 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:59:40.0078 3128 HPZipr12 - ok
11:59:40.0093 3128 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:59:40.0093 3128 HPZius12 - ok
11:59:40.0140 3128 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:59:40.0140 3128 HTTP - ok
11:59:40.0171 3128 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:59:40.0171 3128 HTTPFilter - ok
11:59:40.0187 3128 i2omgmt - ok
11:59:40.0187 3128 i2omp - ok
11:59:40.0203 3128 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:59:40.0218 3128 i8042prt - ok
11:59:40.0234 3128 [ FCCF4AE4EF72CBABA6D6BEFEFD77E940 ] Imagedrv C:\WINDOWS\system32\DRIVERS\imagedrv.sys
11:59:40.0234 3128 Imagedrv - ok
11:59:40.0250 3128 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:59:40.0250 3128 Imapi - ok
11:59:40.0265 3128 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:59:40.0281 3128 ImapiService - ok
11:59:40.0281 3128 ini910u - ok
11:59:40.0406 3128 [ 915CE2A58C6917E3C53BE1E91FA66BA8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:59:40.0468 3128 IntcAzAudAddService - ok
11:59:40.0468 3128 IntelIde - ok
11:59:40.0500 3128 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:59:40.0500 3128 Ip6Fw - ok
11:59:40.0531 3128 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:59:40.0531 3128 IpFilterDriver - ok
11:59:40.0546 3128 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:59:40.0546 3128 IpInIp - ok
11:59:40.0562 3128 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:59:40.0578 3128 IpNat - ok
11:59:40.0593 3128 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:59:40.0593 3128 IPSec - ok
11:59:40.0625 3128 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:59:40.0625 3128 IRENUM - ok
11:59:40.0640 3128 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:59:40.0640 3128 isapnp - ok
11:59:40.0671 3128 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:59:40.0671 3128 Kbdclass - ok
11:59:40.0703 3128 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:59:40.0703 3128 kbdhid - ok
11:59:40.0718 3128 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:59:40.0734 3128 kmixer - ok
11:59:40.0750 3128 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:59:40.0750 3128 KSecDD - ok
11:59:40.0765 3128 [ 21920AC69594AB021237054FA728FE46 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:59:40.0781 3128 LanmanServer - ok
11:59:40.0812 3128 [ 5190783F51A2D7A8495202C664D7C963 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:59:40.0812 3128 lanmanworkstation - ok
11:59:40.0906 3128 [ 6DF2BE94D712753FB8D87495469B5262 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
11:59:40.0921 3128 Lavasoft Ad-Aware Service - ok
11:59:40.0953 3128 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
11:59:40.0953 3128 Lbd - ok
11:59:40.0953 3128 lbrtfdc - ok
11:59:41.0000 3128 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:59:41.0000 3128 LmHosts - ok
11:59:41.0015 3128 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:59:41.0015 3128 Messenger - ok
11:59:41.0046 3128 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:59:41.0046 3128 mnmdd - ok
11:59:41.0078 3128 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:59:41.0078 3128 mnmsrvc - ok
11:59:41.0109 3128 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:59:41.0125 3128 Modem - ok
11:59:41.0125 3128 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:59:41.0156 3128 Mouclass - ok
11:59:41.0171 3128 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:59:41.0171 3128 mouhid - ok
11:59:41.0187 3128 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:59:41.0187 3128 MountMgr - ok
11:59:41.0187 3128 mraid35x - ok
11:59:41.0218 3128 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:59:41.0218 3128 MRxDAV - ok
11:59:41.0250 3128 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:59:41.0250 3128 MRxSmb - ok
11:59:41.0281 3128 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:59:41.0281 3128 MSDTC - ok
11:59:41.0296 3128 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:59:41.0312 3128 Msfs - ok
11:59:41.0312 3128 MSIServer - ok
11:59:41.0328 3128 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:59:41.0328 3128 MSKSSRV - ok
11:59:41.0359 3128 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:59:41.0359 3128 MSPCLOCK - ok
11:59:41.0375 3128 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:59:41.0375 3128 MSPQM - ok
11:59:41.0390 3128 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:59:41.0390 3128 mssmbios - ok
11:59:41.0421 3128 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:59:41.0421 3128 MSTEE - ok
11:59:41.0421 3128 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:59:41.0421 3128 Mup - ok
11:59:41.0437 3128 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:59:41.0437 3128 NABTSFEC - ok
11:59:41.0468 3128 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:59:41.0484 3128 napagent - ok
11:59:41.0500 3128 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:59:41.0500 3128 NDIS - ok
11:59:41.0515 3128 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:59:41.0515 3128 NdisIP - ok
11:59:41.0546 3128 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:59:41.0546 3128 NdisTapi - ok
11:59:41.0562 3128 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:59:41.0562 3128 Ndisuio - ok
11:59:41.0578 3128 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:59:41.0593 3128 NdisWan - ok
11:59:41.0593 3128 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:59:41.0593 3128 NDProxy - ok
11:59:41.0625 3128 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:59:41.0625 3128 Net Driver HPZ12 - ok
11:59:41.0640 3128 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:59:41.0640 3128 NetBIOS - ok
11:59:41.0656 3128 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:59:41.0671 3128 NetBT - ok
11:59:41.0687 3128 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
11:59:41.0687 3128 NetDDE - ok
11:59:41.0703 3128 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:59:41.0703 3128 NetDDEdsdm - ok
11:59:41.0718 3128 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:59:41.0718 3128 Netlogon - ok
11:59:41.0750 3128 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
11:59:41.0750 3128 Netman - ok
11:59:41.0765 3128 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:59:41.0765 3128 NIC1394 - ok
11:59:41.0781 3128 [ AAC97DAB5F8A0573CF10E0EAC42A7724 ] Nla C:\WINDOWS\System32\mswsock.dll
11:59:41.0781 3128 Nla - ok
11:59:41.0828 3128 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
11:59:41.0828 3128 NMSAccessU - ok
11:59:41.0843 3128 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:59:41.0843 3128 Npfs - ok
11:59:41.0875 3128 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:59:41.0875 3128 Ntfs - ok
11:59:41.0890 3128 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:59:41.0890 3128 NtLmSsp - ok
11:59:41.0937 3128 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:59:41.0937 3128 NtmsSvc - ok
11:59:41.0968 3128 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:59:41.0968 3128 Null - ok
11:59:41.0984 3128 [ ADB82FBC435AE7504082B3C714C3885D ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
11:59:42.0000 3128 NWCWorkstation - ok
11:59:42.0015 3128 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:59:42.0015 3128 NwlnkFlt - ok
11:59:42.0031 3128 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:59:42.0031 3128 NwlnkFwd - ok
11:59:42.0046 3128 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:59:42.0046 3128 NwlnkIpx - ok
11:59:42.0062 3128 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:59:42.0062 3128 NwlnkNb - ok
11:59:42.0062 3128 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:59:42.0062 3128 NwlnkSpx - ok
11:59:42.0093 3128 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
11:59:42.0093 3128 NWRDR - ok
11:59:42.0109 3128 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:59:42.0109 3128 ohci1394 - ok
11:59:42.0140 3128 [ 5FAE249A5635A52970652CA8EB216515 ] PAC7302 C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
11:59:42.0156 3128 PAC7302 - ok
11:59:42.0187 3128 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:59:42.0187 3128 Parport - ok
11:59:42.0203 3128 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:59:42.0203 3128 PartMgr - ok
11:59:42.0234 3128 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:59:42.0234 3128 ParVdm - ok
11:59:42.0234 3128 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:59:42.0234 3128 PCI - ok
11:59:42.0250 3128 PCIDump - ok
11:59:42.0250 3128 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:59:42.0250 3128 PCIIde - ok
11:59:42.0265 3128 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:59:42.0265 3128 Pcmcia - ok
11:59:42.0281 3128 PDCOMP - ok
11:59:42.0281 3128 PDFRAME - ok
11:59:42.0296 3128 PDRELI - ok
11:59:42.0296 3128 PDRFRAME - ok
11:59:42.0312 3128 perc2 - ok
11:59:42.0312 3128 perc2hib - ok
11:59:42.0359 3128 [ F0D2AE69035092BF22DAD6B50FAB85C2 ] PlugPlay C:\WINDOWS\system32\services.exe
11:59:42.0359 3128 PlugPlay - ok
11:59:42.0390 3128 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:59:42.0390 3128 Pml Driver HPZ12 - ok
11:59:42.0437 3128 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:59:42.0437 3128 PolicyAgent - ok
11:59:42.0453 3128 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:59:42.0468 3128 PptpMiniport - ok
11:59:42.0484 3128 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:59:42.0484 3128 Processor - ok
11:59:42.0484 3128 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:59:42.0484 3128 ProtectedStorage - ok
11:59:42.0500 3128 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:59:42.0500 3128 PSched - ok
11:59:42.0515 3128 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:59:42.0515 3128 Ptilink - ok
11:59:42.0515 3128 ql1080 - ok
11:59:42.0531 3128 Ql10wnt - ok
11:59:42.0531 3128 ql12160 - ok
11:59:42.0546 3128 ql1240 - ok
11:59:42.0546 3128 ql1280 - ok
11:59:42.0562 3128 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:59:42.0562 3128 RasAcd - ok
11:59:42.0578 3128 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:59:42.0578 3128 RasAuto - ok
11:59:42.0593 3128 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:59:42.0593 3128 Rasl2tp - ok
11:59:42.0609 3128 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:59:42.0609 3128 RasMan - ok
11:59:42.0625 3128 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:59:42.0640 3128 RasPppoe - ok
11:59:42.0656 3128 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:59:42.0671 3128 Raspti - ok
11:59:42.0703 3128 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:59:42.0703 3128 Rdbss - ok
11:59:42.0718 3128 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:59:42.0718 3128 RDPCDD - ok
11:59:42.0765 3128 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:59:42.0765 3128 rdpdr - ok
11:59:42.0796 3128 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:59:42.0796 3128 RDPWD - ok
11:59:42.0828 3128 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:59:42.0828 3128 RDSessMgr - ok
11:59:42.0859 3128 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:59:42.0859 3128 redbook - ok
11:59:42.0906 3128 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:59:42.0906 3128 RemoteAccess - ok
11:59:42.0937 3128 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:59:42.0937 3128 RemoteRegistry - ok
11:59:42.0953 3128 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:59:42.0953 3128 RpcLocator - ok
11:59:42.0984 3128 [ C868F3AE15CF71A93F2AA3A32856D839 ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:59:42.0984 3128 RpcSs - ok
11:59:43.0015 3128 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:59:43.0015 3128 RSVP - ok
11:59:43.0031 3128 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
11:59:43.0031 3128 SamSs - ok
11:59:43.0046 3128 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:59:43.0046 3128 SCardSvr - ok
11:59:43.0093 3128 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:59:43.0093 3128 Schedule - ok
11:59:43.0156 3128 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:59:43.0156 3128 SeaPort - ok
11:59:43.0187 3128 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:59:43.0187 3128 Secdrv - ok
11:59:43.0203 3128 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:59:43.0203 3128 seclogon - ok
11:59:43.0218 3128 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
11:59:43.0218 3128 SENS - ok
11:59:43.0234 3128 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:59:43.0234 3128 serenum - ok
11:59:43.0250 3128 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:59:43.0250 3128 Serial - ok
11:59:43.0250 3128 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:59:43.0250 3128 Sfloppy - ok
11:59:43.0296 3128 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:59:43.0296 3128 SharedAccess - ok
11:59:43.0312 3128 [ B927443008910B412BEC72FC41C1BAD0 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:59:43.0312 3128 ShellHWDetection - ok
11:59:43.0328 3128 Simbad - ok
11:59:43.0484 3128 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:59:43.0515 3128 Skype C2C Service - ok
11:59:43.0578 3128 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:59:43.0609 3128 SkypeUpdate - ok
11:59:43.0640 3128 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:59:43.0640 3128 SLIP - ok
11:59:43.0640 3128 Sparrow - ok
11:59:43.0671 3128 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:59:43.0671 3128 splitter - ok
11:59:43.0703 3128 [ CB1090BCA0E7B40D0B5B4E4D66531809 ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:59:43.0718 3128 Spooler - ok
11:59:43.0734 3128 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:59:43.0734 3128 sr - ok
11:59:43.0750 3128 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
11:59:43.0765 3128 srservice - ok
11:59:43.0765 3128 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:59:43.0781 3128 Srv - ok
11:59:43.0796 3128 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:59:43.0796 3128 SSDPSRV - ok
11:59:43.0828 3128 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:59:43.0828 3128 stisvc - ok
11:59:43.0859 3128 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:59:43.0859 3128 streamip - ok
11:59:43.0875 3128 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:59:43.0875 3128 swenum - ok
11:59:43.0890 3128 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:59:43.0890 3128 swmidi - ok
11:59:43.0890 3128 SwPrv - ok
11:59:43.0906 3128 symc810 - ok
11:59:43.0906 3128 symc8xx - ok
11:59:43.0921 3128 sym_hi - ok
11:59:43.0921 3128 sym_u3 - ok
11:59:43.0937 3128 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:59:43.0937 3128 sysaudio - ok
11:59:43.0953 3128 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:59:43.0953 3128 SysmonLog - ok
11:59:43.0968 3128 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:59:43.0984 3128 TapiSrv - ok
11:59:44.0015 3128 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:59:44.0015 3128 Tcpip - ok
11:59:44.0046 3128 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:59:44.0046 3128 TDPIPE - ok
11:59:44.0062 3128 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:59:44.0062 3128 TDTCP - ok
11:59:44.0078 3128 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:59:44.0078 3128 TermDD - ok
11:59:44.0093 3128 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
11:59:44.0109 3128 TermService - ok
11:59:44.0125 3128 [ B927443008910B412BEC72FC41C1BAD0 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:59:44.0125 3128 Themes - ok
11:59:44.0140 3128 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:59:44.0140 3128 TlntSvr - ok
11:59:44.0140 3128 TosIde - ok
11:59:44.0171 3128 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:59:44.0171 3128 TrkWks - ok
11:59:44.0187 3128 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:59:44.0187 3128 Udfs - ok
11:59:44.0203 3128 ultra - ok
11:59:44.0234 3128 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:59:44.0250 3128 Update - ok
11:59:44.0265 3128 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
11:59:44.0265 3128 upnphost - ok
11:59:44.0281 3128 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
11:59:44.0281 3128 UPS - ok
11:59:44.0312 3128 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:59:44.0312 3128 usbaudio - ok
11:59:44.0328 3128 usbbus - ok
11:59:44.0359 3128 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:59:44.0359 3128 usbccgp - ok
11:59:44.0359 3128 UsbDiag - ok
11:59:44.0390 3128 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:59:44.0390 3128 usbehci - ok
11:59:44.0406 3128 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:59:44.0421 3128 usbhub - ok
11:59:44.0421 3128 USBModem - ok
11:59:44.0437 3128 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:59:44.0437 3128 usbohci - ok
11:59:44.0453 3128 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:59:44.0453 3128 usbprint - ok
11:59:44.0484 3128 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:59:44.0484 3128 usbscan - ok
11:59:44.0500 3128 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:59:44.0500 3128 usbstor - ok
11:59:44.0531 3128 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:59:44.0531 3128 VgaSave - ok
11:59:44.0546 3128 ViaIde - ok
11:59:44.0562 3128 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:59:44.0562 3128 VolSnap - ok
11:59:44.0578 3128 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
11:59:44.0593 3128 VSS - ok
11:59:44.0609 3128 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
11:59:44.0609 3128 W32Time - ok
11:59:44.0625 3128 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:59:44.0625 3128 Wanarp - ok
11:59:44.0625 3128 WDICA - ok
11:59:44.0640 3128 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:59:44.0656 3128 wdmaud - ok
11:59:44.0656 3128 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:59:44.0656 3128 WebClient - ok
11:59:44.0718 3128 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:59:44.0718 3128 winmgmt - ok
11:59:44.0765 3128 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:59:44.0765 3128 WmdmPmSN - ok
11:59:44.0796 3128 [ 6538D6BDE04B56737FE743C24D4CE83D ] Wmi C:\WINDOWS\System32\advapi32.dll
11:59:44.0812 3128 Wmi - ok
11:59:44.0828 3128 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:59:44.0828 3128 WmiApSrv - ok
11:59:44.0906 3128 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:59:44.0921 3128 WMPNetworkSvc - ok
11:59:44.0953 3128 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:59:44.0953 3128 WpdUsb - ok
11:59:44.0984 3128 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:59:45.0000 3128 wscsvc - ok
11:59:45.0015 3128 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:59:45.0015 3128 WSTCODEC - ok
11:59:45.0031 3128 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:59:45.0046 3128 wuauserv - ok
11:59:45.0062 3128 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:59:45.0078 3128 WudfPf - ok
11:59:45.0093 3128 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:59:45.0093 3128 WudfRd - ok
11:59:45.0109 3128 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:59:45.0109 3128 WudfSvc - ok
11:59:45.0140 3128 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:59:45.0140 3128 WZCSVC - ok
11:59:45.0187 3128 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:59:45.0187 3128 xmlprov - ok
11:59:45.0218 3128 [ 67331FD053F97A874A60374BE6B59523 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
11:59:45.0218 3128 yukonwxp - ok
11:59:45.0250 3128 ================ Scan global ===============================
11:59:45.0265 3128 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
11:59:45.0312 3128 [ 77A41C497ADB0C96D1E8DF6F71D843C0 ] C:\WINDOWS\system32\winsrv.dll
11:59:45.0328 3128 [ 77A41C497ADB0C96D1E8DF6F71D843C0 ] C:\WINDOWS\system32\winsrv.dll
11:59:45.0328 3128 [ F0D2AE69035092BF22DAD6B50FAB85C2 ] C:\WINDOWS\system32\services.exe
11:59:45.0343 3128 [Global] - ok
11:59:45.0343 3128 ================ Scan MBR ==================================
11:59:45.0375 3128 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
11:59:45.0484 3128 \Device\Harddisk0\DR0 - ok
11:59:45.0500 3128 ================ Scan VBR ==================================
11:59:45.0500 3128 [ F569B88B9B8BA7B296D3705579352C83 ] \Device\Harddisk0\DR0\Partition1
11:59:45.0500 3128 \Device\Harddisk0\DR0\Partition1 - ok
11:59:45.0515 3128 [ 9A504F0F15A06F6383A240C5A1B0D043 ] \Device\Harddisk0\DR0\Partition2
11:59:45.0515 3128 \Device\Harddisk0\DR0\Partition2 - ok
11:59:45.0515 3128 ============================================================
11:59:45.0515 3128 Scan finished
11:59:45.0515 3128 ============================================================
11:59:45.0531 3108 Detected object count: 0
11:59:45.0531 3108 Actual detected object count: 0
12:00:17.0390 3080 Deinitialize success

[honzabalaz]

ComboFix 13-02-03.03 - HONZA 05.02.2013 12:12:46.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.260 [GMT 1:00]
Spuštěný z: c:\documents and settings\HONZA\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET2DEA.tmp
c:\windows\system32\SET2DEE.tmp
c:\windows\system32\SET2DF6.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-05 do 2013-02-05 )))))))))))))))))))))))))))))))
.
.
2013-02-04 15:30 . 2013-02-04 15:30 -------- d-----w- c:\documents and settings\HONZA\Data aplikací\Malwarebytes
2013-02-04 15:30 . 2013-02-04 15:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-04 15:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-04 15:30 . 2013-02-04 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-04 11:46 . 2013-02-04 11:46 388096 ----a-r- c:\documents and settings\HONZA\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-04 11:46 . 2013-02-04 11:46 -------- d-----w- c:\program files\Trend Micro
2013-01-22 18:44 . 2013-01-22 18:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 10:50 . 2012-05-04 17:48 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-16 10:50 . 2011-05-22 17:48 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-25 11:44 . 2012-11-25 11:44 1409 ----a-w- c:\windows\QTFont.for
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-19 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2009-02-06 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HONZA^Nabídka Start^Programy^Po spuštění^The Simpsons Unleashed.lnk]
path=c:\documents and settings\HONZA\Nabídka Start\Programy\Po spuštění\The Simpsons Unleashed.lnk
backup=c:\windows\pss\The Simpsons Unleashed.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 08:16 138096 ----atw- c:\documents and settings\HONZA\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-31 09:12 136176 ----atw- c:\documents and settings\HONZA\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2009-12-27 14:40 160752 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-02-06 12:16 98304 ----a-w- c:\windows\system32\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2009-09-27 14:01 913412 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-13 13:49 16377344 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-27 14:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\HONZA\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24.11.2009 20:01 64288]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1355968]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.12.2012 14:26 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 03:55]
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 10:50]
.
2013-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-27 14:40]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 14:41]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 14:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 193.179.144.2 194.12.32.253
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-BMISR - c:\program files\KYE\WebMate\BM.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-365dni - c:\program files\365dníNET\365dniNET.exe
MSConfigStartUp-Ad-aware - c:\program files\Lavasoft\Ad-aware 6\Ad-aware.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Badoo Desktop - c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe
MSConfigStartUp-BMISR - c:\program files\KYE\WebMate\BM.exe
MSConfigStartUp-BroadCam - c:\program files\NCH Software\BroadCam\broadcam.exe
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-FreeCall - c:\program files\freecall.com\freecall\freecall.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-LowRateVoip - c:\program files\LowRateVoip\LowRateVoip.exe
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-PoivY - c:\program files\PoivY.com\PoivY\PoivY.exe
MSConfigStartUp-SMail - c:\program files\Seznam\Postak\Postak.exe
MSConfigStartUp-SmartVoip - c:\program files\SmartVoip.com\SmartVoip\SmartVoip.exe
MSConfigStartUp-Software Informer - d:\software informer\softinfo.exe
MSConfigStartUp-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
AddRemove-Avidemux 2.5 - c:\documents and settings\HONZA\Plocha\Moje složka\Avidemux 2.5\uninstall.exe
AddRemove-cristina-web-security 1.0.1.0_is1 - c:\cristina-web-security\unins000.exe
AddRemove-Free Studio_is1 - c:\program files\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-PhotoFiltre Studio - c:\documents and settings\HONZA\Plocha\PhotoFiltre Studio\Uninst.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-YouTube Downloader_is1 - c:\CENZURA\unins000.exe
AddRemove-{F86B4C7B-B846-4039-878D-6CC8F8D3370E}_is1 - c:\srs - street racing syndicate\unins000.exe
AddRemove-PhotoFiltre Studio X - c:\documents and settings\HONZA\Plocha\PhotoFiltre Studio X\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-05 12:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2013-02-05 12:24:35
ComboFix-quarantined-files.txt 2013-02-05 11:24
.
Před spuštěním: Volných bajtů: 13 793 304 576
Po spuštění: Volných bajtů: 14 368 604 160
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.

[Žbeky]

Odinstaluj Ad-Aware

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\HONZA\Local Settings\Data aplikací\Google\Update
c:\program files\Google\Google Updater
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Skype\Updater
c:\program files\Google\Common\Google Updater
c:\program files\Google\Update

File::
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[honzabalaz]

ComboFix 13-02-03.03 - HONZA 05.02.2013 16:39:13.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.361 [GMT 1:00]
Spuštěný z: c:\documents and settings\HONZA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HONZA\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Common\Google Updater
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Google\Google Updater
c:\program files\Google\Google Updater\2.4.1808.5272\bg\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\ci.dll
c:\program files\Google\Google Updater\2.4.1808.5272\cires.dll
c:\program files\Google\Google Updater\2.4.1808.5272\cs\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\da\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\de\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\el\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\en-gb\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\en\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\es\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\fi\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\fr\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\GoogleUpdaterAdminPrefs.exe
c:\program files\Google\Google Updater\2.4.1808.5272\GoogleUpdaterInstallMgr.exe
c:\program files\Google\Google Updater\2.4.1808.5272\GoogleUpdaterRestartManager.exe
c:\program files\Google\Google Updater\2.4.1808.5272\GoogleUpdaterSetup.exe
c:\program files\Google\Google Updater\2.4.1808.5272\hr\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\32x32_ale.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\32x32_upd.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\confirm.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\desktop.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\earth.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\gapps.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\history.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\chrome.png
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\installer.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\ksd.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\lm.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\maintainer.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\minus.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\msg_error.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\pack.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\pack_large.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\picasa.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\plus.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\preferences.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\progress.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\proxy.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\roundl_g.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\roundr_g.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\shield.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\sort_down.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\sort_up.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\talk.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\toolbar.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\ui.css
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\ui.js
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\ul.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\updates.htm
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\ur.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\waiting.gif
c:\program files\Google\Google Updater\2.4.1808.5272\HTML\waiting32.gif
c:\program files\Google\Google Updater\2.4.1808.5272\hu\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\it\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\ja\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\ko\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\nl\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\no\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll
c:\program files\Google\Google Updater\2.4.1808.5272\pl\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\pt-br\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\ro\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\ru\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\sk\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\sv\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\th\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\tr\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\zh-cn\cires.dll.mui
c:\program files\Google\Google Updater\2.4.1808.5272\zh-tw\cires.dll.mui
c:\program files\Google\Google Updater\GoogleUpdater.exe
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.2.4204.1700\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.2.4204.1700\Readme.url
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\program files\Google\Update\Download\{4BB010C1-3F6E-4BA4-BAD9-63E37EE961A5}\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-05 do 2013-02-05 )))))))))))))))))))))))))))))))
.
.
2013-02-04 15:30 . 2013-02-04 15:30 -------- d-----w- c:\documents and settings\HONZA\Data aplikací\Malwarebytes
2013-02-04 15:30 . 2013-02-04 15:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-04 15:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-04 15:30 . 2013-02-04 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-04 11:46 . 2013-02-04 11:46 388096 ----a-r- c:\documents and settings\HONZA\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-04 11:46 . 2013-02-04 11:46 -------- d-----w- c:\program files\Trend Micro
2013-01-22 18:44 . 2013-01-22 18:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 10:50 . 2012-05-04 17:48 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-16 10:50 . 2011-05-22 17:48 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-25 11:44 . 2012-11-25 11:44 1409 ----a-w- c:\windows\QTFont.for
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-19 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2009-02-06 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HONZA^Nabídka Start^Programy^Po spuštění^The Simpsons Unleashed.lnk]
path=c:\documents and settings\HONZA\Nabídka Start\Programy\Po spuštění\The Simpsons Unleashed.lnk
backup=c:\windows\pss\The Simpsons Unleashed.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 08:16 138096 ----atw- c:\documents and settings\HONZA\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-31 09:12 136176 ----atw- c:\documents and settings\HONZA\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-02-06 12:16 98304 ----a-w- c:\windows\system32\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2009-09-27 14:01 913412 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-13 13:49 16377344 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\HONZA\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24.11.2009 20:01 64288]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.12.2012 14:26 3290896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 10:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 193.179.144.2 194.12.32.253
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-05 16:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-02-05 16:51:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-05 15:51
ComboFix2.txt 2013-02-05 11:24
.
Před spuštěním: Volných bajtů: 15 078 477 824
Po spuštění: Volných bajtů: 14 997 368 832
.
- - End Of File - - C3484DF544CFB5598EDAFB2062EE3506

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?