Při stahování z netu se mi zavírají prohlížeče

[Vespertilio]

Ahoj, již jsem tento problém psal v sekci "prohlížeče. Při jakémkoliv stahování/uploadování mi každý prohlížeč - Opera, Mozilla, IE spadne, ukončí činnost. Děje se tak vždy zhruba ve stejný okamžik, cca po několika minutách stahování/upluadování, kdy soubor nabyde do velikosti 300 MB. Počítač jsem vyčistil antivirovým programem Eset Smart Security, poté jsem dle rady z předchozího vlákna vyčistil registry programem CCleaner a následně jsem analyzoval systém programem HIjackthis...tady je log z tohoto programu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:01:40, on 14.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Documents and Settings\Pecka\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\searchresultsDx.dll
R3 - URLSearchHook: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\searchresultsDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\searchresultsDx.dll
O3 - Toolbar: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S296.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WDICT32] C:\Program Files\Slovník\TRANSLAT12\WDICT32.EXE /l
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Pecka\Local Settings\Temp\{87C5650A-D265-4E8C-843E-12FA03696D1E}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://90.177.12.112/WebClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PandoraService (PanService) - Unknown owner - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8467 bytes

Prosím o rady, jak dál postupovat a jak vyřešit tento problém.


Děkuji všem

[Reklama]

[jaro3]

Odinstaluj:
KMP Media Toolbar
AskToolbar
BS Player Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\searchresultsDx.dll
R3 - URLSearchHook: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\searchresultsDx.dll
O3 - Toolbar: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Vespertilio]

Ok, provedl jsem podle návodu.


Log z Matwarebytes Anti-Malware:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pecka :: PC [administrátor]

14.8.2012 12:07:05
mbam-log-2012-08-14 (12-11-51).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 191109
Uplynulý čas: 3 minut, 59 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Program Files\Lexsnd.dll (Spyware.OnlineGames) -> Žádná instrukce nebyla provedena.

(konec)

[Vespertilio]

Ještě přidávám log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:54:49, on 14.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AskToolbar - {3cb073f3-be3c-4e8f-942d-8a747b54486f} - C:\Program Files\asktoolbar4\asktoolbar4X.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S296.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WDICT32] C:\Program Files\Slovník\TRANSLAT12\WDICT32.EXE /l
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Pecka\Local Settings\Temp\{87C5650A-D265-4E8C-843E-12FA03696D1E}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://90.177.12.112/WebClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PandoraService (PanService) - Unknown owner - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7845 bytes

[Žbeky]

V HJT jsi to nefixl

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Vespertilio]

Ach jo, problém stále přetrvává. Kolem 380 MB se prohlížeč restartuje...

Mbam log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pecka :: PC [administrátor]

15.8.2012 11:24:54
mbam-log-2012-08-15 (11-24-54).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 191242
Uplynulý čas: 4 minut, 46 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Program Files\Lexsnd.dll (Spyware.OnlineGames) -> Umístnění do karantény a smazání se zdařilo.

(konec)


TDSSkiller log


12:19:31.0187 4012 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:19:31.0296 4012 ============================================================
12:19:31.0296 4012 Current date / time: 2012/08/15 12:19:31.0296
12:19:31.0296 4012 SystemInfo:
12:19:31.0296 4012
12:19:31.0296 4012 OS Version: 5.1.2600 ServicePack: 3.0
12:19:31.0296 4012 Product type: Workstation
12:19:31.0296 4012 ComputerName: PC
12:19:31.0296 4012 UserName: Pecka
12:19:31.0296 4012 Windows directory: C:\WINDOWS
12:19:31.0296 4012 System windows directory: C:\WINDOWS
12:19:31.0296 4012 Processor architecture: Intel x86
12:19:31.0296 4012 Number of processors: 2
12:19:31.0296 4012 Page size: 0x1000
12:19:31.0296 4012 Boot type: Normal boot
12:19:31.0296 4012 ============================================================
12:19:32.0953 4012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
12:19:32.0968 4012 ============================================================
12:19:32.0968 4012 \Device\Harddisk0\DR0:
12:19:32.0968 4012 MBR partitions:
12:19:32.0968 4012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
12:19:32.0968 4012 ============================================================
12:19:33.0015 4012 C: <-> \Device\Harddisk0\DR0\Partition1
12:19:33.0015 4012 ============================================================
12:19:50.0968 4012 Initialize success
12:19:50.0968 4012 ============================================================
12:19:54.0296 3232 ============================================================
12:19:54.0296 3232 Scan started
12:19:54.0296 3232 Mode: Manual;
12:19:54.0296 3232 ============================================================
12:19:54.0500 3232 ================ Scan services =============================
12:19:54.0625 3232 711bon.sys - ok
12:19:54.0640 3232 Abiosdsk - ok
12:19:54.0640 3232 abp480n5 - ok
12:19:54.0734 3232 [ 4fe34f1f3126b61fcc6b2043aa8112c9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:19:54.0734 3232 ACPI - ok
12:19:54.0812 3232 [ afdff022a01f0b11c776f0860c3b282f ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:19:54.0812 3232 ACPIEC - ok
12:19:54.0921 3232 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:19:54.0921 3232 AdobeFlashPlayerUpdateSvc - ok
12:19:54.0921 3232 adpu160m - ok
12:19:54.0937 3232 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:19:54.0937 3232 aec - ok
12:19:55.0000 3232 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:19:55.0000 3232 AFD - ok
12:19:55.0015 3232 Aha154x - ok
12:19:55.0015 3232 aic78u2 - ok
12:19:55.0031 3232 aic78xx - ok
12:19:55.0078 3232 [ e0a6fa244b8624d78fe5ff6f56a33bae ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:19:55.0078 3232 Alerter - ok
12:19:55.0109 3232 [ 88842de939a827577bf24243699ac80a ] ALG C:\WINDOWS\System32\alg.exe
12:19:55.0109 3232 ALG - ok
12:19:55.0109 3232 AliIde - ok
12:19:55.0156 3232 [ 6e58654cb25730b2579e45e1fd116a47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
12:19:55.0156 3232 amdide - ok
12:19:55.0156 3232 [ fcffa85cfd4bf7a4711012847048dca3 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:19:55.0156 3232 AmdK8 - ok
12:19:55.0171 3232 amsint - ok
12:19:55.0171 3232 AppMgmt - ok
12:19:55.0203 3232 asc - ok
12:19:55.0218 3232 asc3350p - ok
12:19:55.0234 3232 asc3550 - ok
12:19:55.0343 3232 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:19:55.0343 3232 aspnet_state - ok
12:19:55.0375 3232 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:19:55.0375 3232 AsyncMac - ok
12:19:55.0390 3232 [ 850c544201c26ca8371c7678ebb0d871 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:19:55.0390 3232 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 850c544201c26ca8371c7678ebb0d871, Fake md5: 43769e974a1c5105171652f38e6cb8e2
12:19:55.0390 3232 atapi ( ForgedFile.Multi.Generic ) - warning
12:19:55.0390 3232 atapi - detected ForgedFile.Multi.Generic (1)
12:19:55.0390 3232 Atdisk - ok
12:19:55.0453 3232 [ a21bd1005a3ad657a079674a9c399e66 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:19:55.0468 3232 Ati HotKey Poller - ok
12:19:55.0562 3232 [ f916b6f6f5d30512d14069d7792c0b9c ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:19:55.0578 3232 ati2mtag - ok
12:19:55.0593 3232 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:19:55.0593 3232 Atmarpc - ok
12:19:55.0609 3232 [ de31b88962a8645dba5a37b993e7b0f1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:19:55.0609 3232 AudioSrv - ok
12:19:55.0656 3232 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:19:55.0656 3232 audstub - ok
12:19:55.0718 3232 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:19:55.0718 3232 Beep - ok
12:19:55.0828 3232 [ 19395d092fd85ddc2d9c7729cf5a2ac8 ] BITS C:\WINDOWS\system32\qmgr.dll
12:19:55.0828 3232 BITS - ok
12:19:55.0875 3232 [ 249276d3ef1e74b992299cb96099e4d7 ] Browser C:\WINDOWS\System32\browser.dll
12:19:55.0875 3232 Browser - ok
12:19:55.0906 3232 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:19:55.0906 3232 cbidf2k - ok
12:19:55.0906 3232 cd20xrnt - ok
12:19:55.0968 3232 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:19:55.0968 3232 Cdaudio - ok
12:19:55.0984 3232 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:19:55.0984 3232 Cdfs - ok
12:19:55.0984 3232 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:19:55.0984 3232 Cdrom - ok
12:19:55.0984 3232 Changer - ok
12:19:56.0015 3232 [ e390dc1d7c461d7d56ec53402f329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:19:56.0015 3232 CiSvc - ok
12:19:56.0046 3232 [ 064507a8dfa8c5c7e2ffddd3e6f424fa ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:19:56.0046 3232 ClipSrv - ok
12:19:56.0140 3232 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:19:56.0140 3232 clr_optimization_v2.0.50727_32 - ok
12:19:56.0203 3232 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:19:56.0203 3232 clr_optimization_v4.0.30319_32 - ok
12:19:56.0203 3232 CmdIde - ok
12:19:56.0218 3232 COMSysApp - ok
12:19:56.0234 3232 Cpqarray - ok
12:19:56.0250 3232 [ f3ab0933cbd166d271992f411c27ccaf ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:19:56.0250 3232 CryptSvc - ok
12:19:56.0265 3232 dac2w2k - ok
12:19:56.0265 3232 dac960nt - ok
12:19:56.0343 3232 [ be27674d1cbc3214aec84b4336a38bbf ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:19:56.0359 3232 DcomLaunch - ok
12:19:56.0406 3232 [ 8c9a53e285ac5e6704844d0459ec85be ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:19:56.0406 3232 Dhcp - ok
12:19:56.0406 3232 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:19:56.0406 3232 Disk - ok
12:19:56.0421 3232 dmadmin - ok
12:19:56.0453 3232 [ db5fd2bf5b07dc54bfcb3664ff05bd7c ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:19:56.0453 3232 dmboot - ok
12:19:56.0468 3232 [ fff1720af51171f32f1ead5cf71f2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:19:56.0468 3232 dmio - ok
12:19:56.0531 3232 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:19:56.0531 3232 dmload - ok
12:19:56.0546 3232 [ 2bfefe9e865655a76982f050450b9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:19:56.0546 3232 dmserver - ok
12:19:56.0578 3232 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:19:56.0578 3232 DMusic - ok
12:19:56.0625 3232 [ dfaa406bf19f4ee806a6f8d4342137f7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:19:56.0625 3232 Dnscache - ok
12:19:56.0687 3232 [ 4a3e2bd20157a0946751229e92eb8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:19:56.0687 3232 Dot3svc - ok
12:19:56.0687 3232 dpti2o - ok
12:19:56.0703 3232 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:19:56.0703 3232 drmkaud - ok
12:19:56.0750 3232 [ 9309c5c9831203436e64cf2ae605c5d7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
12:19:56.0750 3232 eamon - ok
12:19:56.0828 3232 [ 0887d9c2be8d940778cad1e3b85f2a41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:19:56.0828 3232 EapHost - ok
12:19:56.0859 3232 [ deff87f04ab5f6dd5edf2b80853bbe10 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:19:56.0859 3232 ehdrv - ok
12:19:57.0000 3232 [ c7bb95cf9631aa401e4aded1648f6af7 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
12:19:57.0000 3232 ekrn - ok
12:19:57.0015 3232 [ 5ba193ca0ae31209aaa39939ce6736b2 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
12:19:57.0015 3232 epfw - ok
12:19:57.0031 3232 [ 75d3bcd3e0eded0ab0f96d9a10ff01c9 ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
12:19:57.0031 3232 Epfwndis - ok
12:19:57.0046 3232 [ dc64f26f35e32c9472bbf8acd84060d3 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
12:19:57.0046 3232 epfwtdi - ok
12:19:57.0093 3232 [ a2a4912798f2be706abadd3d30800d16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:19:57.0093 3232 ERSvc - ok
12:19:57.0156 3232 [ 9ef697af07bb8dd82c3b02ca953a95b7 ] Eventlog C:\WINDOWS\system32\services.exe
12:19:57.0156 3232 Eventlog - ok
12:19:57.0171 3232 [ a371f11ef07653591c8de26afb13ce7f ] EventSystem C:\WINDOWS\System32\es.dll
12:19:57.0171 3232 EventSystem - ok
12:19:57.0234 3232 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:19:57.0234 3232 Fastfat - ok
12:19:57.0296 3232 [ ee9a2b9ea968a792a053c9d1a86bf870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:19:57.0296 3232 FastUserSwitchingCompatibility - ok
12:19:57.0312 3232 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:19:57.0312 3232 Fdc - ok
12:19:57.0312 3232 [ ac366695a0796560aa37215ad5762aaf ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:19:57.0312 3232 Fips - ok
12:19:57.0328 3232 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:19:57.0328 3232 Flpydisk - ok
12:19:57.0343 3232 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:19:57.0343 3232 FltMgr - ok
12:19:57.0421 3232 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:19:57.0421 3232 FontCache3.0.0.0 - ok
12:19:57.0421 3232 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:19:57.0421 3232 Fs_Rec - ok
12:19:57.0468 3232 [ 4e664d8541db4a66b73a24257e322e1f ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:19:57.0468 3232 Ftdisk - ok
12:19:57.0468 3232 GMSIPCI - ok
12:19:57.0484 3232 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:19:57.0484 3232 Gpc - ok
12:19:57.0562 3232 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:19:57.0562 3232 gupdate - ok
12:19:57.0578 3232 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:19:57.0578 3232 gupdatem - ok
12:19:57.0640 3232 [ 56bf27d7a539f9e6bbc1de201aba0edf ] HdAudAddService C:\WINDOWS\system32\drivers\AtiHdAud.sys
12:19:57.0640 3232 HdAudAddService - ok
12:19:57.0656 3232 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:19:57.0656 3232 HDAudBus - ok
12:19:57.0796 3232 [ fcfe31fb75f8a6295b6b0af87a626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:19:57.0796 3232 helpsvc - ok
12:19:57.0875 3232 [ 00e25ee90166b3e1be6e74aebf858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:19:57.0875 3232 HidServ - ok
12:19:57.0906 3232 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:19:57.0906 3232 HidUsb - ok
12:19:57.0984 3232 [ 7a6b320928f86bc851530d63c82965d9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:19:57.0984 3232 hkmsvc - ok
12:19:57.0984 3232 hpn - ok
12:19:58.0062 3232 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:19:58.0062 3232 HTTP - ok
12:19:58.0093 3232 [ 58fe2f2da3bc5573f4a35b3760d3125f ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:19:58.0093 3232 HTTPFilter - ok
12:19:58.0093 3232 i2omgmt - ok
12:19:58.0109 3232 i2omp - ok
12:19:58.0140 3232 [ c528e27945367191e7bae364930b6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:19:58.0140 3232 i8042prt - ok
12:19:58.0250 3232 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:19:58.0265 3232 idsvc - ok
12:19:58.0265 3232 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:19:58.0265 3232 Imapi - ok
12:19:58.0296 3232 [ f7b93aafad33b2320954c17e26c8d361 ] ImapiService C:\WINDOWS\System32\imapi.exe
12:19:58.0296 3232 ImapiService - ok
12:19:58.0343 3232 [ 98e96b6f095e6289c3293b99d0f926b2 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
12:19:58.0359 3232 InCDfs - ok
12:19:58.0359 3232 [ 0b3e2517cf826020688650d46adf5b05 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
12:19:58.0359 3232 InCDPass - ok
12:19:58.0375 3232 [ 00ee363ea793a9d8dab5254acbd7d8e6 ] InCDrec C:\WINDOWS\system32\drivers\InCDRec.sys
12:19:58.0375 3232 InCDrec - ok
12:19:58.0375 3232 [ d41ab5be8861aff53851594de58dddfa ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
12:19:58.0375 3232 incdrm - ok
12:19:58.0515 3232 [ 40f8dc71cd638c40db38a0c08af2a6ed ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
12:19:58.0515 3232 InCDsrv - ok
12:19:58.0531 3232 ini910u - ok
12:19:58.0671 3232 [ f7f3328544e1ac2e97caea9b39d9b9de ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:19:58.0703 3232 IntcAzAudAddService - ok
12:19:58.0718 3232 IntelIde - ok
12:19:58.0734 3232 [ 3bb22519a194418d5fec05d800a19ad0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:19:58.0734 3232 ip6fw - ok
12:19:58.0765 3232 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:19:58.0765 3232 IpFilterDriver - ok
12:19:58.0765 3232 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:19:58.0765 3232 IpInIp - ok
12:19:58.0781 3232 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:19:58.0781 3232 IpNat - ok
12:19:58.0781 3232 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:19:58.0781 3232 IPSec - ok
12:19:58.0796 3232 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:19:58.0796 3232 IRENUM - ok
12:19:58.0812 3232 [ cc9f8a2d60aed1a51a3ac34c59b987ae ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:19:58.0812 3232 isapnp - ok
12:19:58.0890 3232 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:19:58.0890 3232 JavaQuickStarterService - ok
12:19:58.0890 3232 [ 1b6162fe7f66b1a71a4b70f941c4aa9b ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:19:58.0890 3232 Kbdclass - ok
12:19:58.0937 3232 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:19:58.0937 3232 kmixer - ok
12:19:58.0968 3232 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:19:58.0968 3232 KSecDD - ok
12:19:59.0000 3232 [ 3428e8f86f8add36b42fb23542c7b3e4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:19:59.0000 3232 lanmanserver - ok
12:19:59.0062 3232 [ 936c1d110232d23b621cb0196e4f80f0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:19:59.0062 3232 lanmanworkstation - ok
12:19:59.0078 3232 lbrtfdc - ok
12:19:59.0140 3232 [ d57d1be0129c1b45653b0fa920bc4b38 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:19:59.0140 3232 LightScribeService - ok
12:19:59.0203 3232 [ 0ab159f536e3e8f7f07113702a07cca5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:19:59.0203 3232 LmHosts - ok
12:19:59.0234 3232 [ 221cd1c815b8a6b79389c3f5d1018de8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:19:59.0234 3232 Messenger - ok
12:19:59.0265 3232 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:19:59.0265 3232 mnmdd - ok
12:19:59.0296 3232 [ 9a57d046f88f4b69751b11fd40088a61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
12:19:59.0296 3232 mnmsrvc - ok
12:19:59.0328 3232 [ 44032b0c6d9954d3fd26438330b99ee7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:19:59.0328 3232 Modem - ok
12:19:59.0359 3232 [ 4cb582831dbde63ce43b45d771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:19:59.0359 3232 Mouclass - ok
12:19:59.0359 3232 [ bb269eba740737ab749b214d568b6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:19:59.0359 3232 mouhid - ok
12:19:59.0375 3232 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:19:59.0375 3232 MountMgr - ok
12:19:59.0375 3232 mraid35x - ok
12:19:59.0390 3232 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:19:59.0390 3232 MRxDAV - ok
12:19:59.0421 3232 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:19:59.0437 3232 MRxSmb - ok
12:19:59.0453 3232 [ 6db4d1521caba9a5ffab54ade0ae867d ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:19:59.0453 3232 MSDTC - ok
12:19:59.0468 3232 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:19:59.0468 3232 Msfs - ok
12:19:59.0468 3232 MSIServer - ok
12:19:59.0484 3232 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:19:59.0484 3232 MSKSSRV - ok
12:19:59.0500 3232 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:19:59.0500 3232 MSPCLOCK - ok
12:19:59.0500 3232 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:19:59.0500 3232 MSPQM - ok
12:19:59.0531 3232 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:19:59.0531 3232 mssmbios - ok
12:19:59.0562 3232 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:19:59.0562 3232 Mup - ok
12:19:59.0609 3232 [ 6ea362e9db03d44f6b996f4d8be237e9 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:19:59.0609 3232 napagent - ok
12:19:59.0765 3232 [ 5836b9e91863a00ec1b8e785efd86ecb ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:19:59.0765 3232 NBService - ok
12:19:59.0781 3232 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:19:59.0781 3232 NDIS - ok
12:19:59.0843 3232 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:19:59.0843 3232 NdisTapi - ok
12:19:59.0859 3232 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:19:59.0859 3232 Ndisuio - ok
12:19:59.0859 3232 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:19:59.0859 3232 NdisWan - ok
12:19:59.0890 3232 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:19:59.0890 3232 NDProxy - ok
12:19:59.0906 3232 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:19:59.0906 3232 NetBIOS - ok
12:19:59.0937 3232 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:19:59.0937 3232 NetBT - ok
12:19:59.0984 3232 [ 933de774986ec85e48210c44ab431de6 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:19:59.0984 3232 NetDDE - ok
12:19:59.0984 3232 [ 933de774986ec85e48210c44ab431de6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:19:59.0984 3232 NetDDEdsdm - ok
12:20:00.0015 3232 [ ed0a176354487ceed65b80a7148ab739 ] Netlogon C:\WINDOWS\System32\lsass.exe
12:20:00.0015 3232 Netlogon - ok
12:20:00.0031 3232 [ 72e1e9e2977be08bdeedb6d8fd9d4d40 ] Netman C:\WINDOWS\System32\netman.dll
12:20:00.0031 3232 Netman - ok
12:20:00.0109 3232 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:20:00.0109 3232 NetTcpPortSharing - ok
12:20:00.0140 3232 [ 39ee7c3bfbc64ba87cc8cf67386e814c ] Nla C:\WINDOWS\System32\mswsock.dll
12:20:00.0140 3232 Nla - ok
12:20:00.0250 3232 [ a328a46d87bb92ce4d8a4528e9d84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:20:00.0250 3232 NMIndexingService - ok
12:20:00.0265 3232 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:20:00.0265 3232 Npfs - ok
12:20:00.0312 3232 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:20:00.0328 3232 Ntfs - ok
12:20:00.0328 3232 [ ed0a176354487ceed65b80a7148ab739 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
12:20:00.0328 3232 NtLmSsp - ok
12:20:00.0421 3232 [ 023dd70573d644f3d9c8b1258a7bfd08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:20:00.0421 3232 NtmsSvc - ok
12:20:00.0453 3232 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:20:00.0453 3232 Null - ok
12:20:00.0515 3232 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:20:00.0515 3232 NwlnkFlt - ok
12:20:00.0515 3232 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:20:00.0515 3232 NwlnkFwd - ok
12:20:00.0562 3232 PanService - ok
12:20:00.0593 3232 [ 46f8db73b4a53e543f8e371dc7c75bae ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:20:00.0593 3232 Parport - ok
12:20:00.0593 3232 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:20:00.0593 3232 PartMgr - ok
12:20:00.0625 3232 [ 1fae19d0457176318bba4a8795656ebc ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:20:00.0625 3232 ParVdm - ok
12:20:00.0640 3232 [ 6ce351d149cb4befc702951e471e1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:20:00.0640 3232 PCI - ok
12:20:00.0640 3232 PCIDump - ok
12:20:00.0656 3232 [ 2da4ec85e0ea7a45c6b2a05820492d5a ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:20:00.0656 3232 PCIIde - ok
12:20:00.0656 3232 [ 4fc31e6c19a5ce5198b1abff94cae758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:20:00.0671 3232 Pcmcia - ok
12:20:00.0718 3232 [ 5b6c11de7e839c05248ced8825470fef ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
12:20:00.0734 3232 pcouffin - ok
12:20:00.0734 3232 PDCOMP - ok
12:20:00.0734 3232 PDFRAME - ok
12:20:00.0750 3232 PDRELI - ok
12:20:00.0765 3232 PDRFRAME - ok
12:20:00.0765 3232 perc2 - ok
12:20:00.0781 3232 perc2hib - ok
12:20:00.0828 3232 [ 9ef697af07bb8dd82c3b02ca953a95b7 ] PlugPlay C:\WINDOWS\system32\services.exe
12:20:00.0828 3232 PlugPlay - ok
12:20:00.0828 3232 [ ed0a176354487ceed65b80a7148ab739 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
12:20:00.0828 3232 PolicyAgent - ok
12:20:00.0843 3232 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:20:00.0843 3232 PptpMiniport - ok
12:20:00.0859 3232 [ 7eb15dce4ec3a0220bd796a15c18186e ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:20:00.0859 3232 Processor - ok
12:20:00.0875 3232 [ ed0a176354487ceed65b80a7148ab739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:20:00.0875 3232 ProtectedStorage - ok
12:20:00.0890 3232 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:20:00.0890 3232 PSched - ok
12:20:00.0906 3232 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:20:00.0906 3232 Ptilink - ok
12:20:00.0906 3232 ql1080 - ok
12:20:00.0921 3232 Ql10wnt - ok
12:20:00.0921 3232 ql12160 - ok
12:20:00.0921 3232 ql1240 - ok
12:20:00.0937 3232 ql1280 - ok
12:20:00.0968 3232 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:20:00.0968 3232 RasAcd - ok
12:20:01.0015 3232 [ 2b5e44ea009f2f374b980e1e9a70635d ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:20:01.0015 3232 RasAuto - ok
12:20:01.0031 3232 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:20:01.0046 3232 Rasl2tp - ok
12:20:01.0046 3232 [ d57554c664b64604bd1ee13ea2c07e77 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:20:01.0062 3232 RasMan - ok
12:20:01.0062 3232 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:20:01.0062 3232 RasPppoe - ok
12:20:01.0062 3232 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:20:01.0062 3232 Raspti - ok
12:20:01.0093 3232 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:20:01.0093 3232 Rdbss - ok
12:20:01.0109 3232 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:20:01.0109 3232 RDPCDD - ok
12:20:01.0171 3232 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:20:01.0171 3232 RDPWD - ok
12:20:01.0218 3232 [ c0d9d9711cb74ee9bc66353d8cbdab0e ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:20:01.0218 3232 RDSessMgr - ok
12:20:01.0250 3232 [ 611bfd220305be3a85ae876ea47d4aa5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:20:01.0250 3232 redbook - ok
12:20:01.0281 3232 [ 127c26b5371651043450e52542099aba ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:20:01.0281 3232 RemoteAccess - ok
12:20:01.0328 3232 [ 718b3bdc0bc3c2f7d065a53d26202af9 ] RpcLocator C:\WINDOWS\System32\locator.exe
12:20:01.0328 3232 RpcLocator - ok
12:20:01.0359 3232 [ be27674d1cbc3214aec84b4336a38bbf ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:20:01.0359 3232 RpcSs - ok
12:20:01.0406 3232 [ 09ab2e71e58b078038e3bfdba7ffc984 ] RSVP C:\WINDOWS\System32\rsvp.exe
12:20:01.0406 3232 RSVP - ok
12:20:01.0421 3232 [ 38fac1b0058bbe460de2b7900182bbda ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:20:01.0421 3232 RTL8023xp - ok
12:20:01.0453 3232 [ ed0a176354487ceed65b80a7148ab739 ] SamSs C:\WINDOWS\system32\lsass.exe
12:20:01.0453 3232 SamSs - ok
12:20:01.0500 3232 [ 410046e401eb11e1e6749e9deea41d4a ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:20:01.0500 3232 SCardSvr - ok
12:20:01.0531 3232 [ 3ff232a7731621b8902d81d42418c93c ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:20:01.0531 3232 Schedule - ok
12:20:01.0562 3232 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:20:01.0562 3232 Secdrv - ok
12:20:01.0593 3232 [ 477e2c3cc5e4a0d635bcb0ea8dcac3c6 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:20:01.0593 3232 seclogon - ok
12:20:01.0593 3232 [ a530b75c10c23c9ab28fdb6ce719e21f ] SENS C:\WINDOWS\system32\sens.dll
12:20:01.0593 3232 SENS - ok
12:20:01.0609 3232 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:20:01.0609 3232 serenum - ok
12:20:01.0609 3232 [ b842729337c9b921615c40d3c1a1af96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:20:01.0609 3232 Serial - ok
12:20:01.0671 3232 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:20:01.0671 3232 Sfloppy - ok
12:20:01.0718 3232 [ f58faca9621d2db01bd0927d9a0a208e ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:20:01.0718 3232 SharedAccess - ok
12:20:01.0734 3232 [ ee9a2b9ea968a792a053c9d1a86bf870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:20:01.0734 3232 ShellHWDetection - ok
12:20:01.0734 3232 Simbad - ok
12:20:01.0796 3232 [ 68ea68d03bf58389fe6ad2b38fad798c ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:20:01.0796 3232 SkypeUpdate - ok
12:20:01.0812 3232 Sparrow - ok
12:20:01.0859 3232 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:20:01.0859 3232 splitter - ok
12:20:01.0890 3232 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:20:01.0890 3232 Spooler - ok
12:20:01.0921 3232 [ 94610c8653635e4459316a0050d55ce7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:20:01.0921 3232 sr - ok
12:20:01.0937 3232 [ 35b91147124f64ac8081a2edb9ea4dee ] srservice C:\WINDOWS\System32\srsvc.dll
12:20:01.0937 3232 srservice - ok
12:20:01.0968 3232 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:20:01.0984 3232 Srv - ok
12:20:02.0000 3232 [ becd5271dc4e3b7c3d035f790fcbc1e5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:20:02.0000 3232 SSDPSRV - ok
12:20:02.0031 3232 [ c1cdd9275f6a115bb0ae1d55d8d27ba6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:20:02.0031 3232 stisvc - ok
12:20:02.0046 3232 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:20:02.0046 3232 swenum - ok
12:20:02.0046 3232 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:20:02.0046 3232 swmidi - ok
12:20:02.0062 3232 SwPrv - ok
12:20:02.0062 3232 symc810 - ok
12:20:02.0078 3232 symc8xx - ok
12:20:02.0093 3232 sym_hi - ok
12:20:02.0093 3232 sym_u3 - ok
12:20:02.0109 3232 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:20:02.0109 3232 sysaudio - ok
12:20:02.0156 3232 [ ce06f01b88ace199a1bf460cac29c110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:20:02.0156 3232 SysmonLog - ok
12:20:02.0187 3232 [ c2546cd7a398476f9df5614b2ae160e8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:20:02.0187 3232 TapiSrv - ok
12:20:02.0250 3232 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:20:02.0250 3232 Tcpip - ok
12:20:02.0265 3232 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:20:02.0265 3232 TDPIPE - ok
12:20:02.0281 3232 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:20:02.0281 3232 TDTCP - ok
12:20:02.0296 3232 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:20:02.0296 3232 TermDD - ok
12:20:02.0328 3232 [ a75dd6fc3dbee4fff5ebc9f2c28bb66e ] TermService C:\WINDOWS\System32\termsrv.dll
12:20:02.0328 3232 TermService - ok
12:20:02.0328 3232 [ ee9a2b9ea968a792a053c9d1a86bf870 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:20:02.0343 3232 Themes - ok
12:20:02.0343 3232 TosIde - ok
12:20:02.0359 3232 [ 38853304ccb938d30e0c4cde8d2c2a8a ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:20:02.0359 3232 TrkWks - ok
12:20:02.0375 3232 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:20:02.0375 3232 Udfs - ok
12:20:02.0375 3232 ultra - ok
12:20:02.0437 3232 [ c81b8635dee0d3ef5f64b3dd643023a5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:20:02.0437 3232 UMWdf - ok
12:20:02.0453 3232 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:20:02.0453 3232 Update - ok
12:20:02.0500 3232 [ 651bd90dcee5b7bdc74a2eb7c9266f9e ] upnphost C:\WINDOWS\System32\upnphost.dll
12:20:02.0500 3232 upnphost - ok
12:20:02.0515 3232 [ 20a0f6a11959e92908717d09e87d670d ] UPS C:\WINDOWS\System32\ups.exe
12:20:02.0515 3232 UPS - ok
12:20:02.0531 3232 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:20:02.0531 3232 usbccgp - ok
12:20:02.0562 3232 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:20:02.0562 3232 usbehci - ok
12:20:02.0593 3232 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:20:02.0593 3232 usbhub - ok
12:20:02.0625 3232 [ 0daecce65366ea32b162f85f07c6753b ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:20:02.0625 3232 usbohci - ok
12:20:02.0671 3232 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:20:02.0671 3232 usbprint - ok
12:20:02.0703 3232 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:20:02.0703 3232 usbscan - ok
12:20:02.0796 3232 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:20:02.0796 3232 usbstor - ok
12:20:02.0828 3232 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:20:02.0828 3232 VgaSave - ok
12:20:02.0828 3232 ViaIde - ok
12:20:02.0875 3232 [ 28a4b296b47782173c346e376cb374d1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:20:02.0875 3232 VolSnap - ok
12:20:02.0953 3232 [ d6ba1a63d9e00933f1cd2a885573afb2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:20:02.0953 3232 VSS - ok
12:20:02.0984 3232 [ fa4e1cdba256787f2149f4aad07bc91f ] W32Time C:\WINDOWS\System32\w32time.dll
12:20:02.0984 3232 W32Time - ok
12:20:03.0015 3232 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:20:03.0015 3232 Wanarp - ok
12:20:03.0015 3232 WDICA - ok
12:20:03.0046 3232 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:20:03.0046 3232 wdmaud - ok
12:20:03.0062 3232 [ 47ae51048a82dfa1cd6b51d369f7e169 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:20:03.0062 3232 WebClient - ok
12:20:03.0187 3232 [ e488332126e3b1182d2b8a0c35408ec6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:20:03.0187 3232 winmgmt - ok
12:20:03.0265 3232 [ a477391b7a8b0a0daabadb17cf533a4b ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:20:03.0265 3232 WmdmPmSN - ok
12:20:03.0312 3232 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:20:03.0312 3232 WmiAcpi - ok
12:20:03.0312 3232 [ 23f6f03272f7e5679f1f050aed5acee6 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:20:03.0312 3232 WmiApSrv - ok
12:20:03.0437 3232 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:20:03.0437 3232 WPFFontCache_v0400 - ok
12:20:03.0484 3232 [ 4c86d5faf78194995af9cc1075f65dd3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:20:03.0484 3232 wscsvc - ok
12:20:03.0515 3232 [ c1364564800ee9784192145324a23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:20:03.0515 3232 wuauserv - ok
12:20:03.0562 3232 [ a27d4ba7264c0bf52f32d10405bea1d4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:20:03.0562 3232 WZCSVC - ok
12:20:03.0562 3232 xcpip - ok
12:20:03.0625 3232 [ eaa4bb9edb3fb10cf8979fe65e63658f ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:20:03.0625 3232 xmlprov - ok
12:20:03.0625 3232 xpsec - ok
12:20:03.0625 3232 ================ Scan global ===============================
12:20:03.0656 3232 (f36278e42c8c5df03ce17dac8231c91c) C:\WINDOWS\system32\basesrv.dll
12:20:03.0703 3232 (f3fa14a297bc687d0b51289d034033c9) C:\WINDOWS\system32\winsrv.dll
12:20:03.0734 3232 (f3fa14a297bc687d0b51289d034033c9) C:\WINDOWS\system32\winsrv.dll
12:20:03.0765 3232 (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:20:03.0781 3232 [Global] - ok
12:20:03.0781 3232 ================ Scan MBR ==================================
12:20:03.0828 3232 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
12:20:04.0015 3232 \Device\Harddisk0\DR0 - ok
12:20:04.0015 3232 ================ Scan VBR ==================================
12:20:04.0031 3232 Boot (0x1200) (6d4d55ee94a2137f3e4fa930e2dfe1b4) \Device\Harddisk0\DR0\Partition1
12:20:04.0031 3232 \Device\Harddisk0\DR0\Partition1 - ok
12:20:04.0031 3232 ============================================================
12:20:04.0031 3232 Scan finished
12:20:04.0031 3232 ============================================================
12:20:04.0046 0788 Detected object count: 1
12:20:04.0046 0788 Actual detected object count: 1
12:20:58.0640 0788 atapi ( ForgedFile.Multi.Generic ) - skipped by user
12:20:58.0640 0788 atapi ( ForgedFile.Multi.Generic ) - User select action: Skip
12:21:01.0843 4000 Deinitialize success


Combofix log

ComboFix 12-08-14.05 - Pecka 15.08.2012 12:26:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2676 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pecka\Plocha\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 10:11 . 2012-08-15 10:11 177496 ----a-w- c:\windows\system32\drivers\57500126.sys
2012-08-15 10:11 . 2012-08-15 10:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-14 10:51 . 2012-08-14 10:51 388096 ----a-r- c:\documents and settings\Pecka\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-14 10:51 . 2012-08-14 10:51 -------- d-----w- c:\program files\Trend Micro
2012-08-14 09:53 . 2012-08-14 09:53 -------- d-----w- c:\documents and settings\Pecka\Data aplikací\Malwarebytes
2012-08-14 09:52 . 2012-08-14 09:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-08-14 09:52 . 2012-08-14 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 09:52 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 21:18 . 2012-08-13 21:18 -------- d-----w- c:\program files\CCleaner
2012-08-13 07:09 . 2012-08-13 07:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-08-13 06:47 . 2012-08-13 10:43 -------- d-----w- c:\windows\system32\XPSViewer
2012-08-13 06:47 . 2012-08-13 06:47 -------- d-----w- c:\program files\MSBuild
2012-08-13 06:47 . 2012-08-13 06:47 -------- d-----w- c:\program files\Reference Assemblies
2012-08-13 06:46 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-08-13 06:46 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-08-13 06:46 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-08-13 06:46 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-08-13 06:46 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-08-13 06:46 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-08-13 06:46 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-08-13 06:46 . 2012-08-13 06:46 -------- d-----w- C:\7c387063f4148afb89bb59e346
2012-08-13 06:46 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-08-13 06:46 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-08-13 06:43 . 2012-08-13 06:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-12 18:30 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-08-12 18:24 . 2012-08-12 18:24 -------- d-----w- c:\program files\MSXML 4.0
2012-08-12 18:24 . 2012-08-12 18:24 -------- d-----w- c:\windows\ie8updates
2012-08-12 15:13 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-08-12 15:13 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-12 15:13 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-08-12 15:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-12 15:12 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-12 15:11 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-08-12 15:11 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-08-12 15:11 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-12 15:11 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-12 15:11 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-12 15:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-08-12 15:11 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-08-12 15:10 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-12 15:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-12 15:10 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-12 15:09 . 2012-05-11 14:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-08-12 15:09 . 2012-05-11 14:44 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-08-12 15:09 . 2012-05-11 14:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-08-12 15:09 . 2012-05-11 14:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-08-12 15:09 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-12 15:09 . 2012-05-11 14:44 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-08-12 15:09 . 2012-05-11 14:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-08-12 15:08 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-08-12 15:08 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-08-12 15:08 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2012-08-12 15:08 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-08-12 15:08 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-08-12 15:08 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-08-12 15:08 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-08-12 15:06 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-08-12 15:05 . 2012-05-05 03:14 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-08-12 15:05 . 2010-12-09 15:15 713216 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-08-12 15:05 . 2012-05-05 03:14 2194816 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-08-12 15:05 . 2012-05-05 03:14 2071296 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-08-12 15:05 . 2012-05-05 03:14 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-08-12 15:05 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-08-12 15:05 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-12 15:05 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-12 15:05 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-12 15:03 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-12 15:03 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-11 17:28 . 2012-08-15 08:18 -------- d--h--w- c:\windows\$hf_mig$
2012-08-11 17:25 . 2012-06-02 13:19 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-08-11 17:25 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-11 17:25 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-08-11 17:25 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-08-11 17:25 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-08-02 18:01 . 2012-08-02 18:01 -------- d-----w- c:\program files\SopCast
2012-08-02 18:01 . 2012-08-11 17:25 -------- d-----w- c:\documents and settings\Pecka\Data aplikací\asktoolbar4
2012-08-02 18:01 . 2012-08-02 18:01 -------- d-----w- c:\program files\asktoolbar4
2012-07-30 19:27 . 2012-07-30 19:28 -------- d-----w- c:\documents and settings\Pecka\Local Settings\Data aplikací\Google
2012-07-30 19:26 . 2012-07-30 19:27 -------- d-----w- c:\program files\Google
2012-07-28 20:46 . 2012-07-28 20:46 -------- d-----w- c:\documents and settings\Pecka\Data aplikací\EPSON
2012-07-22 14:26 . 2012-07-22 14:26 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-07-22 14:26 . 2012-07-22 14:26 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:35 . 2012-04-25 04:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 20:35 . 2012-04-25 04:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-07 18:18 . 2012-07-07 18:18 40960 ----a-r- c:\documents and settings\Pecka\Data aplikací\Microsoft\Installer\{86EB9B75-C7F8-4D7D-A032-6C5858757525}\ARPPRODUCTICON.exe
2012-06-13 18:27 . 2012-06-13 18:27 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-06-13 13:55 . 2003-04-16 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2012-04-24 23:19 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2003-04-16 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2012-04-24 23:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2003-04-16 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2012-04-24 23:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-04-24 23:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-04-24 23:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2012-04-24 21:33 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2003-04-16 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-04-24 23:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-04-24 21:33 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-04-16 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Miranda Micro 1.5\\miranda32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\asktoolbar4\\dtUser.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.4.2012 11:37 158856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9.5.2012 14:56 47360]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.7.2012 21:27 136176]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe --> c:\program files\PANDORA.TV\PanService\PandoraService.exe [?]
S3 711bon.sys;711bon.sys;\??\c:\windows\system32\drivers\711bon.sys --> c:\windows\system32\drivers\711bon.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.7.2012 21:26 250056]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.7.2012 21:27 136176]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - xcpip
*Deregistered* - xpsec
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 20:35]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-30 19:26]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-30 19:26]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 83.240.0.214 83.240.0.136
FF - ProfilePath - c:\documents and settings\Pecka\Data aplikací\Mozilla\Firefox\Profiles\xp22het1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
SafeBoot-27354407.sys
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 12:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY
*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?\16?\11?\16?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\ati\\atidrv\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(8152)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Celkový čas: 2012-08-15 12:48:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 10:48
.
Před spuštěním: Volných bajtů: 97 903 751 168
Po spuštění: Volných bajtů: 97 787 265 024
.
- - End Of File - - C8E8233C507FEC2DA6AD10914160C149

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\drivers\57500126.sys
c:\program files\Skype\Updater\Updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
C:\TDSSKiller_Quarantine
c:\program files\asktoolbar4
c:\documents and settings\Pecka\Data aplikací\asktoolbar4
c:\program files\Google\Update
c:\program files\Skype\Updater

Driver::
SkypeUpdate
gupdate
PanService
711bon.sys
gupdatem

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Pecka\Data aplikací\Mozilla\Firefox\Profiles\xp22het1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Vespertilio]

Hm Combofix se mi ted zasekne u fáze dva.:( a to čekám třeba i hodinu a půl...

[jaro3]

Zkus v nouz. režimu , s tímtop scriptem:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\drivers\57500126.sys
c:\\Program Files\\asktoolbar4\\dtUser.exe
c:\program files\Skype\Updater\Updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\documents and settings\Pecka\Data aplikací\asktoolbar4
c:\program files\asktoolbar4
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate
gupdate
PanService
711bon.sys
gupdatem

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\asktoolbar4\\dtUser.exe"=-

Udělej pak aswMBR.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\atapi.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

12:19:55.0390 3232 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 850c544201c26ca8371c7678ebb0d871, Fake md5: 43769e974a1c5105171652f38e6cb8e2
12:19:55.0390 3232 atapi ( ForgedFile.Multi.Generic ) - warning
12:19:55.0390 3232 atapi - detected ForgedFile.Multi.Generic (1)

[Vespertilio]

Tady je log z aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-21 13:59:09
-----------------------------
13:59:09.937 OS Version: Windows 5.1.2600 Service Pack 3
13:59:09.937 Number of processors: 2 586 0x6B02
13:59:09.937 ComputerName: PC UserName:
13:59:10.812 Initialize success
13:59:14.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:59:14.640 Disk 0 Vendor: ST3320613AS SD22 Size: 305245MB BusType: 3
13:59:14.671 Disk 0 MBR read successfully
13:59:14.671 Disk 0 MBR scan
13:59:14.671 Disk 0 Windows XP default MBR code
13:59:14.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
13:59:14.671 Disk 0 scanning sectors +625121280
13:59:14.781 Disk 0 malicious Win32:MBRoot code @ sector 625121283 !
13:59:14.781 Disk 0 PE file @ sector 625121305 !
13:59:14.890 Disk 0 scanning C:\WINDOWS\system32\drivers
13:59:22.015 Service scanning
13:59:25.437 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
13:59:32.500 Modules scanning
13:59:38.343 Disk 0 trace - called modules:
13:59:38.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
13:59:38.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aee5ab8]
13:59:38.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8aeaf268]
13:59:38.750 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aeea940]
13:59:38.750 Scan finished successfully
13:59:59.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pecka\Plocha\MBR.dat"
13:59:59.546 The log file has been saved successfully to "C:\Documents and Settings\Pecka\Plocha\aswMBR.txt"



Jinak Combofix jsem podle rady zkoušel rozjet v nouzovým režimu. Během začátku mi to vyhodilo:Master boot record is infected...a potom něco o rootkitu a že je nutno PC restartovat. Po naběhnutí do běžnýho režimu Combofix pokračoval tam, kde skončil před restartováním, ale zase se mi zasekl ve fázi 2...:(

[Vespertilio]

No už teda moc nevím, co s tím. Jde pořád jen o to padání prohížečů při stahování a nemožnost uploadovat data...a taková práce s tím.

[Žbeky]

Kde je ten combofix log?