Počítač zamrzne a nejede Vyřešeno

[xborisek]

Dobrý den,
posílám Hijcakthis z počítače švagrové. Počítač se často kousne a nejede, musí se restartovat. Je to už starý krám, ale potřebovala by, aby ještě tak 1 měsíc jel, protože se teď připravuje na maturitu. Prosím o prozkoumání jestli s tím, jde ještě něco dělat. Zkoušela jsem ho projet Dr. Web Cureitem, ale kouslo se mi to, tak jsem to restartovala. Předem děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:06, on 11.4.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Pavel Borkovec\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.centrum.cz/#utm_source=icq&u ... um=generic
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program

Files\BS_Player\prxtbBS_0.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program

Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program

Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Microsoft copyright - {56bb6d01-7bd5-4458-a4ae-f03df643d6ee} - stfa.dll (file

missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} -

C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program

Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program

Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program

Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program

Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe"

-onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] C:\Program

Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] C:\Program

Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program

Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program

Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program

Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.seznam.cz
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) -

https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O21 - SSODL: oledll - {52345B67-1234-1234-D123-7F84D123BC7D} -

C:\WINDOWS\system32\wm0dap.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner -

C:\WINDOWS\
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) -

McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer (servicelayer) - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9792 bytes

[Reklama]

[Žbeky]

Odinstaluj:
McAfee
Ad-Aware
BS Player Toolbar
ICQToolBar
Conduit Engine
BearShare

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=generic
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Microsoft copyright - {56bb6d01-7bd5-4458-a4ae-f03df643d6ee} - stfa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.seznam.cz
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O21 - SSODL: oledll - {52345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\system32\wm0dap.dll (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[xborisek]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.11.02

Windows XP Service Pack 2 x86 FAT32
Internet Explorer 6.0.2900.2180
Pavel Borkovec :: COMPAQ [administrátor]

Ochrana: Zakázána

11.4.2012 18:02:00
mbam-log-2012-04-11 (18-25-11).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 185519
Uplynulý čas: 11 minut, 55 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{56bb6d01-7bd5-4458-a4ae-f03df643d6ee} (Trojan.BHO) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 2
HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Špatný: (%fystemRoot%\System32\svchost.exe -k netsvcs) Dobrý: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Žádná instrukce nebyla provedena.
HKLM\System\CurrentControlSet\Services\wuauserv|ImagePath (Hijack.WindowsUpdates) -> Špatný: (%fystemroot%\system32\svchost.exe -k netsvcs) Dobrý: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Žádná instrukce nebyla provedena.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Documents and Settings\Pavel Borkovec\Data aplikací\wiaserva.log (Malware.Trace) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Žádná instrukce nebyla provedena.

(konec)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[xborisek]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.12.03

Windows XP Service Pack 2 x86 FAT32
Internet Explorer 6.0.2900.2180
Pavel Borkovec :: COMPAQ [administrátor]

Ochrana: Povolena

12.4.2012 15:18:11
mbam-log-2012-04-12 (15-18-11).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 185704
Uplynulý čas: 13 minut, 2 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{56bb6d01-7bd5-4458-a4ae-f03df643d6ee} (Trojan.BHO) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 2
HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Špatný: (%fystemRoot%\System32\svchost.exe -k netsvcs) Dobrý: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Bude smazán při restartu.
HKLM\System\CurrentControlSet\Services\wuauserv|ImagePath (Hijack.WindowsUpdates) -> Špatný: (%fystemroot%\system32\svchost.exe -k netsvcs) Dobrý: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Bude smazán při restartu.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Documents and Settings\Pavel Borkovec\Data aplikací\wiaserva.log (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.

(konec)

16:00:14.0693 0492 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:00:16.0735 0492 ============================================================
16:00:16.0735 0492 Current date / time: 2012/04/12 16:00:16.0735
16:00:16.0735 0492 SystemInfo:
16:00:16.0735 0492
16:00:16.0735 0492 OS Version: 5.1.2600 ServicePack: 2.0
16:00:16.0735 0492 Product type: Workstation
16:00:16.0735 0492 ComputerName: COMPAQ
16:00:16.0735 0492 UserName: Pavel Borkovec
16:00:16.0735 0492 Windows directory: C:\WINDOWS
16:00:16.0735 0492 System windows directory: C:\WINDOWS
16:00:16.0735 0492 Processor architecture: Intel x86
16:00:16.0735 0492 Number of processors: 1
16:00:16.0735 0492 Page size: 0x1000
16:00:16.0735 0492 Boot type: Normal boot
16:00:16.0735 0492 ============================================================
16:00:18.0989 0492 Drive \Device\Harddisk0\DR0 - Size: 0x951CC0000 (37.28 Gb), SectorSize: 0x200, Cylinders: 0x1432, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
16:00:18.0989 0492 \Device\Harddisk0\DR0:
16:00:18.0989 0492 MBR used
16:00:18.0989 0492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A8C8E1
16:00:18.0989 0492 Initialize success
16:00:18.0989 0492 ============================================================
16:00:23.0065 3968 ============================================================
16:00:23.0065 3968 Scan started
16:00:23.0065 3968 Mode: Manual;
16:00:23.0065 3968 ============================================================
16:00:30.0395 3968 3dfxvs (b6bbe5503e6460bdfa2aecb972a07c1a) C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys
16:00:30.0415 3968 3dfxvs - ok
16:00:40.0880 3968 Abiosdsk - ok
16:00:51.0275 3968 abp480n5 - ok
16:01:03.0072 3968 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:01:03.0102 3968 ACPI - ok
16:01:05.0526 3968 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:01:05.0526 3968 ACPIEC - ok
16:01:10.0393 3968 ADILOADER (2e3374833e8b307dff07820931e8da3c) C:\WINDOWS\system32\Drivers\adildr.sys
16:01:10.0493 3968 ADILOADER - ok
16:01:15.0871 3968 adiusbaw (6ca50cdd049bca3da44ac284b0c42272) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
16:01:15.0881 3968 adiusbaw - ok
16:01:26.0326 3968 adpu160m - ok
16:01:30.0391 3968 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
16:01:30.0461 3968 aec - ok
16:01:35.0799 3968 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
16:01:35.0819 3968 AFD - ok
16:01:46.0284 3968 Aha154x - ok
16:01:56.0669 3968 aic78u2 - ok
16:02:07.0104 3968 aic78xx - ok
16:02:50.0076 3968 Alerter (026ddaa7e6f8d49df82c7a98bae5d0d1) C:\WINDOWS\system32\alrsvc.dll
16:02:50.0086 3968 Alerter - ok
16:02:54.0372 3968 ALG (b3f690bf43f93a012a52f28f234faa1b) C:\WINDOWS\System32\alg.exe
16:02:54.0392 3968 ALG - ok
16:03:05.0027 3968 AliIde - ok
16:03:15.0462 3968 amsint - ok
16:03:45.0496 3968 AppMgmt (421184f91eae5c6e78e653c6b32aae84) C:\WINDOWS\System32\appmgmts.dll
16:03:45.0516 3968 AppMgmt - ok
16:03:55.0200 3968 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:03:55.0210 3968 Arp1394 - ok
16:04:05.0715 3968 asc - ok
16:04:16.0060 3968 asc3350p - ok
16:04:26.0495 3968 asc3550 - ok
16:04:31.0712 3968 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
16:04:31.0712 3968 Aspi32 - ok
16:04:41.0005 3968 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
16:04:41.0046 3968 aspnet_state - ok
16:04:50.0760 3968 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:04:50.0770 3968 AsyncMac - ok
16:05:00.0744 3968 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:05:00.0754 3968 atapi - ok
16:05:11.0209 3968 Atdisk - ok
16:05:20.0843 3968 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:05:20.0863 3968 Atmarpc - ok
16:06:03.0895 3968 AudioSrv (40d78f514c8588ef12ec718d2af0fc4e) C:\WINDOWS\System32\audiosrv.dll
16:06:03.0905 3968 AudioSrv - ok
16:06:08.0942 3968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:06:08.0952 3968 audstub - ok
16:06:10.0114 3968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:06:10.0124 3968 Beep - ok
16:06:54.0738 3968 BITS (e774a26610ec92674273486612c11cfc) C:\WINDOWS\System32\qmgr.dll
16:06:54.0788 3968 BITS - ok
16:07:37.0589 3968 Browser (f219e27e88107a50544153898dd8178e) C:\WINDOWS\System32\browser.dll
16:07:37.0609 3968 Browser - ok
16:07:39.0031 3968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:07:39.0031 3968 cbidf2k - ok
16:07:48.0555 3968 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:07:48.0565 3968 CCDECODE - ok
16:07:59.0010 3968 cd20xrnt - ok
16:08:00.0002 3968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:08:00.0012 3968 Cdaudio - ok
16:08:09.0485 3968 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:08:09.0495 3968 Cdfs - ok
16:08:19.0019 3968 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:08:19.0029 3968 Cdrom - ok
16:08:29.0674 3968 Changer - ok
16:08:32.0669 3968 CiSvc (9e21229e04e1d301bb40222fe4641cb2) C:\WINDOWS\system32\cisvc.exe
16:08:32.0669 3968 CiSvc - ok
16:09:15.0260 3968 ClipSrv (d3dc45553c8025338e08a60e95b1b91d) C:\WINDOWS\system32\clipsrv.exe
16:09:15.0270 3968 ClipSrv - ok
16:09:25.0655 3968 CmdIde - ok
16:10:15.0156 3968 COMSysApp - ok
16:10:25.0761 3968 Cpqarray - ok
16:11:08.0182 3968 CryptSvc (70d2a1756f4b2067658a186c963fcabd) C:\WINDOWS\System32\cryptsvc.dll
16:11:08.0202 3968 CryptSvc - ok
16:11:18.0617 3968 dac2w2k - ok
16:11:29.0022 3968 dac960nt - ok
16:11:39.0407 3968 dc4438c3 - ok
16:12:12.0955 3968 DcomLaunch (dbde980506b54ae928d151d12419b425) C:\WINDOWS\system32\rpcss.dll
16:12:12.0965 3968 DcomLaunch - ok
16:12:31.0031 3968 Dhcp (06a30f453ca4cb1431037e4813f697cb) C:\WINDOWS\System32\dhcpcsvc.dll
16:12:31.0051 3968 Dhcp - ok
16:12:40.0395 3968 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:12:40.0405 3968 Disk - ok
16:13:29.0896 3968 dmadmin - ok
16:13:39.0290 3968 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
16:13:39.0390 3968 dmboot - ok
16:13:48.0713 3968 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
16:13:48.0733 3968 dmio - ok
16:13:49.0274 3968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:13:49.0274 3968 dmload - ok
16:14:31.0585 3968 dmserver (7b3ca72885923eb947221f17f3e3ac59) C:\WINDOWS\System32\dmserver.dll
16:14:31.0595 3968 dmserver - ok
16:14:40.0878 3968 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:14:40.0918 3968 DMusic - ok
16:15:08.0978 3968 Dnscache (0eef8922d46d4846b472b1f6fd0541bc) C:\WINDOWS\System32\dnsrslvr.dll
16:15:08.0988 3968 Dnscache - ok
16:15:19.0393 3968 dpti2o - ok
16:15:28.0607 3968 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:15:28.0607 3968 drmkaud - ok
16:15:38.0942 3968 DwProt - ok
16:16:19.0900 3968 ERSvc (d6f7428b201e33bc80066b47144cb568) C:\WINDOWS\System32\ersvc.dll
16:16:19.0910 3968 ERSvc - ok
16:16:36.0534 3968 Eventlog (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
16:16:36.0554 3968 Eventlog - ok
16:17:05.0446 3968 EventSystem (398314df0b21338c4996b469101750d1) C:\WINDOWS\System32\es.dll
16:17:05.0476 3968 EventSystem - ok
16:17:14.0649 3968 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:17:14.0679 3968 Fastfat - ok
16:17:29.0771 3968 FastUserSwitchingCompatibility (e26edc7afa8da3c528055eabc82c8c79) C:\WINDOWS\System32\shsvcs.dll
16:17:29.0801 3968 FastUserSwitchingCompatibility - ok
16:17:38.0954 3968 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:17:38.0964 3968 Fdc - ok
16:17:40.0216 3968 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
16:17:40.0236 3968 Fips - ok
16:17:49.0329 3968 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:17:49.0339 3968 Flpydisk - ok
16:17:53.0235 3968 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
16:17:53.0255 3968 FltMgr - ok
16:17:54.0346 3968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:17:54.0346 3968 Fs_Rec - ok
16:17:54.0877 3968 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:17:54.0887 3968 Ftdisk - ok
16:17:54.0927 3968 GMSIPCI - ok
16:18:00.0645 3968 GNDHV71 (c96da8a096fea8f994e95865a51442dc) C:\WINDOWS\system32\DRIVERS\gndhv71.sys
16:18:00.0675 3968 GNDHV71 - ok
16:18:09.0298 3968 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:18:09.0308 3968 Gpc - ok
16:18:11.0421 3968 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:18:11.0461 3968 gupdate - ok
16:18:11.0561 3968 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:18:11.0561 3968 gupdatem - ok
16:18:13.0704 3968 gusvc - ok
16:18:18.0611 3968 HCF_MSFT (9513de607cd2c6d7fbeca2e6e0ae5dc0) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
16:18:18.0671 3968 HCF_MSFT - ok
16:18:21.0385 3968 helpsvc (f59152272782fed8a8197fa788287f68) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:18:21.0395 3968 helpsvc - ok
16:19:02.0004 3968 HidServ (d2dcf769e5a70027058ad5be1f9b55bf) C:\WINDOWS\System32\hidserv.dll
16:19:02.0014 3968 HidServ - ok
16:19:08.0112 3968 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:19:08.0112 3968 HidUsb - ok
16:19:18.0447 3968 hpn - ok
16:19:22.0904 3968 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:19:22.0944 3968 hpqcxs08 - ok
16:19:26.0949 3968 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
16:19:26.0999 3968 HTTP - ok
16:20:00.0728 3968 HTTPFilter (da826826c5c9116f47e0cd0ca8cc7c11) C:\WINDOWS\System32\w3ssl.dll
16:20:00.0728 3968 HTTPFilter - ok
16:20:11.0093 3968 i2omgmt - ok
16:20:21.0498 3968 i2omp - ok
16:20:30.0601 3968 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:20:30.0611 3968 i8042prt - ok
16:20:39.0604 3968 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:20:39.0614 3968 Imapi - ok
16:21:10.0749 3968 ImapiService (cf9d286b34cb4912f3b28b4972d5cb33) C:\WINDOWS\System32\imapi.exe
16:21:10.0769 3968 ImapiService - ok
16:21:21.0154 3968 ini910u - ok
16:21:31.0539 3968 IntelIde - ok
16:21:32.0820 3968 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
16:21:32.0820 3968 ip6fw - ok
16:21:34.0403 3968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:21:34.0403 3968 IpFilterDriver - ok
16:21:43.0356 3968 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:21:43.0356 3968 IpInIp - ok
16:21:47.0281 3968 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:21:47.0291 3968 IpNat - ok
16:21:56.0294 3968 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:21:56.0304 3968 IPSec - ok
16:22:05.0257 3968 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:22:05.0257 3968 IRENUM - ok
16:22:07.0681 3968 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:22:07.0701 3968 isapnp - ok
16:22:16.0583 3968 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:22:16.0583 3968 Kbdclass - ok
16:22:25.0716 3968 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:22:25.0726 3968 kbdhid - ok
16:22:30.0894 3968 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
16:22:30.0904 3968 kmixer - ok
16:22:39.0757 3968 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
16:22:39.0777 3968 KSecDD - ok
16:22:54.0928 3968 lanmanserver (9757f6e16fd1eab54d6eb9d5eb3cbcb5) C:\WINDOWS\System32\srvsvc.dll
16:22:54.0938 3968 lanmanserver - ok
16:23:25.0773 3968 lanmanworkstation (57f5534f07df14c6a74ec6a40b6d04d5) C:\WINDOWS\System32\wkssvc.dll
16:23:25.0793 3968 lanmanworkstation - ok
16:23:36.0188 3968 Lbd - ok
16:23:46.0573 3968 lbrtfdc - ok
16:24:14.0833 3968 LmHosts (f9ee6d2aab0690b34ae35ba9921a1414) C:\WINDOWS\System32\lmhsvc.dll
16:24:14.0843 3968 LmHosts - ok
16:24:18.0839 3968 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
16:24:18.0839 3968 MBAMProtector - ok
16:24:22.0004 3968 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:24:22.0074 3968 MBAMService - ok
16:24:23.0466 3968 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:24:23.0496 3968 MDM - ok
16:24:51.0586 3968 Messenger (8b2fcbd881879b55be40b41f12ffc431) C:\WINDOWS\System32\msgsvc.dll
16:24:51.0596 3968 Messenger - ok
16:25:01.0190 3968 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:25:01.0220 3968 Microsoft Office Groove Audit Service - ok
16:25:04.0635 3968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:25:04.0645 3968 mnmdd - ok
16:25:34.0508 3968 mnmsrvc (7d137132d6a9b41ef800e59a771ed48c) C:\WINDOWS\System32\mnmsrvc.exe
16:25:34.0508 3968 mnmsrvc - ok
16:25:43.0261 3968 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
16:25:43.0271 3968 Modem - ok
16:25:52.0003 3968 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:25:52.0013 3968 Mouclass - ok
16:25:58.0082 3968 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:25:58.0082 3968 mouhid - ok
16:26:06.0774 3968 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:26:06.0784 3968 MountMgr - ok
16:26:17.0149 3968 mraid35x - ok
16:26:22.0747 3968 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:26:22.0777 3968 MRxDAV - ok
16:26:28.0456 3968 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:26:28.0506 3968 MRxSmb - ok
16:27:06.0320 3968 MSDTC (944a24032aed84c59455b981f6ca1c1a) C:\WINDOWS\System32\msdtc.exe
16:27:06.0330 3968 MSDTC - ok
16:27:14.0922 3968 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:27:14.0922 3968 Msfs - ok
16:27:14.0962 3968 MSICPL - ok
16:28:04.0624 3968 MSIServer - ok
16:28:13.0196 3968 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:28:13.0206 3968 MSKSSRV - ok
16:28:21.0708 3968 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:28:21.0708 3968 MSPCLOCK - ok
16:28:30.0341 3968 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:28:30.0351 3968 MSPQM - ok
16:28:31.0312 3968 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:28:31.0322 3968 mssmbios - ok
16:28:39.0824 3968 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
16:28:39.0844 3968 MSTEE - ok
16:28:48.0307 3968 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:28:48.0327 3968 Mup - ok
16:28:56.0819 3968 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:28:56.0859 3968 NABTSFEC - ok
16:29:05.0281 3968 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:29:05.0311 3968 NDIS - ok
16:29:13.0663 3968 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:29:13.0663 3968 NdisIP - ok
16:29:14.0534 3968 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:29:14.0534 3968 NdisTapi - ok
16:29:22.0906 3968 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:29:22.0906 3968 Ndisuio - ok
16:29:31.0258 3968 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:29:31.0278 3968 NdisWan - ok
16:29:32.0330 3968 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:29:32.0350 3968 NDProxy - ok
16:29:40.0632 3968 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:29:40.0642 3968 NetBIOS - ok
16:29:48.0954 3968 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:29:48.0994 3968 NetBT - ok
16:30:06.0749 3968 NetDDE (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
16:30:06.0779 3968 NetDDE - ok
16:30:06.0870 3968 NetDDEdsdm (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
16:30:06.0880 3968 NetDDEdsdm - ok
16:30:21.0310 3968 Netlogon (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\System32\lsass.exe
16:30:21.0310 3968 Netlogon - ok
16:30:22.0582 3968 Netman (86ad5b0e02f2c968fbb096ab4c555c9c) C:\WINDOWS\System32\netman.dll
16:30:22.0602 3968 Netman - ok
16:30:31.0625 3968 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:30:31.0645 3968 NIC1394 - ok
16:30:34.0429 3968 Nla (a6e79b60ac73241e5721ab6a573d2b24) C:\WINDOWS\System32\mswsock.dll
16:30:34.0439 3968 Nla - ok
16:30:39.0637 3968 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
16:30:39.0647 3968 nmwcd - ok
16:30:45.0265 3968 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
16:30:45.0275 3968 nmwcdc - ok
16:30:53.0406 3968 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:30:53.0417 3968 Npfs - ok
16:30:53.0427 3968 NTACCESS - ok
16:30:57.0633 3968 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
16:30:57.0693 3968 Ntfs - ok
16:31:11.0983 3968 NtLmSsp (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\System32\lsass.exe
16:31:11.0993 3968 NtLmSsp - ok
16:31:48.0946 3968 NtmsSvc (d8d2b13ba93ae830b1a637df571d1195) C:\WINDOWS\system32\ntmssvc.dll
16:31:49.0016 3968 NtmsSvc - ok
16:31:50.0068 3968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:31:50.0068 3968 Null - ok
16:31:51.0280 3968 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:31:51.0871 3968 nv - ok
16:32:20.0281 3968 NVSvc (e9e110cdf6a063a5f9b841c36fb5cc95) C:\WINDOWS\system32\nvsvc32.exe
16:32:20.0311 3968 NVSvc - ok
16:32:22.0054 3968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:32:22.0064 3968 NwlnkFlt - ok
16:32:23.0897 3968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:32:23.0907 3968 NwlnkFwd - ok
16:32:27.0281 3968 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:32:27.0372 3968 odserv - ok
16:32:35.0433 3968 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:32:35.0453 3968 ohci1394 - ok
16:32:36.0575 3968 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:32:36.0605 3968 ose - ok
16:32:44.0676 3968 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
16:32:44.0687 3968 Parport - ok
16:32:45.0398 3968 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:32:45.0398 3968 PartMgr - ok
16:32:46.0639 3968 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:32:46.0639 3968 ParVdm - ok
16:32:48.0011 3968 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:32:48.0011 3968 pccsmcfd - ok
16:32:56.0003 3968 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
16:32:56.0013 3968 PCI - ok
16:33:06.0378 3968 PCIDump - ok
16:33:16.0683 3968 PCIIde - ok
16:33:24.0604 3968 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:33:24.0624 3968 Pcmcia - ok
16:33:34.0959 3968 PDCOMP - ok
16:33:45.0314 3968 PDFRAME - ok
16:33:55.0649 3968 PDRELI - ok
16:34:06.0043 3968 PDRFRAME - ok
16:34:16.0368 3968 perc2 - ok
16:34:27.0084 3968 perc2hib - ok
16:34:43.0367 3968 PlugPlay (6e401e61f952fbbf708afbecefafae81) C:\WINDOWS\system32\services.exe
16:34:43.0377 3968 PlugPlay - ok
16:34:57.0708 3968 PolicyAgent (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\System32\lsass.exe
16:34:57.0708 3968 PolicyAgent - ok
16:35:05.0479 3968 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:35:05.0489 3968 PptpMiniport - ok
16:35:13.0370 3968 Processor (9a10e4fd13824823da50d4758bd0a645) C:\WINDOWS\system32\DRIVERS\processr.sys
16:35:13.0390 3968 Processor - ok
16:35:27.0731 3968 ProtectedStorage (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
16:35:27.0741 3968 ProtectedStorage - ok
16:35:35.0622 3968 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:35:35.0632 3968 PSched - ok
16:35:36.0544 3968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:35:36.0544 3968 Ptilink - ok
16:35:41.0891 3968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
16:35:41.0931 3968 PxHelp20 - ok
16:35:52.0306 3968 ql1080 - ok
16:36:02.0651 3968 Ql10wnt - ok
16:36:13.0026 3968 ql12160 - ok
16:36:23.0341 3968 ql1240 - ok
16:36:33.0946 3968 ql1280 - ok
16:36:35.0108 3968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:36:35.0108 3968 RasAcd - ok
16:36:59.0463 3968 RasAuto (e68b6f9a726a444059705ab43b5656d1) C:\WINDOWS\System32\rasauto.dll
16:36:59.0483 3968 RasAuto - ok
16:37:07.0324 3968 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:37:07.0344 3968 Rasl2tp - ok
16:37:10.0469 3968 RasMan (0d5b4272012d2addaa9c97d8bf207dea) C:\WINDOWS\System32\rasmans.dll
16:37:10.0519 3968 RasMan - ok
16:37:18.0350 3968 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:37:18.0370 3968 RasPppoe - ok
16:37:19.0361 3968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:37:19.0361 3968 Raspti - ok
16:37:23.0477 3968 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:37:23.0487 3968 Rdbss - ok
16:37:24.0639 3968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:37:24.0639 3968 RDPCDD - ok
16:37:32.0410 3968 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:37:32.0440 3968 rdpdr - ok
16:37:36.0386 3968 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
16:37:36.0396 3968 RDPWD - ok
16:37:52.0239 3968 RDSessMgr (125acf258da9633f748131a0e0185af3) C:\WINDOWS\system32\sessmgr.exe
16:37:52.0259 3968 RDSessMgr - ok
16:37:59.0960 3968 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:37:59.0980 3968 redbook - ok
16:38:15.0743 3968 RemoteAccess (eb5e1a601e5a1908a87e4d5a41803d98) C:\WINDOWS\System32\mprdim.dll
16:38:15.0753 3968 RemoteAccess - ok
16:38:19.0037 3968 RemoteRegistry (5b21208fcf8970bb61fe98e19d828714) C:\WINDOWS\system32\regsvc.dll
16:38:19.0047 3968 RemoteRegistry - ok
16:38:47.0358 3968 RpcLocator (c8a3b668985d61249f2dc71716c58de8) C:\WINDOWS\System32\locator.exe
16:38:47.0368 3968 RpcLocator - ok
16:39:21.0217 3968 RpcSs (dbde980506b54ae928d151d12419b425) C:\WINDOWS\system32\rpcss.dll
16:39:21.0227 3968 RpcSs - ok
16:39:43.0208 3968 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
16:39:43.0218 3968 RSVP - ok
16:39:49.0137 3968 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:39:49.0137 3968 rtl8139 - ok
16:40:03.0568 3968 SamSs (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
16:40:03.0578 3968 SamSs - ok
16:40:20.0342 3968 SCardSvr (c177354e995cc1aa1f767bcd9980434a) C:\WINDOWS\System32\SCardSvr.exe
16:40:20.0352 3968 SCardSvr - ok
16:40:24.0317 3968 Schedule (29ac93307c6182dbe336bca314947f28) C:\WINDOWS\system32\schedsvc.dll
16:40:24.0347 3968 Schedule - ok
16:40:30.0056 3968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:40:30.0056 3968 Secdrv - ok
16:41:05.0877 3968 seclogon (c76cb8a133374fac6805f83ff7b7da03) C:\WINDOWS\System32\seclogon.dll
16:41:05.0887 3968 seclogon - ok
16:41:41.0579 3968 SENS (220ad85ba9c5b3011296354011b901cc) C:\WINDOWS\system32\sens.dll
16:41:41.0589 3968 SENS - ok
16:41:49.0290 3968 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:41:49.0290 3968 serenum - ok
16:41:56.0961 3968 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\DRIVERS\serial.sys
16:41:56.0981 3968 Serial - ok
16:42:00.0135 3968 servicelayer (77faa749c34193f003f666d2e368a1f8) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:42:00.0195 3968 servicelayer - ok
16:42:00.0235 3968 SetupNTGLM7X - ok
16:42:07.0956 3968 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:42:07.0956 3968 Sfloppy - ok
16:42:39.0522 3968 SharedAccess (6a93501bcdebf159109429b022c0ff83) C:\WINDOWS\System32\ipnathlp.dll
16:42:39.0562 3968 SharedAccess - ok
16:42:54.0624 3968 ShellHWDetection (e26edc7afa8da3c528055eabc82c8c79) C:\WINDOWS\System32\shsvcs.dll
16:42:54.0634 3968 ShellHWDetection - ok
16:43:05.0089 3968 Simbad - ok
16:43:12.0690 3968 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:43:12.0690 3968 SLIP - ok
16:43:23.0145 3968 Sparrow - ok
16:43:28.0262 3968 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
16:43:28.0262 3968 splitter - ok
16:44:01.0810 3968 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
16:44:01.0820 3968 Spooler - ok
16:44:09.0451 3968 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
16:44:09.0471 3968 sr - ok
16:44:42.0779 3968 srservice (3cd57f31a64d32fdb28918b16d1e6aac) C:\WINDOWS\System32\srsvc.dll
16:44:42.0809 3968 srservice - ok
16:44:46.0715 3968 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
16:44:46.0745 3968 Srv - ok
16:45:20.0063 3968 SSDPSRV (88c28f53f53438dafcd95e99c837c61e) C:\WINDOWS\System32\ssdpsrv.dll
16:45:20.0083 3968 SSDPSRV - ok
16:45:51.0748 3968 stisvc (b824215a934a24928cddd1ef7e113035) C:\WINDOWS\system32\wiaservc.dll
16:45:51.0788 3968 stisvc - ok
16:45:59.0389 3968 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:45:59.0389 3968 streamip - ok
16:46:06.0850 3968 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:46:06.0850 3968 swenum - ok
16:46:12.0408 3968 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:46:12.0428 3968 swmidi - ok
16:47:02.0310 3968 SwPrv - ok
16:47:12.0705 3968 symc810 - ok
16:47:23.0110 3968 symc8xx - ok
16:47:33.0485 3968 sym_hi - ok
16:47:43.0839 3968 sym_u3 - ok
16:47:51.0300 3968 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:47:51.0320 3968 sysaudio - ok
16:48:26.0751 3968 SysmonLog (d9c9ecff4904e6151525c533aeedf8f4) C:\WINDOWS\system32\smlogsvc.exe
16:48:26.0761 3968 SysmonLog - ok
16:49:01.0171 3968 TapiSrv (250241d65ccf692aeacc318a266413c2) C:\WINDOWS\System32\tapisrv.dll
16:49:01.0201 3968 TapiSrv - ok
16:49:05.0076 3968 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:49:05.0116 3968 Tcpip - ok
16:49:12.0517 3968 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:49:12.0517 3968 TDPIPE - ok
16:49:19.0868 3968 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:49:19.0878 3968 TDTCP - ok
16:49:27.0238 3968 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:49:27.0248 3968 TermDD - ok
16:50:00.0987 3968 TermService (2f5919f2f6ee7a845893d9c3aa2bc56a) C:\WINDOWS\System32\termsrv.dll
16:50:01.0007 3968 TermService - ok
16:50:06.0995 3968 tffsport (e70124b772ad84b6bc1e3a92a59d1799) C:\WINDOWS\system32\DRIVERS\tffsport.sys
16:50:07.0025 3968 tffsport - ok
16:50:22.0107 3968 Themes (e26edc7afa8da3c528055eabc82c8c79) C:\WINDOWS\System32\shsvcs.dll
16:50:22.0117 3968 Themes - ok
16:50:55.0825 3968 TlntSvr (535c2fb97336bafa509f4783dd1e5746) C:\WINDOWS\System32\tlntsvr.exe
16:50:55.0866 3968 TlntSvr - ok
16:51:06.0260 3968 TosIde - ok
16:51:39.0939 3968 TrkWks (4dce17221b1a87fb47e36842f3e38753) C:\WINDOWS\system32\trkwks.dll
16:51:39.0959 3968 TrkWks - ok
16:51:47.0320 3968 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:51:47.0340 3968 Udfs - ok
16:51:57.0654 3968 ultra - ok
16:52:04.0955 3968 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
16:52:04.0975 3968 Update - ok
16:52:25.0635 3968 upnphost (0c0c2c77c6b52181369594f2aa36af40) C:\WINDOWS\System32\upnphost.dll
16:52:25.0645 3968 upnphost - ok
16:52:31.0984 3968 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
16:52:31.0984 3968 upperdev - ok
16:53:05.0352 3968 UPS (6148a3ba4d9cc628357fc92014fea30e) C:\WINDOWS\System32\ups.exe
16:53:05.0352 3968 UPS - ok
16:53:12.0562 3968 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:53:12.0562 3968 usbccgp - ok
16:53:19.0722 3968 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:53:19.0732 3968 usbhub - ok
16:53:26.0873 3968 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:53:26.0873 3968 usbprint - ok
16:53:33.0923 3968 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:53:33.0923 3968 usbscan - ok
16:53:39.0611 3968 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
16:53:39.0611 3968 usbser - ok
16:53:45.0309 3968 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
16:53:45.0309 3968 UsbserFilt - ok
16:53:52.0399 3968 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:53:52.0409 3968 USBSTOR - ok
16:53:59.0379 3968 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:53:59.0379 3968 usbuhci - ok
16:54:06.0359 3968 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:54:06.0369 3968 VgaSave - ok
16:54:16.0354 3968 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:54:16.0364 3968 viaagp - ok
16:54:23.0284 3968 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:54:23.0284 3968 ViaIde - ok
16:54:27.0820 3968 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
16:54:27.0830 3968 VIAudio - ok
16:54:34.0941 3968 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
16:54:34.0961 3968 VolSnap - ok
16:55:06.0706 3968 VSS (043539881667bb37b07524032d6ffc3e) C:\WINDOWS\System32\vssvc.exe
16:55:06.0736 3968 VSS - ok
16:55:34.0987 3968 W32Time (2ceebb402187ae56b585701f3d191fb3) C:\WINDOWS\System32\w32time.dll
16:55:35.0007 3968 W32Time - ok
16:55:41.0907 3968 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:55:41.0917 3968 Wanarp - ok
16:55:47.0455 3968 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:55:47.0495 3968 Wdf01000 - ok
16:55:57.0920 3968 WDICA - ok
16:56:00.0083 3968 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
16:56:00.0093 3968 wdmaud - ok
16:56:02.0526 3968 WebClient (4bd50644cf52f00091f894ab7541e538) C:\WINDOWS\System32\webclnt.dll
16:56:02.0547 3968 WebClient - ok
16:56:05.0621 3968 winmgmt (e12084ea622bdf2262c637bef15dd85c) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:56:05.0641 3968 winmgmt - ok
16:56:35.0504 3968 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:56:35.0504 3968 WmdmPmSN - ok
16:57:03.0494 3968 Wmi (0cdc4a0c6b820fad99fb4ca74cd0c476) C:\WINDOWS\System32\advapi32.dll
16:57:03.0514 3968 Wmi - ok
16:57:06.0919 3968 WmiApSrv (bcd21b989f0fd4ace78287fc01b4693d) C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:57:06.0939 3968 WmiApSrv - ok
16:57:08.0441 3968 wmpnetworksvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:57:08.0571 3968 wmpnetworksvc - ok
16:57:14.0490 3968 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:57:14.0500 3968 WpdUsb - ok
16:57:16.0763 3968 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:57:16.0773 3968 WS2IFSL - ok
16:58:00.0536 3968 wscsvc (4aded1adef25041d9827f9a79c0fda13) C:\WINDOWS\system32\wscsvc.dll
16:58:00.0546 3968 wscsvc - ok
16:58:07.0456 3968 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:58:07.0456 3968 WSTCODEC - ok
16:58:51.0279 3968 wuauserv (21f5169ca14e0b25c757644456f637df) C:\WINDOWS\system32\wuauserv.dll
16:58:51.0279 3968 wuauserv - ok
16:58:57.0198 3968 wudfpf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:58:57.0208 3968 wudfpf - ok
16:59:03.0146 3968 wudfrd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:59:03.0166 3968 wudfrd - ok
16:59:48.0271 3968 wudfsvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
16:59:48.0291 3968 wudfsvc - ok
17:00:16.0862 3968 WZCSVC (325cedef696ef4b649ddcd3968d085c9) C:\WINDOWS\System32\wzcsvc.dll
17:00:16.0902 3968 WZCSVC - ok
17:01:00.0615 3968 xmlprov (9b835d4c64860b155a1701d5092ec9e4) C:\WINDOWS\System32\xmlprov.dll
17:01:00.0645 3968 xmlprov - ok
17:01:00.0765 3968 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
17:01:00.0966 3968 \Device\Harddisk0\DR0 - ok
17:01:01.0016 3968 Boot (0x1200) (d02ef63ad79f284121e36713ecd37bfc) \Device\Harddisk0\DR0\Partition0
17:01:01.0026 3968 \Device\Harddisk0\DR0\Partition0 - ok
17:01:01.0046 3968 ============================================================
17:01:01.0046 3968 Scan finished
17:01:01.0046 3968 ============================================================
17:01:01.0116 0856 Detected object count: 0
17:01:01.0116 0856 Actual detected object count: 0
17:12:52.0018 1908 Deinitialize success

ComboFix 12-04-12.02 - Pavel Borkovec 12.04.2012 17:26:04.1.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.768.555 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel Borkovec\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pavel Borkovec\Dokumenty\~WRL0002.tmp
c:\documents and settings\Pavel Borkovec\Dokumenty\~WRL0004.tmp
c:\documents and settings\Pavel Borkovec\Dokumenty\~WRL2052.tmp
c:\documents and settings\Pavel Borkovec\WINDOWS
c:\windows\regopt.log
c:\windows\system32\.exe
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET39.tmp
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-12 do 2012-04-12 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 11:20 . 2012-03-08 11:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-10-31 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-20 200704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2007-1-30 929889]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [21.5.2009 23:36 149376]
S1 dc4438c3;dc4438c3;c:\windows\system32\drivers\dc4438c3.sys --> c:\windows\system32\drivers\dc4438c3.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.1.2010 11:25 135664]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [10.10.2008 16:17 148352]
S3 GNDHV71;Genius VideoCAM Live V2;c:\windows\system32\drivers\gndhv71.sys [24.1.2011 16:28 310084]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.1.2010 11:25 135664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:25]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:25]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Pavel Borkovec\Data aplikací\Mozilla\Firefox\Profiles\j4gu72oh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.1.5&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: BS Player Community Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-9xadiras - 9xadiras.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-hp deskjet 845c series - c:\program files\hp deskjet 845c series\hpfiui.exe
AddRemove-Sichr 7 - c:\program files\OEZ\Sichr 7\uninstall.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 17:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-04-12 17:37:03
ComboFix-quarantined-files.txt 2012-04-12 15:37
.
Před spuštěním: 2 404 614 144
Po spuštění: 4 407 033 856
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 439F455D95C7A5E182BBCA9514A34C9F

[memphisto]

Máš málo místa na systémovém disku. Uvolni místo.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Driver::
DwProt
Lbd
dc4438c3
SetupNTGLM7X

File::
c:\windows\system32\drivers\dwprot.sys
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\system32\drivers\dc4438c3.sys
d:\NTGLM7X.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Firefox::
FF - ProfilePath - c:\documents and settings\Pavel Borkovec\Data aplikací\Mozilla\Firefox\Profiles\j4gu72oh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.1.5&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: BS Player Community Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[xborisek]

ComboFix 12-04-12.02 - Pavel Borkovec 13.04.2012 8:51.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.768.418 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel Borkovec\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel Borkovec\Plocha\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\dc4438c3.sys"
"c:\windows\system32\drivers\dwprot.sys"
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"d:\NTGLM7X.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Legacy_SETUPNTGLM7X
-------\Service_dc4438c3
-------\Service_DwProt
-------\Service_Lbd
-------\Service_SetupNTGLM7X
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-13 do 2012-04-13 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 11:20 . 2012-03-08 11:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-10-31 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-20 200704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2007-1-30 929889]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [21.5.2009 23:36 149376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.1.2010 11:25 135664]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [10.10.2008 16:17 148352]
S3 GNDHV71;Genius VideoCAM Live V2;c:\windows\system32\drivers\gndhv71.sys [24.1.2011 16:28 310084]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.1.2010 11:25 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:25]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:25]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Pavel Borkovec\Data aplikací\Mozilla\Firefox\Profiles\j4gu72oh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BS Player Community Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 09:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2012-04-13 09:08:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-13 07:08
ComboFix2.txt 2012-04-12 15:37
.
Před spuštěním: 4 452 384 768
Po spuštění: 4 348 280 832
.
- - End Of File - - 25BAEB7096BDD1FAB72C19D5FCDA3D01

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


vlož nový log z HJT+ info o PC.

[xborisek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:53, on 13.4.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\Install\{632B90D1-F56C-46CC-B89A-25072CF7DFFC}\chrome_updater.exe
C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_1A412.tmp\setup.exe
C:\Documents and Settings\Pavel Borkovec\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer (servicelayer) - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4971 bytes


PC dneska nezamrzlo. Ještě bych se ozvala v pondělí, až to přes víkend švagrová prozkouší. Děkuji za pomoc.

[memphisto]

fixni ještě:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

Jinak je to z naší strany vše