Prosím o kontrolu logu z dětského PC Vyřešeno

[Airm]

Dobrý den, koupil jsem starší počítač který budou využívat děcka na hry a internet ale padá internetový prohlížeč jak IE, Chrome, Opera taky se po nějákém čase strašně zbrzdí a všechno trvá dlouho.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:00, on 13.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [InstallShieldSetup] "C:\Documents and Settings\prckove\Data aplikací\InstallShield Installation Information\{1F93C992-D01F-4C68-B507-594722DD6FDD}\setup.exe" -reboot"C:\Documents and Settings\prckove\Data aplikací\InstallShield Installation Information\{1F93C992-D01F-4C68-B507-594722DD6FDD}\reboot.ini"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5167 bytes

[Reklama]

[memphisto]

v logu fixni:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\RunOnce: [InstallShieldSetup] "C:\Documents and Settings\prckove\Data aplikací\InstallShield Installation Information\{1F93C992-D01F-4C68-B507-594722DD6FDD}\setup.exe" -reboot"C:\Documents and Settings\prckove\Data aplikací\InstallShield Installation Information\{1F93C992-D01F-4C68-B507-594722DD6FDD}\reboot.ini"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Airm]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
prckove :: DETI [administrátor]

Ochrana: Povolena

13.11.2012 18:18:36
mbam-log-2012-11-13 (18-18-36).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 180746
Uplynulý čas: 11 minut, 55 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Žbeky]

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Airm]

Ten TDSSKiller moc nechápu .. když ho spustím tak tam je scan tak jsem na něj kliknul a pak se tam oběvilo že je nějáká chyba tak jsem dal pokračovat

12:53:12.0859 3292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:53:13.0156 3292 ============================================================
12:53:13.0156 3292 Current date / time: 2012/11/14 12:53:13.0156
12:53:13.0156 3292 SystemInfo:
12:53:13.0156 3292
12:53:13.0156 3292 OS Version: 5.1.2600 ServicePack: 3.0
12:53:13.0156 3292 Product type: Workstation
12:53:13.0156 3292 ComputerName: DETI
12:53:13.0156 3292 UserName: prckove
12:53:13.0156 3292 Windows directory: C:\WINDOWS
12:53:13.0156 3292 System windows directory: C:\WINDOWS
12:53:13.0156 3292 Processor architecture: Intel x86
12:53:13.0156 3292 Number of processors: 1
12:53:13.0156 3292 Page size: 0x1000
12:53:13.0156 3292 Boot type: Normal boot
12:53:13.0156 3292 ============================================================
12:53:15.0078 3292 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:53:15.0093 3292 ============================================================
12:53:15.0093 3292 \Device\Harddisk0\DR0:
12:53:15.0093 3292 MBR partitions:
12:53:15.0093 3292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
12:53:15.0093 3292 ============================================================
12:53:15.0125 3292 C: <-> \Device\Harddisk0\DR0\Partition1
12:53:15.0125 3292 ============================================================
12:53:15.0125 3292 Initialize success
12:53:15.0125 3292 ============================================================
12:53:17.0046 3332 ============================================================
12:53:17.0046 3332 Scan started
12:53:17.0046 3332 Mode: Manual;
12:53:17.0046 3332 ============================================================
12:53:18.0703 3332 ================ Scan system memory ========================
12:53:18.0703 3332 System memory - ok
12:53:18.0718 3332 ================ Scan services =============================
12:53:18.0828 3332 Abiosdsk - ok
12:53:18.0843 3332 abp480n5 - ok
12:53:18.0890 3332 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:53:18.0906 3332 ACPI - ok
12:53:18.0953 3332 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:53:18.0953 3332 ACPIEC - ok
12:53:19.0046 3332 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:19.0046 3332 AdobeFlashPlayerUpdateSvc - ok
12:53:19.0062 3332 adpu160m - ok
12:53:19.0125 3332 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:53:19.0125 3332 aec - ok
12:53:19.0171 3332 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:53:19.0171 3332 AFD - ok
12:53:19.0187 3332 Aha154x - ok
12:53:19.0203 3332 aic78u2 - ok
12:53:19.0218 3332 aic78xx - ok
12:53:19.0406 3332 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:53:19.0531 3332 ALCXWDM - ok
12:53:20.0281 3332 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:53:20.0281 3332 Alerter - ok
12:53:20.0312 3332 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
12:53:20.0312 3332 ALG - ok
12:53:20.0328 3332 AliIde - ok
12:53:20.0343 3332 amsint - ok
12:53:20.0359 3332 AppMgmt - ok
12:53:20.0375 3332 asc - ok
12:53:20.0390 3332 asc3350p - ok
12:53:20.0406 3332 asc3550 - ok
12:53:20.0437 3332 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:53:20.0437 3332 AsyncMac - ok
12:53:20.0500 3332 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:53:20.0500 3332 atapi - ok
12:53:20.0515 3332 Atdisk - ok
12:53:20.0578 3332 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:53:20.0578 3332 Atmarpc - ok
12:53:20.0640 3332 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:53:20.0640 3332 AudioSrv - ok
12:53:20.0687 3332 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:53:20.0687 3332 audstub - ok
12:53:20.0765 3332 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:53:20.0765 3332 Beep - ok
12:53:20.0828 3332 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
12:53:20.0937 3332 BITS - ok
12:53:20.0968 3332 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
12:53:20.0984 3332 Browser - ok
12:53:21.0015 3332 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:53:21.0031 3332 cbidf2k - ok
12:53:21.0031 3332 cd20xrnt - ok
12:53:21.0078 3332 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:53:21.0078 3332 Cdaudio - ok
12:53:21.0125 3332 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:53:21.0140 3332 Cdfs - ok
12:53:21.0187 3332 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:53:21.0187 3332 Cdrom - ok
12:53:21.0203 3332 Changer - ok
12:53:21.0234 3332 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:53:21.0234 3332 CiSvc - ok
12:53:21.0250 3332 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:53:21.0265 3332 ClipSrv - ok
12:53:21.0265 3332 CmdIde - ok
12:53:21.0281 3332 COMSysApp - ok
12:53:21.0312 3332 Cpqarray - ok
12:53:21.0359 3332 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:53:21.0359 3332 CryptSvc - ok
12:53:21.0375 3332 dac2w2k - ok
12:53:21.0390 3332 dac960nt - ok
12:53:21.0437 3332 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:53:21.0468 3332 DcomLaunch - ok
12:53:21.0531 3332 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:53:21.0531 3332 Dhcp - ok
12:53:21.0578 3332 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:53:21.0578 3332 Disk - ok
12:53:21.0578 3332 dmadmin - ok
12:53:21.0656 3332 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:53:21.0703 3332 dmboot - ok
12:53:21.0765 3332 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:53:21.0765 3332 dmio - ok
12:53:21.0796 3332 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:53:21.0796 3332 dmload - ok
12:53:21.0812 3332 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:53:21.0812 3332 dmserver - ok
12:53:21.0859 3332 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:53:21.0859 3332 DMusic - ok
12:53:21.0921 3332 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:53:21.0921 3332 Dnscache - ok
12:53:21.0968 3332 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:53:21.0968 3332 Dot3svc - ok
12:53:21.0984 3332 dpti2o - ok
12:53:22.0031 3332 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:53:22.0031 3332 drmkaud - ok
12:53:22.0078 3332 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:53:22.0078 3332 EapHost - ok
12:53:22.0109 3332 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:53:22.0109 3332 ERSvc - ok
12:53:22.0171 3332 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
12:53:22.0187 3332 Eventlog - ok
12:53:22.0250 3332 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
12:53:22.0250 3332 EventSystem - ok
12:53:22.0312 3332 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:53:22.0312 3332 Fastfat - ok
12:53:22.0359 3332 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:53:22.0390 3332 FastUserSwitchingCompatibility - ok
12:53:22.0437 3332 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:53:22.0437 3332 Fdc - ok
12:53:22.0453 3332 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:53:22.0453 3332 Fips - ok
12:53:22.0484 3332 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:53:22.0484 3332 Flpydisk - ok
12:53:22.0531 3332 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:53:22.0546 3332 FltMgr - ok
12:53:22.0562 3332 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:53:22.0562 3332 Fs_Rec - ok
12:53:22.0578 3332 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:53:22.0578 3332 Ftdisk - ok
12:53:22.0625 3332 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:53:22.0625 3332 gameenum - ok
12:53:22.0671 3332 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:53:22.0671 3332 Gpc - ok
12:53:22.0843 3332 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:53:22.0859 3332 gupdate - ok
12:53:22.0875 3332 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:53:22.0875 3332 gupdatem - ok
12:53:22.0968 3332 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:53:22.0968 3332 helpsvc - ok
12:53:23.0031 3332 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:53:23.0031 3332 HidServ - ok
12:53:23.0093 3332 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:53:23.0093 3332 hidusb - ok
12:53:23.0140 3332 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:53:23.0140 3332 hkmsvc - ok
12:53:23.0156 3332 hpn - ok
12:53:23.0218 3332 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:53:23.0218 3332 HTTP - ok
12:53:23.0265 3332 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:53:23.0281 3332 HTTPFilter - ok
12:53:23.0281 3332 i2omgmt - ok
12:53:23.0296 3332 i2omp - ok
12:53:23.0328 3332 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:53:23.0343 3332 i8042prt - ok
12:53:23.0421 3332 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:53:23.0453 3332 ialm - ok
12:53:23.0468 3332 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:53:23.0468 3332 Imapi - ok
12:53:23.0531 3332 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:53:23.0531 3332 ImapiService - ok
12:53:23.0546 3332 ini910u - ok
12:53:23.0609 3332 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:53:23.0609 3332 IntelIde - ok
12:53:23.0671 3332 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:53:23.0671 3332 intelppm - ok
12:53:23.0703 3332 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:53:23.0703 3332 Ip6Fw - ok
12:53:23.0718 3332 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:53:23.0734 3332 IpFilterDriver - ok
12:53:23.0734 3332 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:53:23.0750 3332 IpInIp - ok
12:53:23.0781 3332 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:53:23.0796 3332 IpNat - ok
12:53:23.0859 3332 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:53:23.0859 3332 IPSec - ok
12:53:23.0921 3332 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:53:23.0921 3332 IRENUM - ok
12:53:23.0953 3332 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:53:23.0953 3332 isapnp - ok
12:53:24.0109 3332 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:53:24.0109 3332 JavaQuickStarterService - ok
12:53:24.0171 3332 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:53:24.0171 3332 Kbdclass - ok
12:53:24.0234 3332 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:53:24.0234 3332 kbdhid - ok
12:53:24.0265 3332 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:53:24.0265 3332 kmixer - ok
12:53:24.0328 3332 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:53:24.0328 3332 KSecDD - ok
12:53:24.0375 3332 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:53:24.0375 3332 LanmanServer - ok
12:53:24.0421 3332 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:53:24.0437 3332 lanmanworkstation - ok
12:53:24.0453 3332 lbrtfdc - ok
12:53:24.0500 3332 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:53:24.0500 3332 LmHosts - ok
12:53:24.0546 3332 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:53:24.0546 3332 MBAMProtector - ok
12:53:24.0640 3332 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:53:24.0656 3332 MBAMScheduler - ok
12:53:24.0703 3332 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:53:24.0718 3332 MBAMService - ok
12:53:24.0765 3332 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:53:24.0765 3332 Messenger - ok
12:53:24.0812 3332 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:53:24.0812 3332 mnmdd - ok
12:53:24.0859 3332 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:53:24.0859 3332 mnmsrvc - ok
12:53:24.0906 3332 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:53:24.0906 3332 Modem - ok
12:53:24.0937 3332 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:53:24.0937 3332 Mouclass - ok
12:53:24.0953 3332 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:53:24.0953 3332 mouhid - ok
12:53:25.0015 3332 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:53:25.0015 3332 MountMgr - ok
12:53:25.0031 3332 mraid35x - ok
12:53:25.0062 3332 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:53:25.0062 3332 MRxDAV - ok
12:53:25.0109 3332 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:53:25.0140 3332 MRxSmb - ok
12:53:25.0171 3332 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:53:25.0171 3332 MSDTC - ok
12:53:25.0218 3332 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:53:25.0218 3332 Msfs - ok
12:53:25.0234 3332 MSIServer - ok
12:53:25.0281 3332 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:53:25.0281 3332 MSKSSRV - ok
12:53:25.0296 3332 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:53:25.0296 3332 MSPCLOCK - ok
12:53:25.0312 3332 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:53:25.0312 3332 MSPQM - ok
12:53:25.0375 3332 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:53:25.0375 3332 mssmbios - ok
12:53:25.0421 3332 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:53:25.0421 3332 Mup - ok
12:53:25.0500 3332 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:53:25.0500 3332 napagent - ok
12:53:25.0546 3332 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:53:25.0546 3332 NDIS - ok
12:53:25.0593 3332 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:53:25.0593 3332 NdisTapi - ok
12:53:25.0656 3332 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:53:25.0656 3332 Ndisuio - ok
12:53:25.0687 3332 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:53:25.0687 3332 NdisWan - ok
12:53:25.0750 3332 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:53:25.0750 3332 NDProxy - ok
12:53:25.0812 3332 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:53:25.0812 3332 NetBIOS - ok
12:53:25.0828 3332 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:53:25.0828 3332 NetBT - ok
12:53:25.0890 3332 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:53:25.0890 3332 NetDDE - ok
12:53:25.0906 3332 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:53:25.0906 3332 NetDDEdsdm - ok
12:53:25.0953 3332 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:53:25.0953 3332 Netlogon - ok
12:53:26.0031 3332 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
12:53:26.0031 3332 Netman - ok
12:53:26.0093 3332 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
12:53:26.0093 3332 Nla - ok
12:53:26.0140 3332 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:53:26.0140 3332 Npfs - ok
12:53:26.0218 3332 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:53:26.0234 3332 Ntfs - ok
12:53:26.0265 3332 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:53:26.0265 3332 NtLmSsp - ok
12:53:26.0328 3332 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:53:26.0343 3332 NtmsSvc - ok
12:53:26.0375 3332 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:53:26.0375 3332 Null - ok
12:53:26.0421 3332 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:53:26.0421 3332 NwlnkFlt - ok
12:53:26.0437 3332 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:53:26.0437 3332 NwlnkFwd - ok
12:53:26.0468 3332 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:53:26.0468 3332 Parport - ok
12:53:26.0484 3332 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:53:26.0484 3332 PartMgr - ok
12:53:26.0531 3332 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:53:26.0531 3332 ParVdm - ok
12:53:26.0546 3332 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:53:26.0546 3332 PCI - ok
12:53:26.0562 3332 PCIDump - ok
12:53:26.0578 3332 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
12:53:26.0578 3332 PCIIde - ok
12:53:26.0609 3332 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:53:26.0609 3332 Pcmcia - ok
12:53:26.0625 3332 PDCOMP - ok
12:53:26.0640 3332 PDFRAME - ok
12:53:26.0656 3332 PDRELI - ok
12:53:26.0671 3332 PDRFRAME - ok
12:53:26.0687 3332 perc2 - ok
12:53:26.0703 3332 perc2hib - ok
12:53:26.0765 3332 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
12:53:26.0765 3332 PlugPlay - ok
12:53:26.0781 3332 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:53:26.0781 3332 PolicyAgent - ok
12:53:26.0812 3332 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:53:26.0812 3332 PptpMiniport - ok
12:53:26.0828 3332 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:53:26.0828 3332 ProtectedStorage - ok
12:53:26.0843 3332 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:53:26.0843 3332 PSched - ok
12:53:26.0859 3332 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:53:26.0859 3332 Ptilink - ok
12:53:26.0859 3332 ql1080 - ok
12:53:26.0875 3332 Ql10wnt - ok
12:53:26.0890 3332 ql12160 - ok
12:53:26.0906 3332 ql1240 - ok
12:53:26.0921 3332 ql1280 - ok
12:53:26.0937 3332 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:53:26.0937 3332 RasAcd - ok
12:53:26.0984 3332 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:53:26.0984 3332 RasAuto - ok
12:53:27.0031 3332 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:53:27.0031 3332 Rasl2tp - ok
12:53:27.0046 3332 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:53:27.0062 3332 RasMan - ok
12:53:27.0078 3332 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:53:27.0078 3332 RasPppoe - ok
12:53:27.0078 3332 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:53:27.0093 3332 Raspti - ok
12:53:27.0125 3332 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:53:27.0125 3332 Rdbss - ok
12:53:27.0140 3332 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:53:27.0140 3332 RDPCDD - ok
12:53:27.0187 3332 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:53:27.0187 3332 RDPWD - ok
12:53:27.0234 3332 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:53:27.0250 3332 RDSessMgr - ok
12:53:27.0281 3332 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:53:27.0281 3332 redbook - ok
12:53:27.0328 3332 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:53:27.0328 3332 RemoteAccess - ok
12:53:27.0359 3332 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:53:27.0359 3332 RpcLocator - ok
12:53:27.0406 3332 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:53:27.0421 3332 RpcSs - ok
12:53:27.0453 3332 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:53:27.0468 3332 RSVP - ok
12:53:27.0500 3332 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:53:27.0500 3332 rtl8139 - ok
12:53:27.0531 3332 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
12:53:27.0531 3332 SamSs - ok
12:53:27.0578 3332 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:53:27.0578 3332 SCardSvr - ok
12:53:27.0640 3332 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:53:27.0640 3332 Schedule - ok
12:53:27.0671 3332 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:53:27.0671 3332 Secdrv - ok
12:53:27.0734 3332 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:53:27.0734 3332 seclogon - ok
12:53:27.0750 3332 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
12:53:27.0750 3332 SENS - ok
12:53:27.0781 3332 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:53:27.0781 3332 serenum - ok
12:53:27.0781 3332 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:53:27.0796 3332 Serial - ok
12:53:27.0812 3332 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:53:27.0812 3332 Sfloppy - ok
12:53:27.0843 3332 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:53:27.0859 3332 SharedAccess - ok
12:53:27.0906 3332 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:53:27.0906 3332 ShellHWDetection - ok
12:53:27.0921 3332 Simbad - ok
12:53:27.0984 3332 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:53:27.0984 3332 SkypeUpdate - ok
12:53:28.0000 3332 Sparrow - ok
12:53:28.0046 3332 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:53:28.0046 3332 splitter - ok
12:53:28.0093 3332 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:53:28.0109 3332 Spooler - ok
12:53:28.0171 3332 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
12:53:28.0171 3332 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
12:53:28.0171 3332 sptd ( LockedFile.Multi.Generic ) - warning
12:53:28.0171 3332 sptd - detected LockedFile.Multi.Generic (1)
12:53:28.0203 3332 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:53:28.0203 3332 sr - ok
12:53:28.0250 3332 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
12:53:28.0265 3332 srservice - ok
12:53:28.0296 3332 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:53:28.0312 3332 Srv - ok
12:53:28.0359 3332 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:53:28.0359 3332 SSDPSRV - ok
12:53:28.0421 3332 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:53:28.0437 3332 stisvc - ok
12:53:28.0468 3332 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:53:28.0484 3332 swenum - ok
12:53:28.0500 3332 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:53:28.0515 3332 swmidi - ok
12:53:28.0531 3332 SwPrv - ok
12:53:28.0546 3332 symc810 - ok
12:53:28.0546 3332 symc8xx - ok
12:53:28.0562 3332 sym_hi - ok
12:53:28.0578 3332 sym_u3 - ok
12:53:28.0593 3332 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:53:28.0609 3332 sysaudio - ok
12:53:28.0640 3332 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:53:28.0640 3332 SysmonLog - ok
12:53:28.0703 3332 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:53:28.0718 3332 TapiSrv - ok
12:53:28.0781 3332 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:53:28.0843 3332 Tcpip - ok
12:53:28.0890 3332 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:53:28.0890 3332 TDPIPE - ok
12:53:28.0906 3332 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:53:28.0906 3332 TDTCP - ok
12:53:28.0968 3332 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:53:28.0968 3332 TermDD - ok
12:53:29.0015 3332 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
12:53:29.0015 3332 TermService - ok
12:53:29.0062 3332 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:53:29.0062 3332 Themes - ok
12:53:29.0078 3332 TosIde - ok
12:53:29.0125 3332 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:53:29.0140 3332 TrkWks - ok
12:53:29.0203 3332 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:53:29.0203 3332 Udfs - ok
12:53:29.0218 3332 ultra - ok
12:53:29.0281 3332 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:53:29.0296 3332 Update - ok
12:53:29.0343 3332 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
12:53:29.0359 3332 upnphost - ok
12:53:29.0390 3332 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
12:53:29.0390 3332 UPS - ok
12:53:29.0437 3332 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:53:29.0437 3332 usbccgp - ok
12:53:29.0453 3332 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:53:29.0453 3332 usbehci - ok
12:53:29.0484 3332 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:53:29.0484 3332 usbhub - ok
12:53:29.0515 3332 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:53:29.0531 3332 usbprint - ok
12:53:29.0593 3332 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:53:29.0593 3332 USBSTOR - ok
12:53:29.0656 3332 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:53:29.0656 3332 usbuhci - ok
12:53:29.0703 3332 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:53:29.0703 3332 VgaSave - ok
12:53:29.0718 3332 ViaIde - ok
12:53:29.0765 3332 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:53:29.0765 3332 VolSnap - ok
12:53:29.0828 3332 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:53:29.0828 3332 VSS - ok
12:53:29.0875 3332 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
12:53:29.0890 3332 W32Time - ok
12:53:29.0937 3332 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:53:29.0937 3332 Wanarp - ok
12:53:29.0953 3332 WDICA - ok
12:53:29.0984 3332 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:53:30.0000 3332 wdmaud - ok
12:53:30.0031 3332 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:53:30.0031 3332 WebClient - ok
12:53:30.0140 3332 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:53:30.0140 3332 winmgmt - ok
12:53:30.0203 3332 [ C383926D4BA41AFBCA592B2AD1FE4109 ] WlanUIG C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
12:53:30.0250 3332 WlanUIG - ok
12:53:30.0296 3332 [ 6199B2AE3F9DB9CB6DB230471A1DC601 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:53:30.0296 3332 WmdmPmSN - ok
12:53:30.0359 3332 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:53:30.0359 3332 WmiApSrv - ok
12:53:30.0421 3332 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:53:30.0421 3332 wscsvc - ok
12:53:30.0468 3332 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:53:30.0484 3332 wuauserv - ok
12:53:30.0531 3332 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:53:30.0593 3332 WZCSVC - ok
12:53:30.0640 3332 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:53:30.0687 3332 xmlprov - ok
12:53:30.0718 3332 ================ Scan global ===============================
12:53:30.0765 3332 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
12:53:30.0812 3332 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:53:30.0843 3332 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:53:30.0875 3332 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
12:53:30.0890 3332 [Global] - ok
12:53:30.0890 3332 ================ Scan MBR ==================================
12:53:30.0921 3332 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
12:53:31.0125 3332 \Device\Harddisk0\DR0 - ok
12:53:31.0125 3332 ================ Scan VBR ==================================
12:53:31.0156 3332 [ D14B208724F4AE552D551F9E30584534 ] \Device\Harddisk0\DR0\Partition1
12:53:31.0156 3332 \Device\Harddisk0\DR0\Partition1 - ok
12:53:31.0156 3332 ============================================================
12:53:31.0156 3332 Scan finished
12:53:31.0156 3332 ============================================================
12:53:31.0187 3324 Detected object count: 1
12:53:31.0187 3324 Actual detected object count: 1
12:54:04.0734 3324 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:54:04.0734 3324 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

[Airm]

ComboFix 12-11-13.03 - prckove 14.11.2012 13:06:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.503.315 [GMT 1:00]
Spuštěný z: c:\documents and settings\prckove\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-14 do 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-13 17:02 . 2012-11-13 17:02 -------- d-----w- c:\documents and settings\prckove\Data aplikací\Malwarebytes
2012-11-13 17:01 . 2012-11-13 17:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-11-13 17:01 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 17:01 . 2012-11-13 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-13 16:59 . 2012-11-14 11:52 -------- d-----w- C:\Download Opera
2012-11-13 12:02 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-13 11:49 . 2012-08-28 15:18 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-13 11:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-11-13 11:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-11-13 10:50 . 2012-11-13 10:50 388096 ----a-r- c:\documents and settings\prckove\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-13 10:50 . 2012-11-13 10:50 -------- d-----w- c:\program files\Trend Micro
2012-11-13 10:27 . 2012-11-13 10:27 -------- d-----w- c:\documents and settings\prckove\Local Settings\Data aplikací\Opera
2012-11-13 10:27 . 2012-11-13 10:27 -------- d-----w- c:\program files\Opera
2012-11-13 10:24 . 2012-11-13 10:24 -------- d-----w- c:\program files\Common Files\Java
2012-11-13 10:24 . 2012-11-13 10:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-13 10:24 . 2012-11-13 10:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-13 10:24 . 2012-11-13 10:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-13 10:23 . 2012-11-13 10:23 -------- d-----w- c:\program files\Java
2012-11-13 10:22 . 2012-11-13 10:22 -------- d-----w- c:\documents and settings\prckove\Data aplikací\vlc
2012-11-13 10:20 . 2012-11-13 10:20 -------- d-----w- c:\program files\VideoLAN
2012-11-13 10:19 . 2012-11-13 10:19 -------- d-----w- c:\documents and settings\prckove\Local Settings\Data aplikací\Sun
2012-11-13 10:15 . 2012-11-13 10:15 -------- d-----w- c:\program files\CCleaner
2012-11-13 10:11 . 2012-11-14 11:57 -------- d-----w- c:\documents and settings\prckove\Data aplikací\Skype
2012-11-13 10:11 . 2012-11-13 10:11 -------- d-----w- c:\program files\Common Files\Skype
2012-11-13 10:10 . 2012-11-13 10:11 -------- d-----r- c:\program files\Skype
2012-11-13 10:10 . 2012-11-13 10:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2012-11-13 10:08 . 2012-11-13 10:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 10:06 . 2012-11-13 10:06 -------- d-----w- c:\program files\7-Zip
2012-11-12 19:12 . 2012-11-12 19:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 19:12 . 2012-11-12 19:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-12 15:48 . 2012-11-12 15:48 -------- d-----w- c:\documents and settings\prckove\Data aplikací\LibreOffice
2012-11-12 15:39 . 2012-11-12 15:39 -------- d-----w- c:\windows\ShellNew
2012-11-12 15:32 . 2012-11-12 15:39 -------- d-----w- c:\program files\LibreOffice 3.6
2012-11-07 13:37 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-11-07 13:37 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-11-07 13:37 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-11-07 13:37 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 02:38 . 2012-09-26 02:38 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-09-26 02:38 . 2012-09-26 02:38 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-08-28 15:18 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 12:00 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2008-04-14 08:06 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2010 19:40 717296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.11.2012 18:01 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.11.2012 18:01 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 WlanUIG;NB 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [17.12.2010 18:20 379456]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 19:12]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 15:32]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 15:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-14 13:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2012-11-14 13:17:33
ComboFix-quarantined-files.txt 2012-11-14 12:17
.
Před spuštěním: Volných bajtů: 33 933 791 232
Po spuštění: Volných bajtů: 33 933 414 400
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 281426E40FA600AD88E974D8B151837D

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
SkypeUpdate


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Airm]

ComboFix 12-11-14.01 - prckove 14.11.2012 19:17:16.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.503.249 [GMT 1:00]
Spuštěný z: c:\documents and settings\prckove\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\prckove\Plocha\CFScript.txt
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.124\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.124\goopdate.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.124\psmachine.dll
c:\program files\Google\Update\1.3.21.124\psuser.dll
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\23.0.1271.64\23.0.1271.64_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-14 do 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 17:37 . 2012-11-14 17:37 -------- d-----w- c:\documents and settings\prckove\Data aplikací\SFBot
2012-11-13 17:02 . 2012-11-13 17:02 -------- d-----w- c:\documents and settings\prckove\Data aplikací\Malwarebytes
2012-11-13 17:01 . 2012-11-13 17:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-11-13 17:01 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 17:01 . 2012-11-13 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-13 16:59 . 2012-11-14 11:52 -------- d-----w- C:\Download Opera
2012-11-13 12:02 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-13 11:49 . 2012-08-28 15:18 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-13 11:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-11-13 11:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-11-13 10:50 . 2012-11-13 10:50 388096 ----a-r- c:\documents and settings\prckove\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-13 10:50 . 2012-11-13 10:50 -------- d-----w- c:\program files\Trend Micro
2012-11-13 10:27 . 2012-11-13 10:27 -------- d-----w- c:\documents and settings\prckove\Local Settings\Data aplikací\Opera
2012-11-13 10:27 . 2012-11-13 10:27 -------- d-----w- c:\program files\Opera
2012-11-13 10:24 . 2012-11-13 10:24 -------- d-----w- c:\program files\Common Files\Java
2012-11-13 10:24 . 2012-11-13 10:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-13 10:24 . 2012-11-13 10:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-13 10:24 . 2012-11-13 10:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-13 10:23 . 2012-11-13 10:23 -------- d-----w- c:\program files\Java
2012-11-13 10:22 . 2012-11-13 10:22 -------- d-----w- c:\documents and settings\prckove\Data aplikací\vlc
2012-11-13 10:20 . 2012-11-13 10:20 -------- d-----w- c:\program files\VideoLAN
2012-11-13 10:19 . 2012-11-13 10:19 -------- d-----w- c:\documents and settings\prckove\Local Settings\Data aplikací\Sun
2012-11-13 10:15 . 2012-11-13 10:15 -------- d-----w- c:\program files\CCleaner
2012-11-13 10:11 . 2012-11-14 18:32 -------- d-----w- c:\documents and settings\prckove\Data aplikací\Skype
2012-11-13 10:11 . 2012-11-13 10:11 -------- d-----w- c:\program files\Common Files\Skype
2012-11-13 10:10 . 2012-11-14 18:24 -------- d-----r- c:\program files\Skype
2012-11-13 10:10 . 2012-11-13 10:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2012-11-13 10:08 . 2012-11-13 10:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 10:06 . 2012-11-13 10:06 -------- d-----w- c:\program files\7-Zip
2012-11-12 19:12 . 2012-11-12 19:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 19:12 . 2012-11-12 19:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-12 15:48 . 2012-11-12 15:48 -------- d-----w- c:\documents and settings\prckove\Data aplikací\LibreOffice
2012-11-12 15:39 . 2012-11-12 15:39 -------- d-----w- c:\windows\ShellNew
2012-11-12 15:32 . 2012-11-12 15:39 -------- d-----w- c:\program files\LibreOffice 3.6
2012-11-07 13:37 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-11-07 13:37 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-11-07 13:37 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-11-07 13:37 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 02:38 . 2012-09-26 02:38 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-09-26 02:38 . 2012-09-26 02:38 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-08-28 15:18 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 12:00 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2008-04-14 08:06 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2010 19:40 717296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.11.2012 18:01 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.11.2012 18:01 676936]
S3 WlanUIG;NB 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [17.12.2010 18:20 379456]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 19:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-14 19:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(816)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-11-14 19:35:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-14 18:35
ComboFix2.txt 2012-11-14 12:17
.
Před spuštěním: Volných bajtů: 33 831 112 704
Po spuštění: Volných bajtů: 33 748 013 056
.
- - End Of File - - B871E6FB8C700FCDCAB9442F3F067118

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[Airm]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:44, on 15.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

--
End of file - 3684 bytes

[Airm]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:44, on 15.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

--
End of file - 3684 bytes

[Airm]

Všechny internetové prohlížeče pořád padají ... třeba u Opery to dokonce píše "Another user is running this copy of Opera. You should install Opera with individual profiles to allow multiple users to run the same copy independently." což absolutně nechápu ... více účtu nepoužívám jenom s síti ale to přeči nemá vliv na to když na jednom PC používám Operu a na druhém pc taky.