Moc prosím o kontrolu Vyřešeno

[zdenka.zv]

20:33:24.0742 8036 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:33:24.0758 8036 odserv - ok
20:33:24.0804 8036 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:33:24.0804 8036 ohci1394 - ok
20:33:24.0882 8036 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:24.0898 8036 ose - ok
20:33:24.0945 8036 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:33:24.0960 8036 p2pimsvc - ok
20:33:24.0976 8036 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:33:25.0007 8036 p2psvc - ok
20:33:25.0038 8036 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:33:25.0038 8036 Parport - ok
20:33:25.0070 8036 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:33:25.0085 8036 partmgr - ok
20:33:25.0101 8036 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:33:25.0101 8036 Parvdm - ok
20:33:25.0116 8036 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:33:25.0132 8036 PcaSvc - ok
20:33:25.0148 8036 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:33:25.0163 8036 pci - ok
20:33:25.0163 8036 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:33:25.0179 8036 pciide - ok
20:33:25.0194 8036 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:33:25.0210 8036 pcmcia - ok
20:33:25.0226 8036 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:33:25.0226 8036 pcw - ok
20:33:25.0272 8036 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:33:25.0304 8036 PEAUTH - ok
20:33:25.0366 8036 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:33:25.0413 8036 PeerDistSvc - ok
20:33:25.0460 8036 [ B27F1DF5ABC5240480D4D2D9666867A5 ] PersonalSecureDrive C:\Windows\System32\drivers\psd.sys
20:33:25.0475 8036 PersonalSecureDrive - ok
20:33:25.0491 8036 [ 0AED704097BA683113CF08E8AD37723B ] PersonalSecureDriveService C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
20:33:25.0491 8036 PersonalSecureDriveService - ok
20:33:25.0553 8036 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:33:25.0616 8036 pla - ok
20:33:25.0694 8036 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:33:25.0725 8036 PlugPlay - ok
20:33:25.0740 8036 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:33:25.0756 8036 PNRPAutoReg - ok
20:33:25.0818 8036 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:33:25.0834 8036 PNRPsvc - ok
20:33:25.0865 8036 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:33:25.0881 8036 PolicyAgent - ok
20:33:25.0912 8036 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:33:25.0912 8036 Power - ok
20:33:25.0943 8036 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:33:25.0943 8036 PptpMiniport - ok
20:33:25.0974 8036 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:33:25.0990 8036 Processor - ok
20:33:26.0021 8036 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:33:26.0037 8036 ProfSvc - ok
20:33:26.0052 8036 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:33:26.0068 8036 ProtectedStorage - ok
20:33:26.0084 8036 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:33:26.0084 8036 Psched - ok
20:33:26.0146 8036 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:33:26.0193 8036 ql2300 - ok
20:33:26.0208 8036 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:33:26.0224 8036 ql40xx - ok
20:33:26.0255 8036 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:33:26.0255 8036 QWAVE - ok
20:33:26.0286 8036 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:33:26.0286 8036 QWAVEdrv - ok
20:33:26.0302 8036 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:33:26.0302 8036 RasAcd - ok
20:33:26.0333 8036 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:33:26.0333 8036 RasAgileVpn - ok
20:33:26.0349 8036 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:33:26.0364 8036 RasAuto - ok
20:33:26.0380 8036 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:33:26.0380 8036 Rasl2tp - ok
20:33:26.0411 8036 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:33:26.0427 8036 RasMan - ok
20:33:26.0427 8036 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:33:26.0442 8036 RasPppoe - ok
20:33:26.0442 8036 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:33:26.0458 8036 RasSstp - ok
20:33:26.0474 8036 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:33:26.0489 8036 rdbss - ok
20:33:26.0505 8036 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:33:26.0505 8036 rdpbus - ok
20:33:26.0520 8036 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:33:26.0520 8036 RDPCDD - ok
20:33:26.0552 8036 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:33:26.0552 8036 RDPDR - ok
20:33:26.0567 8036 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:33:26.0583 8036 RDPENCDD - ok
20:33:26.0583 8036 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:33:26.0583 8036 RDPREFMP - ok
20:33:26.0630 8036 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:33:26.0630 8036 RDPWD - ok
20:33:26.0661 8036 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:33:26.0676 8036 rdyboost - ok
20:33:26.0723 8036 [ 7AFCBE32616E08D45E4EAADB0A1DD5CF ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:33:26.0754 8036 RegSrvc - ok
20:33:26.0770 8036 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:33:26.0786 8036 RemoteAccess - ok
20:33:26.0817 8036 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:33:26.0832 8036 RemoteRegistry - ok
20:33:26.0864 8036 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:33:26.0879 8036 RFCOMM - ok
20:33:27.0035 8036 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:33:27.0051 8036 RichVideo - ok
20:33:27.0066 8036 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:33:27.0066 8036 RpcEptMapper - ok
20:33:27.0098 8036 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:33:27.0098 8036 RpcLocator - ok
20:33:27.0129 8036 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:33:27.0144 8036 RpcSs - ok
20:33:27.0176 8036 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:33:27.0176 8036 rspndr - ok
20:33:27.0207 8036 [ 9BB0009C4822BF6AF4C903EEA1332E2E ] RsvLock C:\Windows\system32\drivers\RsvLock.sys
20:33:27.0222 8036 RsvLock - ok
20:33:27.0254 8036 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:33:27.0254 8036 s3cap - ok
20:33:27.0285 8036 [ C9E02C8CDEA1230729EE0E0F683428C3 ] SafeBoot C:\Windows\system32\drivers\SafeBoot.sys
20:33:27.0285 8036 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: C9E02C8CDEA1230729EE0E0F683428C3
20:33:27.0285 8036 SafeBoot ( LockedFile.Multi.Generic ) - warning
20:33:27.0285 8036 SafeBoot - detected LockedFile.Multi.Generic (1)
20:33:27.0300 8036 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:33:27.0300 8036 SamSs - ok
20:33:27.0316 8036 [ 227D5EA7301B6286B18660D83AE066A9 ] SbAlg C:\Windows\system32\drivers\SbAlg.sys
20:33:27.0332 8036 SbAlg - ok
20:33:27.0363 8036 [ 3BE51C4A8F7489B6758033DEBD2BCE6E ] SbFsLock C:\Windows\system32\drivers\SbFsLock.sys
20:33:27.0363 8036 SbFsLock - ok
20:33:27.0410 8036 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:33:27.0410 8036 sbp2port - ok
20:33:27.0488 8036 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:33:27.0503 8036 SCardSvr - ok
20:33:27.0534 8036 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:33:27.0534 8036 scfilter - ok
20:33:27.0581 8036 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:33:27.0612 8036 Schedule - ok
20:33:27.0644 8036 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:33:27.0659 8036 SCPolicySvc - ok
20:33:27.0675 8036 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:33:27.0690 8036 SDRSVC - ok
20:33:27.0722 8036 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:33:27.0722 8036 secdrv - ok
20:33:27.0753 8036 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:33:27.0768 8036 seclogon - ok
20:33:27.0784 8036 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:33:27.0800 8036 SENS - ok
20:33:27.0831 8036 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:33:27.0831 8036 SensrSvc - ok
20:33:27.0846 8036 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:33:27.0846 8036 Serenum - ok
20:33:27.0878 8036 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:33:27.0878 8036 Serial - ok
20:33:27.0909 8036 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:33:27.0924 8036 sermouse - ok
20:33:27.0971 8036 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:33:27.0987 8036 SessionEnv - ok
20:33:28.0002 8036 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:33:28.0002 8036 sffdisk - ok
20:33:28.0018 8036 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:33:28.0018 8036 sffp_mmc - ok
20:33:28.0034 8036 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:33:28.0034 8036 sffp_sd - ok
20:33:28.0065 8036 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:33:28.0065 8036 sfloppy - ok
20:33:28.0096 8036 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:33:28.0112 8036 SharedAccess - ok
20:33:28.0143 8036 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:33:28.0158 8036 ShellHWDetection - ok
20:33:28.0190 8036 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:33:28.0190 8036 sisagp - ok
20:33:28.0221 8036 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:33:28.0221 8036 SiSRaid2 - ok
20:33:28.0252 8036 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:33:28.0252 8036 SiSRaid4 - ok
20:33:28.0314 8036 [ 63A8BC2EF084BA9F1DE28DAC078DA7B3 ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
20:33:28.0314 8036 SMARTMouseFilterx86 - ok
20:33:28.0377 8036 [ D1BED532D69788E3EE646FCF20E66561 ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
20:33:28.0377 8036 SMARTVHidMini2000x86 - ok
20:33:28.0392 8036 [ 2E8B61503AB9B4E29593A4BAEBA1BD81 ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
20:33:28.0408 8036 SMARTVTabletPCx86 - ok
20:33:28.0439 8036 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:33:28.0455 8036 Smb - ok
20:33:28.0486 8036 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:33:28.0502 8036 SNMPTRAP - ok
20:33:28.0564 8036 [ 44EDD50D218EF1CF76FBF9B9FC58F79D ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:33:28.0626 8036 SNP2UVC - ok
20:33:28.0642 8036 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:33:28.0642 8036 spldr - ok
20:33:28.0673 8036 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:33:28.0673 8036 Spooler - ok
20:33:28.0751 8036 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:33:28.0814 8036 sppsvc - ok
20:33:28.0845 8036 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:33:28.0845 8036 sppuinotify - ok
20:33:28.0892 8036 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:33:28.0892 8036 srv - ok
20:33:28.0923 8036 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:33:28.0923 8036 srv2 - ok
20:33:28.0938 8036 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:33:28.0954 8036 srvnet - ok
20:33:28.0985 8036 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:33:29.0001 8036 SSDPSRV - ok
20:33:29.0016 8036 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:33:29.0032 8036 SstpSvc - ok
20:33:29.0063 8036 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:33:29.0079 8036 stexstor - ok
20:33:29.0110 8036 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:33:29.0126 8036 StiSvc - ok
20:33:29.0141 8036 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:33:29.0157 8036 storflt - ok
20:33:29.0188 8036 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:33:29.0188 8036 StorSvc - ok
20:33:29.0219 8036 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:33:29.0235 8036 storvsc - ok
20:33:29.0250 8036 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:33:29.0250 8036 swenum - ok
20:33:29.0266 8036 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:33:29.0282 8036 swprv - ok
20:33:29.0344 8036 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:33:29.0391 8036 SynTP - ok
20:33:29.0422 8036 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:33:29.0453 8036 SysMain - ok
20:33:29.0469 8036 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:33:29.0484 8036 TabletInputService - ok
20:33:29.0500 8036 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:33:29.0516 8036 TapiSrv - ok
20:33:29.0531 8036 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:33:29.0531 8036 TBS - ok
20:33:29.0578 8036 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:33:29.0609 8036 Tcpip - ok
20:33:29.0656 8036 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:33:29.0656 8036 TCPIP6 - ok
20:33:29.0687 8036 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:33:29.0687 8036 tcpipreg - ok
20:33:29.0718 8036 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:33:29.0718 8036 TDPIPE - ok
20:33:29.0734 8036 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:33:29.0734 8036 TDTCP - ok
20:33:29.0765 8036 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:33:29.0781 8036 tdx - ok
20:33:29.0796 8036 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:33:29.0796 8036 TermDD - ok
20:33:29.0828 8036 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:33:29.0843 8036 TermService - ok
20:33:29.0874 8036 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:33:29.0874 8036 Themes - ok
20:33:29.0890 8036 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:33:29.0890 8036 THREADORDER - ok
20:33:29.0906 8036 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
20:33:29.0921 8036 TPM - ok
20:33:29.0952 8036 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:33:29.0952 8036 TrkWks - ok
20:33:29.0984 8036 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:33:29.0999 8036 TrustedInstaller - ok
20:33:30.0015 8036 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:33:30.0015 8036 tssecsrv - ok
20:33:30.0030 8036 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:33:30.0046 8036 TsUsbFlt - ok
20:33:30.0077 8036 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:33:30.0077 8036 tunnel - ok
20:33:30.0108 8036 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:33:30.0108 8036 uagp35 - ok
20:33:30.0140 8036 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:33:30.0140 8036 udfs - ok
20:33:30.0171 8036 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:33:30.0171 8036 UI0Detect - ok
20:33:30.0233 8036 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:33:30.0233 8036 uliagpkx - ok
20:33:30.0280 8036 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:33:30.0280 8036 umbus - ok
20:33:30.0296 8036 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:33:30.0311 8036 UmPass - ok
20:33:30.0327 8036 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:33:30.0358 8036 UmRdpService - ok
20:33:30.0374 8036 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:33:30.0405 8036 upnphost - ok
20:33:30.0420 8036 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:33:30.0420 8036 usbccgp - ok
20:33:30.0452 8036 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:33:30.0452 8036 usbcir - ok
20:33:30.0483 8036 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:33:30.0483 8036 usbehci - ok
20:33:30.0498 8036 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:33:30.0530 8036 usbhub - ok
20:33:30.0545 8036 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:33:30.0545 8036 usbohci - ok
20:33:30.0576 8036 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:33:30.0576 8036 usbprint - ok
20:33:30.0623 8036 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:33:30.0623 8036 usbscan - ok
20:33:30.0639 8036 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:33:30.0654 8036 USBSTOR - ok
20:33:30.0670 8036 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:33:30.0670 8036 usbuhci - ok
20:33:30.0717 8036 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:33:30.0717 8036 usbvideo - ok
20:33:30.0748 8036 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:33:30.0764 8036 UxSms - ok
20:33:30.0779 8036 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:33:30.0795 8036 VaultSvc - ok
20:33:30.0810 8036 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:33:30.0826 8036 vdrvroot - ok
20:33:30.0857 8036 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:33:30.0888 8036 vds - ok
20:33:30.0904 8036 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:33:30.0920 8036 vga - ok
20:33:30.0935 8036 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:33:30.0935 8036 VgaSave - ok
20:33:30.0966 8036 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:33:30.0982 8036 vhdmp - ok
20:33:31.0013 8036 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:33:31.0029 8036 viaagp - ok
20:33:31.0029 8036 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:33:31.0044 8036 ViaC7 - ok
20:33:31.0060 8036 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:33:31.0060 8036 viaide - ok
20:33:31.0076 8036 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:33:31.0091 8036 vmbus - ok
20:33:31.0107 8036 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:33:31.0122 8036 VMBusHID - ok
20:33:31.0185 8036 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:33:31.0232 8036 volmgr - ok
20:33:31.0294 8036 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:33:31.0388 8036 volmgrx - ok
20:33:31.0419 8036 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:33:31.0434 8036 volsnap - ok
20:33:31.0466 8036 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:33:31.0481 8036 vsmraid - ok
20:33:31.0528 8036 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:33:31.0575 8036 VSS - ok
20:33:31.0590 8036 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:33:31.0606 8036 vwifibus - ok
20:33:31.0622 8036 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:33:31.0622 8036 vwififlt - ok
20:33:31.0668 8036 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:33:31.0668 8036 vwifimp - ok
20:33:31.0715 8036 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:33:31.0731 8036 W32Time - ok
20:33:31.0762 8036 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:33:31.0762 8036 WacomPen - ok
20:33:31.0793 8036 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:33:31.0809 8036 WANARP - ok
20:33:31.0809 8036 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:33:31.0809 8036 Wanarpv6 - ok
20:33:31.0887 8036 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:33:31.0934 8036 WatAdminSvc - ok
20:33:31.0996 8036 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:33:32.0043 8036 wbengine - ok
20:33:32.0090 8036 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:33:32.0105 8036 WbioSrvc - ok
20:33:32.0136 8036 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:33:32.0152 8036 wcncsvc - ok
20:33:32.0183 8036 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:33:32.0199 8036 WcsPlugInService - ok
20:33:32.0230 8036 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:33:32.0230 8036 Wd - ok
20:33:32.0261 8036 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:33:32.0277 8036 Wdf01000 - ok
20:33:32.0292 8036 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:33:32.0308 8036 WdiServiceHost - ok
20:33:32.0324 8036 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:33:32.0339 8036 WdiSystemHost - ok
20:33:32.0370 8036 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:33:32.0386 8036 WebClient - ok
20:33:32.0433 8036 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:33:32.0448 8036 Wecsvc - ok
20:33:32.0464 8036 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:33:32.0480 8036 wercplsupport - ok
20:33:32.0511 8036 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:33:32.0526 8036 WerSvc - ok
20:33:32.0558 8036 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:33:32.0558 8036 WfpLwf - ok
20:33:32.0589 8036 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:33:32.0589 8036 WIMMount - ok
20:33:32.0729 8036 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:33:32.0760 8036 WinDefend - ok
20:33:32.0776 8036 WinHttpAutoProxySvc - ok
20:33:32.0838 8036 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:33:32.0838 8036 Winmgmt - ok
20:33:32.0901 8036 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:33:32.0948 8036 WinRM - ok
20:33:32.0994 8036 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:33:33.0010 8036 Wlansvc - ok
20:33:33.0041 8036 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:33:33.0041 8036 WmiAcpi - ok
20:33:33.0072 8036 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:33:33.0072 8036 wmiApSrv - ok
20:33:33.0119 8036 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:33:33.0150 8036 WMPNetworkSvc - ok
20:33:33.0166 8036 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:33:33.0166 8036 WPCSvc - ok
20:33:33.0197 8036 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:33:33.0197 8036 WPDBusEnum - ok
20:33:33.0228 8036 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:33:33.0228 8036 ws2ifsl - ok
20:33:33.0260 8036 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:33:33.0260 8036 wscsvc - ok
20:33:33.0260 8036 WSearch - ok
20:33:33.0369 8036 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:33:33.0400 8036 wuauserv - ok
20:33:33.0416 8036 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:33:33.0431 8036 WudfPf - ok
20:33:33.0462 8036 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:33:33.0462 8036 WUDFRd - ok
20:33:33.0494 8036 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:33:33.0494 8036 wudfsvc - ok
20:33:33.0509 8036 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:33:33.0525 8036 WwanSvc - ok
20:33:33.0572 8036 [ F57CAA1163C3C0E3DA1A33929968DA1D ] xxxuhyrpibgczj c:\windows\system32\JOCEUJ~1.EXE
20:33:33.0572 8036 xxxuhyrpibgczj - ok
20:33:33.0603 8036 [ 46686FE8915BD8B2FEB3A876E367010C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:33:33.0618 8036 ZTEusbmdm6k - ok
20:33:33.0650 8036 [ 46686FE8915BD8B2FEB3A876E367010C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:33:33.0665 8036 ZTEusbnmea - ok
20:33:33.0696 8036 [ 46686FE8915BD8B2FEB3A876E367010C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:33:33.0696 8036 ZTEusbser6k - ok
20:33:33.0759 8036 ================ Scan global ===============================
20:33:33.0774 8036 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:33:33.0806 8036 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:33:33.0821 8036 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:33:33.0852 8036 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:33:33.0884 8036 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:33:33.0899 8036 [Global] - ok
20:33:33.0899 8036 ================ Scan MBR ==================================
20:33:33.0915 8036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:33:34.0196 8036 \Device\Harddisk0\DR0 - ok
20:33:34.0196 8036 ================ Scan VBR ==================================
20:33:34.0211 8036 [ 512EA357CDF663387337C4BECEDA558A ] \Device\Harddisk0\DR0\Partition1
20:33:34.0211 8036 \Device\Harddisk0\DR0\Partition1 - ok
20:33:34.0227 8036 [ CF0F09CB01D6ABFFD188D99C69908A31 ] \Device\Harddisk0\DR0\Partition2
20:33:34.0242 8036 \Device\Harddisk0\DR0\Partition2 - ok
20:33:34.0274 8036 [ 95292E10AA9E25A46143C1468C2B7C08 ] \Device\Harddisk0\DR0\Partition3
20:33:34.0274 8036 \Device\Harddisk0\DR0\Partition3 - ok
20:33:34.0289 8036 ============================================================
20:33:34.0289 8036 Scan finished
20:33:34.0289 8036 ============================================================
20:33:34.0305 7152 Detected object count: 1
20:33:34.0320 7152 Actual detected object count: 1

[Reklama]

[jaro3]

Instalovala sis sama SafeBoot?

Ten log z Combofixu dodej .

+
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[zdenka.zv]

O SafeBootu nic nevím...
Tady je ten Combofix

[zdenka.zv]

aswMBR


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-24 22:38:08
-----------------------------
22:38:08.836 OS Version: Windows 6.1.7601 Service Pack 1
22:38:08.836 Number of processors: 2 586 0x1706
22:38:08.838 ComputerName: ADMIN-NTB UserName: Admin
22:38:29.489 Initialize success
22:38:55.199 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:38:55.199 Disk 0 Vendor: ST160LT016-1AF14D 0001EXM1 Size: 152627MB BusType: 3
22:38:55.215 Disk 0 MBR read successfully
22:38:55.215 Disk 0 MBR scan
22:38:55.215 Disk 0 Windows 7 default MBR code
22:38:55.230 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:38:55.246 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150469 MB offset 206848
22:38:55.293 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 2048 MB offset 308367360
22:38:55.308 Disk 0 scanning sectors +312561664
22:38:55.371 Disk 0 scanning C:\Windows\system32\drivers
22:39:03.529 Service scanning
22:39:15.370 Service SafeBoot C:\Windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
22:39:20.643 Modules scanning
22:39:29.847 Disk 0 trace - called modules:
22:39:29.878 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:39:29.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e48ac8]
22:39:29.909 3 CLASSPNP.SYS[8320459e] -> nt!IofCallDriver -> [0x85e48020]
22:39:29.909 5 hpdskflt.sys[88e01f92] -> nt!IofCallDriver -> [0x85d74790]
22:39:29.925 7 ACPI.sys[88ac43d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85045610]
22:39:29.925 Scan finished successfully
22:39:47.537 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
22:39:47.553 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

[memphisto]

Zkopíruj ten log z Combofixu sem. Z toho PDF se to nedá číst

[zdenka.zv]

ComboFix 12-09-24.02 - Admin 24.09.2012 22:05:37.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1977.646 [GMT 2:00]
Spuštěný z: c:\users\Admin\Downloads\ComboFix.exe
AV: F-Secure Client Security 9.31 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: F-Secure Client Security 9.31 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Client Security 9.31 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-24 do 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 20:16 . 2012-09-24 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 20:06 . 2012-09-24 20:06 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C67864B5-F14F-49BA-AE5F-510BC482DB15}\offreg.dll
2012-09-24 19:57 . 2012-09-24 19:57 -------- d-----w- c:\users\Admin\AppData\Local\Broadcom
2012-09-24 18:13 . 2012-09-24 18:13 -------- d-----w- c:\users\Admin\AppData\Local\Adobe
2012-09-24 16:44 . 2012-09-24 16:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-24 16:43 . 2012-09-24 16:43 -------- d-----w- c:\programdata\Malwarebytes
2012-09-24 16:43 . 2012-09-24 16:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-24 16:43 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 07:40 . 2012-09-24 07:40 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-24 07:40 . 2012-09-24 07:40 -------- d-----w- c:\program files\Trend Micro
2012-09-22 15:37 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C67864B5-F14F-49BA-AE5F-510BC482DB15}\mpengine.dll
2012-09-18 16:27 . 2012-09-20 18:06 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc
2012-09-18 16:27 . 2012-09-18 16:27 -------- d-----w- c:\program files\VideoLAN
2012-09-12 13:14 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:14 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:14 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:14 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:14 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:14 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-05 07:44 . 2012-09-05 07:44 -------- d-----w- c:\program files\Common Files\Java
2012-09-05 07:43 . 2012-09-05 07:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 18:00 . 2012-09-17 14:28 -------- d-----w- c:\programdata\tmp
2012-09-04 18:00 . 2012-09-04 19:29 -------- d-----w- c:\programdata\hps
2012-09-04 17:55 . 2012-09-04 17:55 -------- d-----w- c:\program files\dm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 19:50 . 2012-05-17 12:46 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 19:50 . 2012-05-17 12:46 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 07:43 . 2012-05-17 12:45 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 07:43 . 2012-05-17 12:45 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 18:09 . 2012-05-17 12:53 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-18 17:47 . 2012-08-18 07:32 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23 . 2012-08-18 07:47 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-18 07:32 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-18 07:32 102912 ----a-w- c:\windows\system32\browser.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-07-13 127040]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2011-03-08 1355792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2012-05-17 24832]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-05-17 1107232]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-05-17 1791272]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2012-05-17 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-02 151064]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2012-02-06 303808]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2012-02-06 1655488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2011-07-13 1761136]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2011-06-23 9800560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-5-25 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-10-07 12:59 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;Auditování/zamknutí zařízení nástroje HP ProtectTools;c:\windows\system32\flcdlock.exe [x]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [x]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [x]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 fsdevcon;F-Secure Device Control Daemon;c:\program files\F-Secure\Device Control\\fsdevcon32.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 xxxuhyrpibgczj;xxxuhyrpibgczj;c:\windows\system32\JOCEUJ~1.EXE [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s32;Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 19:50]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 08:22]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 08:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(732)
c:\windows\System32\msmunberb.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Device Control\fsdevcon32.exe
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Hewlett-Packard\IAM\bin\AsGHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\guwmbsamejxzpe\joceujai.exe
c:\program files\guwmbsamejxzpe\joceujai.exe
c:\windows\system32\conhost.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Celkový čas: 2012-09-24 22:29:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-24 20:29
.
Před spuštěním: Volných bajtů: 52 628 733 952
Po spuštění: Volných bajtů: 52 395 040 768
.
- - End Of File - - 6F6BC69ABAEFA214DE17FE3130BEA630

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Collect::
c:\program files\guwmbsamejxzpe\joceujai.exe
c:\program files\guwmbsamejxzpe\joceujai.exe
c:\windows\system32\JOCEUJ~1.EXE

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000Core.job
c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000UA.job

Folder::
c:\users\Admin\AppData\Local\Google\Update
c:\program files\guwmbsamejxzpe

Driver::
xxxuhyrpibgczj

DDS::
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\System32\msmunberb.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[zdenka.zv]

Zapomněla jsem ten odkaz zkopírovaný do poznámkového bloku označit zeleně... ... Mám to udělat znovu?


ComboFix 12-09-24.02 - Admin 25.09.2012 12:13:45.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1977.1116 [GMT 2:00]
Spuštěný z: c:\users\Admin\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Admin\Desktop\CFScript.txt
AV: F-Secure Client Security 9.31 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: F-Secure Client Security 9.31 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Client Security 9.31 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000UA.job"
.
file zipped: c:\program files\guwmbsamejxzpe\joceujai.exe
file zipped: c:\windows\system32\JOCEUJ~1.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\guwmbsamejxzpe
c:\program files\guwmbsamejxzpe\joceujai.exe
c:\program files\guwmbsamejxzpe\Log\Text\aiotxt.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09062012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09072012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09082012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09092012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09102012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09112012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09122012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09132012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09142012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09152012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09162012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09172012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09182012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09192012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09202012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09212012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09222012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09232012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09242012.dat
c:\program files\guwmbsamejxzpe\Log\Visual\09252012.dat
c:\program files\guwmbsamejxzpe\unins000.dat
c:\program files\guwmbsamejxzpe\unins000.exe
c:\users\Admin\AppData\Local\Google\Update
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_am.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_da.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_de.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_el.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_en.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_es.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_et.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_id.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_is.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_it.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_no.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_te.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_th.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\psmachine.dll
c:\users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll
c:\users\Admin\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\users\Admin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.89\21.0.1180.89_21.0.1180.83_chrome_updater.exe
c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\system32\JOCEUJ~1.EXE
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2234631203-1007188524-3168107515-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xxxuhyrpibgczj
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-25 do 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 10:31 . 2012-09-25 10:34 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-09-25 10:31 . 2012-09-25 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-25 10:17 . 2012-09-25 10:17 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BF8BA01-BCB2-4C18-A06D-537921ED847C}\offreg.dll
2012-09-25 08:01 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BF8BA01-BCB2-4C18-A06D-537921ED847C}\mpengine.dll
2012-09-24 19:57 . 2012-09-24 19:57 -------- d-----w- c:\users\Admin\AppData\Local\Broadcom
2012-09-24 18:13 . 2012-09-24 18:13 -------- d-----w- c:\users\Admin\AppData\Local\Adobe
2012-09-24 16:44 . 2012-09-24 16:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-24 16:43 . 2012-09-24 16:43 -------- d-----w- c:\programdata\Malwarebytes
2012-09-24 16:43 . 2012-09-24 16:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-24 16:43 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 07:40 . 2012-09-24 07:40 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-24 07:40 . 2012-09-24 07:40 -------- d-----w- c:\program files\Trend Micro
2012-09-18 16:27 . 2012-09-20 18:06 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc
2012-09-18 16:27 . 2012-09-18 16:27 -------- d-----w- c:\program files\VideoLAN
2012-09-12 13:14 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:14 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:14 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:14 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:14 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:14 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-05 07:44 . 2012-09-05 07:44 -------- d-----w- c:\program files\Common Files\Java
2012-09-05 07:43 . 2012-09-05 07:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 18:00 . 2012-09-17 14:28 -------- d-----w- c:\programdata\tmp
2012-09-04 18:00 . 2012-09-04 19:29 -------- d-----w- c:\programdata\hps
2012-09-04 17:55 . 2012-09-04 17:55 -------- d-----w- c:\program files\dm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 19:50 . 2012-05-17 12:46 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 19:50 . 2012-05-17 12:46 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 07:43 . 2012-05-17 12:45 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 07:43 . 2012-05-17 12:45 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 18:09 . 2012-05-17 12:53 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-18 17:47 . 2012-08-18 07:32 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23 . 2012-08-18 07:47 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-18 07:32 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-18 07:32 102912 ----a-w- c:\windows\system32\browser.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-07-13 127040]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2011-03-08 1355792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2012-05-17 24832]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-05-17 1107232]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-05-17 1791272]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2012-05-17 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-02 151064]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2012-02-06 303808]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2012-02-06 1655488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2011-07-13 1761136]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2011-06-23 9800560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-5-25 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-10-07 12:59 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Admin\AppData\Local\Temp\CFcatchme.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;Auditování/zamknutí zařízení nástroje HP ProtectTools;c:\windows\system32\flcdlock.exe [x]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [x]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [x]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 fsdevcon;F-Secure Device Control Daemon;c:\program files\F-Secure\Device Control\\fsdevcon32.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s32;Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 19:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
LSP: c:\program files\F-Secure\FSPS\program\fslsp.dll
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3120)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Device Control\fsdevcon32.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\windows\system32\taskhost.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Hewlett-Packard\IAM\bin\AsGHost.exe
c:\windows\system32\conhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\SMART Technologies\Education Software\Aware.exe
c:\program files\SMART Technologies\Education Software\Marker.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
.
**************************************************************************
.
Celkový čas: 2012-09-25 12:47:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-25 10:47
ComboFix2.txt 2012-09-24 20:29
.
Před spuštěním: Volných bajtů: 52 528 082 944
Po spuštění: Volných bajtů: 52 239 560 704
.
- - End Of File - - 654D669FCDEFF3CD2BDFDD19D4B3B94A
Nahr nˇ probŘhlo ŁspŘçnŘ

[zdenka.zv]

c:\windows\System32\msmunberb.dll
Kontrola v příloze

[zdenka.zv]

Ještě odkaz
https://www.virustotal.com/file/d6942ec ... 348570915/

[zdenka.zv]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:10:09, on 25.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Hewlett-Packard\IAM\bin\AsGHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\SMART Technologies\Education Software\Aware.exe
C:\Program Files\SMART Technologies\Education Software\Marker.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\Explorer.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] "C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SMART Board Service] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe"
O4 - HKLM\..\Run: [SMART Board Tools] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: Auditování/zamknutí zařízení nástroje HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: F-Secure Device Control Daemon (fsdevcon) - F-Secure Corporation - C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 12666 bytes

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\System32\msmunberb.dll

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Nejspíš součást keyloggeru (sledování práce počítače na dálku), má někdo přístup k Tvému PC)NB)?

Zkus:
Anti-keylogger™
10.3.1 download informatik
Stáhni si Antikeylogger z některého odkazu.
http://www.anti-keyloggers.com/download/antikey.zip
http://www.anti-keyloggers.com/download/ak_help.zip
http://www.anti-keyloggers.com/download ... aSheet.pdf