Prosím o kontrolu - někdy se restartuje PC

[ultrakb]

Subelt jsem odinstaloval pomocí programu Appremover, tak nevím, kde je problém. Používám Comodo a Microsoft Security Essentials. Nabyl jsem dojmu, že Comodo mám jako firewall a MSE jako antivir plus antispy, tak teď jsem z toho mimo i já.

[chodnik74]

MSE s comodo pojede v klidu. Ty SP by se hádat neměli. Defense+ lze popřípadě vypnout v comodu Tam je nějaký zbytek v registrech, takže stačí, když do scriptu zahrneš:

FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

což je zbytkový záznam v centru zabezpečení.

[Mc_Murphy]

OK, zkusíme to takhle. Nějaké drivery od Sunbeltu jsem ještě našel, tak to ve scriptu všechno odpálím natvrdo.


Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

• Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
• Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

SecCenter::
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
{82B1150E-9B37-49FC-83EB-D52197D900D0}

Folder::
c:\program files\Sunbelt Software
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=-
"Persistence"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

Driver::
SbPF.Launcher
SBFWIMCL
gupdate
SPF4
AdobeFlashPlayerUpdateSvc
gupdatem

File::
c:\windows\system32\drivers\SbFwIm.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
c:\windows\Tasks\MpIdleTask.job

DDS::
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:?body=http%3A%2F%2Fwww.stesti.cz%2Fmsg_show.php%3Fid%3D378%26first%3D0&subject=%C4%8Cten%C3%AD%20vzkazu%20%7C%20seznamka%20%C5%A1t%C4%9Bst%C3%AD.cz

Firefox::
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search

ClearJavaCache::

AtJob::

Reboot::

• Ulož vytvořený TXT jako CFScript.txt
• Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
  
• Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

[ultrakb]

ComboFix 12-06-05.04 - Petr 06.06.2012 14:38:44.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.607 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *Disabled/Updated* {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\SbFwIm.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job"
"c:\windows\Tasks\MpIdleTask.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Sunbelt Software
c:\program files\Sunbelt Software\Personal Firewall\boost_regex-vc71-mt-1_33_1.dll
c:\program files\Sunbelt Software\Personal Firewall\cfgconv.exe
c:\program files\Sunbelt Software\Personal Firewall\Config\charts.dat
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\attack-responses.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\backdoor.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\bad-traffic.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\ddos.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\dos.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\icmp.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\misc.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\netbios.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\rules.idx
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\scan.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\sunbelt.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\spf.cfg
c:\program files\Sunbelt Software\Personal Firewall\Config\spf.cfg.bak
c:\program files\Sunbelt Software\Personal Firewall\Config\update.cfg
c:\program files\Sunbelt Software\Personal Firewall\curllib.dll
c:\program files\Sunbelt Software\Personal Firewall\DbgHelp\dbghelp.dll
c:\program files\Sunbelt Software\Personal Firewall\kticonv.dll
c:\program files\Sunbelt Software\Personal Firewall\libeay32.dll
c:\program files\Sunbelt Software\Personal Firewall\Logs\debug.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\debug.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\error.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\error.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\hips.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\hips.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\ids.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\ids.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\network.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\network.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.001
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.002
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.003
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.004
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.005
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.001
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.002
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.003
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.004
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.005
c:\program files\Sunbelt Software\Personal Firewall\Logs\sbhips.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\system.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\system.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\warning.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\warning.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\web.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\web.log.idx
c:\program files\Sunbelt Software\Personal Firewall\mfc71.dll
c:\program files\Sunbelt Software\Personal Firewall\mfc71u.dll
c:\program files\Sunbelt Software\Personal Firewall\msvcp71.dll
c:\program files\Sunbelt Software\Personal Firewall\msvcr71.dll
c:\program files\Sunbelt Software\Personal Firewall\PocoExt.dll
c:\program files\Sunbelt Software\Personal Firewall\PocoFoundation.dll
c:\program files\Sunbelt Software\Personal Firewall\PocoNet.dll
c:\program files\Sunbelt Software\Personal Firewall\PocoUtil.dll
c:\program files\Sunbelt Software\Personal Firewall\PocoXML.dll
c:\program files\Sunbelt Software\Personal Firewall\Readme.txt
c:\program files\Sunbelt Software\Personal Firewall\SbErrRpt.exe
c:\program files\Sunbelt Software\Personal Firewall\SbFw.dll
c:\program files\Sunbelt Software\Personal Firewall\SbFwe.dll
c:\program files\Sunbelt Software\Personal Firewall\SbFwIm.dll
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFWsc.dll
c:\program files\Sunbelt Software\Personal Firewall\SDK_Inst.exe
c:\program files\Sunbelt Software\Personal Firewall\spf4-en.chm
c:\program files\Sunbelt Software\Personal Firewall\ssleay32.dll
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_cz.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_de.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_en.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_es.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_fi.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_fr.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_hr.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_hu.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_it.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_nl.klf
c:\program files\Sunbelt Software\Personal Firewall\Trans\Spf4_pl.klf
c:\program files\Sunbelt Software\Personal Firewall\w2k\drivers\i386\sbfw.sys
c:\program files\Sunbelt Software\Personal Firewall\w2k\drivers\i386\SbFwIm.sys
c:\program files\Sunbelt Software\Personal Firewall\w2k\drivers\sbfwim.inf
c:\program files\Sunbelt Software\Personal Firewall\w2k\drivers\sbfwim_m.inf
c:\program files\Sunbelt Software\Personal Firewall\wxp\drivers\i386\SbFwIm.sys
c:\program files\Sunbelt Software\Personal Firewall\wxp\drivers\sbfwim.cat
c:\program files\Sunbelt Software\Personal Firewall\wxp\drivers\sbfwim.inf
c:\program files\Sunbelt Software\Personal Firewall\wxp\drivers\sbfwim_m.inf
c:\program files\Sunbelt Software\Personal Firewall\zlibwapi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ADOBEFLASHPLAYERUPDATESVC
-------\Legacy_GUPDATE
-------\Legacy_SBPF.LAUNCHER
-------\Legacy_SPF4
-------\Service_AdobeFlashPlayerUpdateSvc
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SBFWIMCL
-------\Service_SbPF.Launcher
-------\Service_SPF4
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-06 do 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 04:54 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{173D1F53-378E-4C79-91B5-AF55F56A93F0}\mpengine.dll
2012-06-05 15:32 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-05 14:17 . 2012-06-05 14:17 -------- d-----w- C:\_OTM
2012-06-02 12:13 . 2012-06-02 12:13 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\GHISLER
2012-06-02 11:47 . 2012-06-02 11:47 -------- d-----w- c:\documents and settings\Petr\Data aplikací\GHISLER
2012-06-01 12:35 . 2012-06-01 12:36 -------- d-----w- c:\program files\trend micro
2012-06-01 12:35 . 2012-06-01 12:36 -------- d-----w- C:\rsit
2012-06-01 12:24 . 2012-06-01 12:24 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Pointstone
2012-06-01 12:17 . 2012-06-01 12:17 -------- d-----w- c:\program files\Pointstone
2012-06-01 12:13 . 2012-06-01 12:13 -------- d-----w- c:\documents and settings\Petr\EurekaLog
2012-06-01 11:46 . 2012-06-01 12:17 -------- d-----w- c:\program files\Common Files\Pointstone
2012-05-28 18:26 . 2012-05-28 18:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PrevxCSI
2012-05-25 16:33 . 2012-05-25 16:33 -------- d--h--r- c:\documents and settings\Petr\Data aplikací\SecuROM
2012-05-25 13:56 . 2012-05-28 08:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-05-16 17:28 . 2012-05-16 17:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-16 17:28 . 2012-05-16 17:28 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-16 17:28 . 2012-05-16 17:28 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2010-05-04 11:38 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-05 08:54 . 2012-05-05 08:55 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-05-05 08:54 . 2012-05-05 08:54 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-05-05 08:06 . 2012-03-30 12:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 08:06 . 2011-05-15 12:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 08:06 . 2012-03-30 13:06 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:55 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2010-05-04 11:38 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2008-04-14 08:06 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-20 18:44 . 2011-04-18 11:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-11 21:13 . 2011-06-30 07:38 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-06-30 07:38 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-06-30 07:38 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-06-30 07:38 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-27 04:01 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-06-30 07:37 301224 ----a-w- c:\windows\system32\guard32.dll
2012-05-16 17:28 . 2011-03-27 08:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gizmo.lnk]
backup=c:\windows\pss\Gizmo.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [30.6.2011 9:38 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30.6.2011 9:38 31704]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [26.5.2011 5:43 154424]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [4.5.2010 13:39 312400]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [4.5.2010 5:39 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.5.2010 13:39 60456]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5.3.2011 18:52 47360]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [17.1.2011 17:20 3221120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.5.2010 5:22 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [4.5.2010 5:25 108752]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [16.5.2012 19:28 129976]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4.5.2010 13:38 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:06]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-31 16:55]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-31 16:55]
.
2012-06-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-06-06 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Petr\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google...
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{4289970B-8781-46BA-8EFE-292DA39CFA5E}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F29436D6-9FB3-4E02-8819-4C6128E1D037}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-06 14:50
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1928)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
.
- - - - - - - > 'csrss.exe'(700)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-06-06 14:55:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-06 12:55
ComboFix2.txt 2012-06-05 15:29
.
Před spuštěním: Volných bajtů: 37 754 093 568
Po spuštění: Volných bajtů: 37 619 814 400
.
- - End Of File - - F5BA80CE57BCA805B2B99191A524407A

[Mc_Murphy]

Jak se teď chová počítač?

Hoď mi sem aktuální log ze RSITu.

[ultrakb]

Vypadá to, že je klid.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2012-06-06 15:10:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (25%) free of 141 GB
Total RAM: 1013 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:11:23, on 6.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Petr\Plocha\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll__PointstoneDisabled (file missing)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Petr\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6886.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4289970B-8781-46BA-8EFE-292DA39CFA5E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29436D6-9FB3-4E02-8819-4C6128E1D037}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

--
End of file - 7607 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.9]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\
battlefieldplay4free@ea.com
cs@dictionaries.addons.mozilla.org
de-DE@dictionaries.addons.mozilla.org
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\searchplugins\
conduit.xml
daemon-search.xml
hellspy.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-11-16 173592]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-03-12 19521056]
"AzMixerSel"=C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2009-12-11 59936]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-04-08 908368]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gizmo.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-11-11 205312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIV3"=DivXc32.dll
"VIDC.DIV4"=DivXc32f.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.DIVX"=DivX.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-06-06 14:55:49 ----A---- C:\ComboFix.txt
2012-06-06 14:47:57 ----D---- C:\WINDOWS\temp
2012-06-05 16:17:47 ----D---- C:\_OTM
2012-06-04 09:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-06-03 17:36:06 ----A---- C:\Boot.bak
2012-06-03 17:35:59 ----RASHD---- C:\cmdcons
2012-06-03 17:31:47 ----A---- C:\WINDOWS\zip.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\SWSC.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\SWREG.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\sed.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\PEV.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\NIRCMD.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\MBR.exe
2012-06-03 17:31:47 ----A---- C:\WINDOWS\grep.exe
2012-06-03 17:31:23 ----D---- C:\WINDOWS\ERDNT
2012-06-03 17:24:48 ----D---- C:\Qoobox
2012-06-02 13:47:48 ----D---- C:\Documents and Settings\Petr\Data aplikací\GHISLER
2012-06-02 12:01:56 ----ASH---- C:\hiberfil.sys
2012-06-01 14:35:21 ----D---- C:\Program Files\trend micro
2012-06-01 14:35:20 ----D---- C:\rsit
2012-06-01 14:24:14 ----D---- C:\Documents and Settings\Petr\Data aplikací\Pointstone
2012-06-01 14:17:37 ----D---- C:\Program Files\Pointstone
2012-06-01 13:46:14 ----D---- C:\Program Files\Common Files\Pointstone
2012-05-28 20:26:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2012-05-28 20:26:38 ----A---- C:\WINDOWS\wininit.ini
2012-05-25 18:33:22 ----RHD---- C:\Documents and Settings\Petr\Data aplikací\SecuROM
2012-05-25 15:56:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-05-16 20:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-05-16 19:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-05-16 19:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$
2012-05-16 19:28:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-05-16 19:28:27 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-05-16 19:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$

======List of files/folders modified in the last 1 month======

2012-06-06 15:00:40 ----SHD---- C:\WINDOWS\Installer
2012-06-06 14:59:57 ----SD---- C:\WINDOWS\Tasks
2012-06-06 14:56:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2012-06-06 14:55:53 ----D---- C:\WINDOWS\system32\drivers
2012-06-06 14:51:10 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-06 14:50:32 ----D---- C:\WINDOWS
2012-06-06 14:50:32 ----A---- C:\WINDOWS\system.ini
2012-06-06 14:50:09 ----D---- C:\WINDOWS\system32\drivers\etc
2012-06-06 14:48:24 ----D---- C:\WINDOWS\system32\config
2012-06-06 14:47:25 ----RD---- C:\Program Files
2012-06-06 14:43:22 ----D---- C:\WINDOWS\AppPatch
2012-06-06 14:43:22 ----AD---- C:\WINDOWS\system32
2012-06-06 14:43:19 ----D---- C:\Program Files\Common Files
2012-06-06 14:36:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-06 13:38:33 ----D---- C:\Program Files\Mozilla Firefox
2012-06-05 16:20:09 ----D---- C:\WINDOWS\system32\Restore
2012-06-05 14:16:30 ----D---- C:\WINDOWS\Minidump
2012-06-04 21:58:51 ----D---- C:\Documents and Settings\Petr\Data aplikací\Vso
2012-06-04 19:23:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-04 19:22:21 ----D---- C:\WINDOWS\system32\CatRoot
2012-06-04 19:21:28 ----HD---- C:\WINDOWS\inf
2012-06-04 09:31:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-04 09:23:49 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-03 17:36:06 ----RASH---- C:\boot.ini
2012-06-02 14:31:19 ----D---- C:\oldies
2012-06-01 14:26:33 ----D---- C:\WINDOWS\system32\NtmsData
2012-06-01 13:41:24 ----D---- C:\tel ilonky
2012-06-01 13:37:34 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-01 13:22:52 ----D---- C:\Program Files\CCleaner
2012-06-01 13:16:58 ----D---- C:\WINDOWS\Debug
2012-06-01 11:45:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-06-01 11:41:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-06-01 11:41:40 ----D---- C:\WINDOWS\system32\drivers\UMDF
2012-05-31 15:22:06 ----A---- C:\WINDOWS\system32\crypt32.dll
2012-05-25 18:29:09 ----D---- C:\Program Files\Sports Interactive
2012-05-25 15:36:59 ----D---- C:\ZALOHA
2012-05-25 15:07:20 ----RSD---- C:\WINDOWS\assembly
2012-05-25 15:07:20 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-25 12:35:39 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-16 20:04:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-05-16 20:03:24 ----D---- C:\WINDOWS\WinSxS
2012-05-16 20:01:02 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-16 19:53:17 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-16 19:21:01 ----D---- C:\WINDOWS\Prefetch
2012-05-16 19:20:35 ----A---- C:\WINDOWS\win.ini
2012-05-16 19:14:28 ----D---- C:\i386

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2009-06-04 330264]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-04-17 431672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2010-04-01 2703032]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2004-11-29 1337850]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-11-11 1751424]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-03-12 5867040]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2010-03-04 60456]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2011-03-05 47360]
R3 S6000KNT;S6000KNT_WebCam Driver; C:\WINDOWS\System32\Drivers\S6000KNT.sys [2010-05-14 3221120]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2010-02-05 242992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a1eupkk6;a1eupkk6; C:\WINDOWS\system32\drivers\a1eupkk6.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-11-29 399616]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-11-29 30299]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-11-29 55320]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EUCR;EUCR; C:\WINDOWS\system32\DRIVERS\EUCR6SK.SYS [2010-03-02 108752]
S3 mbr;mbr; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-11-29 254007]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-16 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Mc_Murphy]

OK, ještě tam trocha bordelu visí, tak promažeme.


Takže teď fixni v HJT níže uvedené položky.

• Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
• Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
• Položky, které v seznamu nenajdeš, prostě přeskoč.
• HJT najdeš zde: C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


Dále stáhni utilitu OTM z jednoho z těchto odkazů:

• http://oldtimer.geekstogo.com/OTM.exe
• http://oldtimer.geekstogo.com/OTM.com
• http://oldtimer.geekstogo.com/OTM.scr

Ulož ji na Plochu a dvojklikem spusť.

Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[ClearAllRestorePoints]
[ResetHosts]
[Purity]
[EmptyTemp]
[EmptyFlash]

:Services
StarWindServiceAE
catchme

:Files
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\searchplugins\conduit.xml
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\searchplugins\daemon-search.xml
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\searchplugins\hellspy.xml
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gizmo.lnk]

Nyní klikni na tlačítko [MoveIt!], čímž vše spustíš.
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\

[ultrakb]

Tak schválně

All processes killed
========== COMMANDS ==========

Restore points cleared and new OTM Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 1710 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Petr
->Temp folder emptied: 462 bytes
->Temporary Internet Files folder emptied: 64293 bytes
->FireFox cache emptied: 43974099 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1540 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Petr
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service StarWindServiceAE stopped successfully!
Service StarWindServiceAE deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
========== FILES ==========
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy folder moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job moved successfully.
C:\WINDOWS\tasks\MpIdleTask.job moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\azc6wgiz.default\searchplugins\hellspy.xml moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gizmo.lnk\ deleted successfully.

OTM by OldTimer - Version 3.1.19.0 log created on 06062012_181110

Files moved on Reboot...

Registry entries deleted on Reboot...

[Mc_Murphy]

Proč jako "tak schválně"?

OTM provedlo, co mělo. Jak je na tom počítač a co uvodní problémy? Dočistíme a budeš pokračovat s Chodníkem nebo dočistíme a hotovo?

[ultrakb]

To bylo myšleno s radostným očekáváním
Řekl bych, že i rychleji najíždí, ale hlavně už se neobjevuje modrá obrazovka a nepadá. Pokud je nutné ještě pokračovat, tak s Chodnikem pokračovat budu, to už nechám na vás chlapi.

[Mc_Murphy]

OK, super, to rád slyším, že to šlape.
Tak hele, uděláme to tak, že po sobě uklidím a pokud bude potřeba pokračovat, tak se ozveš nebo jestli má něco v plánu ještě Chodník, tak se ozve on, jo?


Takže nejprve odinstalujeme ComboFix.

• Přejmenuj ComboFix na Uninstall.
• Spusť jej.

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stáhni a spusť.
• Pro potvrzení volby mačkej A, Enter.
• Po použití utilitu smaž.
• Antiviry mohou tuto utilitu chybně označit jako vir - jedná se o falešný poplach - takže v pohodě stáhni (případně vypni při stahování antivir)!

A pak ještě zbytek...

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stáhni a spusť.
• Klikni na CleanUp a potvrď YES.
• Program uklidí a může (nemusí) restartovat PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stáhni a spusť.
• Klikni na Start a potvrď OK.
• Program uklidí a může (nemusí) restartovat PC.
• Po použití utilitu smaž.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

• Panel čistič
• Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

• Panel registry
• Klikni na Hledej problémy.
• Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
• Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

• Panel nástroje
• Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.

[ultrakb]

Moc děkuji a klaním se já za profi práci mé poděkování patří i kolegovi. Vás je třeba chlapi podpořit, takže pošlu nějaké ryby na účet
Ještě jednou díky

[Mc_Murphy]

Za sebe i za kolegu moc děkuji za uznání.
Také moc děkuji jménem celého našeho týmu za nějaké ty případné kapříky v naší síti.


Takže není tedy vůbec zač a rádo se stalo. Přeji pěkný den.

[ultrakb]

Zdravím, ještě jsem si vzpomněl. Mám takový dotaz, IE je hrozně pomalý, spíše než vůbec najede trvá to hodně dlouho a když najede, tak žere strašně hodně paměti. Je to normální stav?

[Mc_Murphy]

Zdravím, ještě jsem si vzpomněl. Mám takový dotaz, IE je hrozně pomalý, spíše než vůbec najede trvá to hodně dlouho a když najede, tak žere strašně hodně paměti. Je to normální stav?

Obávám se, že u IE ano.

Já ho pro jistotu vůbec nepoužívám, takže Ti nějak moc s nastavením neporadím, ale zkus vyčistit historii procházení, vymazat cache prohlížeče a pohrát si s nastaveními.
Osobně bych Ti ale doporučil spíše přejít na jiný prohlížeč, napříklat Google Chrome, Opera či Mozilla Firefox.