IE, FF 100% vytížení CPU

[gjfish]

Prosím o kontrolu logu, PC při otevření browseru (IE8, FF17) vytíží CPU na 100% (browser+flash) a s PC se nedá pracovat. Jinak pokud se nejde na browser, chová se normálně.


Vyčištěno: ccleaner
testnuto: Avast free, MVAW, COMBOFIX
testnutý HW: RAM - memtest - OK, HDD - hdtune - OK,

RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Zbynek at 2013-01-07 17:15:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 131 GB (86%) free of 153 GB
Total RAM: 3070 MB (83% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, DTToolbar@toolbarnet.com:1.1.4.0024, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\extensions\
DTToolbar@toolbarnet.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{20a82645-c095-46ed-80e3-08825760534b}

C:\Documents and Settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-01-30 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-28 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-28 170416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-01-30 520192]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-11-02 19580520]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\InterVideo\DVD7\WinDVD.exe"="C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"E:\Games\Empire Earth III\EE3.exe"="E:\Games\Empire Earth III\EE3.exe:*:Enabled:Empire Earth III"
"E:\Games\Age of Empires III\age3y.exe"="E:\Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"E:\Games\Age of Empires III\age3x.exe"="E:\Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2022-01-30 23:38:15 ----D---- C:\Program Files\Kerio
2013-01-07 17:15:46 ----D---- C:\Program Files\trend micro
2013-01-07 17:15:45 ----D---- C:\rsit
2012-12-28 21:53:04 ----SHD---- C:\RECYCLER
2012-12-27 15:34:41 ----D---- C:\Program Files\HD Tune
2012-12-27 14:28:26 ----A---- C:\ComboFix.txt
2012-12-27 14:00:42 ----A---- C:\WINDOWS\zip.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\SWSC.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\SWREG.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\sed.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\PEV.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\NIRCMD.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\MBR.exe
2012-12-27 14:00:42 ----A---- C:\WINDOWS\grep.exe
2012-12-27 13:59:57 ----D---- C:\Qoobox
2012-12-27 13:59:32 ----D---- C:\WINDOWS\erdnt
2012-12-27 13:47:09 ----A---- C:\WINDOWS\system32\javaws.exe
2012-12-27 13:44:34 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-12-27 13:44:34 ----A---- C:\WINDOWS\system32\javaw.exe
2012-12-27 13:44:34 ----A---- C:\WINDOWS\system32\java.exe
2012-12-27 13:41:45 ----D---- C:\Program Files\Common Files\Java
2012-12-27 13:36:36 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-27 12:43:02 ----AD---- C:\WINDOWS\VDLL.DLL
2012-12-27 12:43:02 ----AD---- C:\WINDOWS\system32\runouce.exe
2012-12-27 12:43:02 ----AD---- C:\WINDOWS\rundll16.exe
2012-12-27 12:43:02 ----AD---- C:\WINDOWS\RUNDL132.EXE
2012-12-27 12:43:02 ----AD---- C:\WINDOWS\logo1_.exe
2012-12-27 12:43:02 ----AD---- C:\WINDOWS\logo_1.exe
2012-12-27 12:23:12 ----A---- C:\WINDOWS\system32\msvcr80.dll
2012-12-27 12:23:11 ----A---- C:\WINDOWS\system32\msvcp80.dll
2012-12-27 12:23:06 ----A---- C:\WINDOWS\system32\eEmpty.exe
2012-12-27 12:23:02 ----A---- C:\WINDOWS\system32\T.COM
2012-12-27 12:23:02 ----A---- C:\WINDOWS\R.COM
2012-12-27 12:23:00 ----D---- C:\Program Files\Common Files\MicroWorld
2012-12-27 12:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2012-12-21 14:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-12 15:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-12 15:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-12 15:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-12 15:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$
2012-12-12 15:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$

======List of files/folders modified in the last 1 month======

2013-01-07 17:15:46 ----RD---- C:\Program Files
2013-01-07 17:12:43 ----D---- C:\WINDOWS\Temp
2013-01-07 17:12:13 ----D---- C:\WINDOWS\Prefetch
2013-01-07 16:55:15 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-07 16:54:44 ----D---- C:\WINDOWS
2012-12-29 10:53:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-29 10:30:05 ----D---- C:\Documents and Settings\Zbynek\Data aplikací\Skype
2012-12-27 16:00:00 ----D---- C:\Documents and Settings\Zbynek\Data aplikací\TeamViewer
2012-12-27 15:59:32 ----RSD---- C:\WINDOWS\Fonts
2012-12-27 15:58:48 ----D---- C:\Program Files\TeamViewer
2012-12-27 14:46:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-12-27 14:22:58 ----A---- C:\WINDOWS\system.ini
2012-12-27 14:22:17 ----D---- C:\WINDOWS\system32\drivers\etc
2012-12-27 14:21:08 ----D---- C:\WINDOWS\system32
2012-12-27 14:20:00 ----D---- C:\Program Files\Internet Explorer
2012-12-27 14:13:11 ----D---- C:\WINDOWS\system32\drivers
2012-12-27 14:13:10 ----D---- C:\WINDOWS\AppPatch
2012-12-27 14:12:59 ----D---- C:\Program Files\Common Files
2012-12-27 13:48:00 ----SHD---- C:\WINDOWS\Installer
2012-12-27 13:47:44 ----D---- C:\Program Files\Java
2012-12-27 13:40:42 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-12-27 13:40:42 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-12-27 13:39:43 ----D---- C:\install
2012-12-27 13:36:41 ----SD---- C:\WINDOWS\Tasks
2012-12-27 12:27:30 ----A---- C:\WINDOWS\win.ini
2012-12-27 12:23:08 ----A---- C:\WINDOWS\system32\msvcp90.dll
2012-12-27 12:23:06 ----A---- C:\WINDOWS\system32\msvcr90.dll
2012-12-27 12:15:31 ----D---- C:\Program Files\CCleaner
2012-12-27 12:13:13 ----HD---- C:\WINDOWS\inf
2012-12-21 14:08:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-21 14:07:31 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-19 13:47:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2012-12-12 22:40:14 ----D---- C:\WINDOWS\Debug
2012-12-12 15:52:42 ----D---- C:\WINDOWS\ie8updates
2012-12-12 15:50:13 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-08 19:03:32 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2009-08-28 241168]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-11-02 6188648]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Andbus;LGE Android Platform Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\WINDOWS\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\WINDOWS\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
S3 ANDModem;LGE Android Platform USB Modem; C:\WINDOWS\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
S3 catchme;catchme; \??\C:\DOCUME~1\Zbynek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PAC207;Trust WB-1200p Mini Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WLC811GPCI;802.11b WLAN PCI; C:\WINDOWS\system32\DRIVERS\WLC811G.sys [2003-08-01 50432]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-10-30 44808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-28 170408]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2011-06-20 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-02 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-02 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-06 115168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

díky

[vyosek]

Zdravim

Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

[gjfish]

jen spuštění, odinstalace + částečná čtení v logu - jen co je rezidentní, co smazal, script ne, ale log mám zachovaný

COMBOFIX
ComboFix 12-12-27.02 - Zbynek 27.12.2012 14:04:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2530 [GMT 1:00]
Spuštěný z: c:\install\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\SETDB.tmp
c:\program files\Internet Explorer\SETE0.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\SET101.tmp
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET122.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET129.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SETF6.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFB.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\taskmgr.com
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-27 do 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2022-01-30 22:38 . 2022-01-30 22:38 -------- d-----w- c:\program files\Kerio
2012-12-27 12:44 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-27 12:42 . 2012-12-27 12:42 -------- d-----w- c:\documents and settings\Zbynek\Local Settings\Data aplikací\Sun
2012-12-27 12:41 . 2012-12-27 12:41 -------- d-----w- c:\program files\Common Files\Java
2012-12-27 12:36 . 2012-12-27 12:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-27 12:36 . 2012-12-27 12:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\VDLL.DLL
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\system32\runouce.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\rundll16.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\logo1_.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\logo_1.exe
2012-12-27 11:23 . 2012-12-27 11:23 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-12-27 11:23 . 2012-12-27 11:23 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-12-27 11:23 . 2012-12-27 11:23 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-12-27 11:23 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2012-12-27 11:23 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2012-12-27 11:23 . 2012-12-27 11:23 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-12-27 11:22 . 2012-12-27 11:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-11-30 12:52 . 2012-12-02 16:17 -------- d-----w- c:\documents and settings\Zbynek\Data aplikací\.minecraft
2012-11-30 12:51 . 2012-11-30 12:51 -------- d-----w- c:\program files\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 12:40 . 2012-09-06 06:57 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-27 12:40 . 2011-01-31 20:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-27 11:23 . 2011-07-20 20:08 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-12-27 11:23 . 2011-07-20 20:08 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-12-16 12:23 . 2004-08-18 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-28 09:06 . 2012-09-06 06:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-13 11:55 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2004-08-18 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-06-14 16:57 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-01-30 19:27 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-01-30 19:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-01-30 19:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-01-30 19:27 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2011-01-30 19:27 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2011-01-30 19:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-01-30 19:27 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2011-01-30 19:26 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-01-30 19:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-06 16:22 . 2012-12-06 16:22 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"e:\\Games\\Empire Earth III\\EE3.exe"=
"e:\\Games\\Age of Empires III\\age3y.exe"=
"e:\\Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.6.2011 17:57 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.1.2011 20:27 361032]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.1.2011 20:27 21256]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.1.2011 17:58 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [20.7.2011 21:14 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [20.7.2011 21:14 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [20.7.2011 21:14 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [20.7.2011 21:14 25088]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\WLC811G.sys [30.1.2011 21:44 50432]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ADOBEFLASHPLAYERUPDATESVC
*NewlyCreated* - EROOTDRV
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - eRootDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 12:36]
.
2012-12-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-20 22:50]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-02 16:47]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-02 16:47]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - ExtSQL: !HIDDEN! 2011-01-30 22:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-27 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\docume~1\Zbynek\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2012-12-27 14:28:23
ComboFix-quarantined-files.txt 2012-12-27 13:28
.
Před spuštěním: Volných bajtů: 137 376 972 800
Po spuštění: Volných bajtů: 138 143 199 232
.
- - End Of File - - CA120DB56455F1C43A3EE7E738099961

[vyosek]

S CF se pracuje jen pokud s nim dokonale umite, neni to hracka, ale to byste mel jako vzorny navstevnik vedet, je to i v pravidlech fora

Poprosim o log z DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

[gjfish]

DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by Zbynek at 14:33:47 on 2013-01-08
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2535 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WebTransBHO Class: {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - c:\documents and settings\all users\data aplikací\langsoft\WebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: WebTranslator: {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - c:\documents and settings\all users\data aplikací\langsoft\WebIE.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\all users\data aplikací\langsoft\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\all users\data aplikací\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\all users\data aplikací\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\all users\data aplikací\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\all users\data aplikací\langsoft\WebIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296419900937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zbynek\data aplikací\mozilla\firefox\profiles\bbyfsueh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: !HIDDEN! 2011-01-30 22:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-14 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-30 361032]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-9-26 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-9-26 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-30 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-30 44808]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-27 3467768]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-18 69120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-30 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-7-20 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-7-20 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-7-20 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-7-20 25088]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [2005-2-24 162176]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\WLC811G.sys [2011-1-30 50432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2022-01-30 22:38:15 -------- d-----w- c:\program files\Kerio
2013-01-07 16:15:46 -------- d-----w- c:\program files\trend micro
2012-12-27 14:34:41 -------- d-----w- c:\program files\HD Tune
2012-12-27 13:00:42 98816 ----a-w- c:\windows\sed.exe
2012-12-27 13:00:42 256000 ----a-w- c:\windows\PEV.exe
2012-12-27 13:00:42 208896 ----a-w- c:\windows\MBR.exe
2012-12-27 12:44:34 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-27 12:42:32 -------- d-----w- c:\documents and settings\zbynek\local settings\data aplikací\Sun
2012-12-27 12:36:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-27 12:36:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-27 11:43:02 -------- d---a-w- c:\windows\VDLL.DLL
2012-12-27 11:43:02 -------- d---a-w- c:\windows\system32\runouce.exe
2012-12-27 11:43:02 -------- d---a-w- c:\windows\rundll16.exe
2012-12-27 11:43:02 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-12-27 11:43:02 -------- d---a-w- c:\windows\logo1_.exe
2012-12-27 11:43:02 -------- d---a-w- c:\windows\logo_1.exe
2012-12-27 11:23:12 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-12-27 11:23:11 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-12-27 11:23:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-12-27 11:23:02 147968 ----a-w- c:\windows\R.COM
2012-12-27 11:23:02 137216 ----a-w- c:\windows\system32\T.COM
2012-12-27 11:23:00 -------- d-----w- c:\program files\common files\MicroWorld
2012-12-27 11:22:51 -------- d-----w- c:\documents and settings\all users\data aplikací\MicroWorld
.
==================== Find3M ====================
.
2012-12-27 12:40:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-27 12:40:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-27 11:23:08 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-12-27 11:23:06 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-28 09:06:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-13 11:55:10 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12:24 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:48 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 14:34:42,34 ===============

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files\daemon tools toolbar
  
  DDS::
  TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
  TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
  
  Driver::
  eRootDrv
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"=-
  
  File::
  C:\WINDOWS\tasks\Adobe Flash Player Updater.job
  C:\WINDOWS\tasks\avast! Emergency Update.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\Documents and Settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\extensions\DTToolbar@toolbarnet.com
  C:\Documents and Settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\searchplugins\askcom.xml
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[gjfish]

COMBOFIX
ComboFix 13-01-08.01 - Zbynek 09.01.2013 6:29.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2429 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zbynek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zbynek\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\documents and settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\extensions\DTToolbar@toolbarnet.com"
"c:\documents and settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\searchplugins\askcom.xml"
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\avast! Emergency Update.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\daemon tools toolbar\DTToolbar.dll
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\avast! Emergency Update.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EROOTDRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-09 do 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2022-01-30 22:38 . 2022-01-30 22:38 -------- d-----w- c:\program files\Kerio
2013-01-07 16:15 . 2013-01-07 16:15 -------- d-----w- c:\program files\trend micro
2013-01-07 16:15 . 2013-01-07 16:15 -------- d-----w- C:\rsit
2012-12-27 14:34 . 2012-12-27 14:34 -------- d-----w- c:\program files\HD Tune
2012-12-27 12:44 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-27 12:42 . 2012-12-27 12:42 -------- d-----w- c:\documents and settings\Zbynek\Local Settings\Data aplikací\Sun
2012-12-27 12:41 . 2012-12-27 12:41 -------- d-----w- c:\program files\Common Files\Java
2012-12-27 12:36 . 2012-12-27 13:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-27 12:36 . 2012-12-27 13:49 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\VDLL.DLL
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\system32\runouce.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\rundll16.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\logo1_.exe
2012-12-27 11:43 . 2012-12-27 11:43 -------- d---a-w- c:\windows\logo_1.exe
2012-12-27 11:23 . 2012-12-27 11:23 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-12-27 11:23 . 2012-12-27 11:23 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-12-27 11:23 . 2012-12-27 11:23 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-12-27 11:23 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2012-12-27 11:23 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2012-12-27 11:23 . 2012-12-27 11:23 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-12-27 11:22 . 2012-12-27 11:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 12:40 . 2012-09-06 06:57 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-27 12:40 . 2011-01-31 20:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-27 11:23 . 2011-07-20 20:08 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-12-27 11:23 . 2011-07-20 20:08 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-12-16 12:23 . 2004-08-18 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-28 09:06 . 2012-09-06 06:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-13 11:55 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2004-08-18 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-06-14 16:57 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-01-30 19:27 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-01-30 19:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-01-30 19:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-01-30 19:27 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2011-01-30 19:27 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2011-01-30 19:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-01-30 19:27 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2011-01-30 19:26 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-01-30 19:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-06 16:22 . 2012-12-06 16:22 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.6.2011 17:57 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.1.2011 20:27 361032]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.1.2011 20:27 21256]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [27.12.2012 15:58 3467768]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.1.2011 17:58 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [20.7.2011 21:14 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [20.7.2011 21:14 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [20.7.2011 21:14 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [20.7.2011 21:14 25088]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\WLC811G.sys [30.1.2011 21:44 50432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Zbynek\Data aplikací\Mozilla\Firefox\Profiles\bbyfsueh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - ExtSQL: !HIDDEN! 2011-01-30 22:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{3F290582-3F4E-4B96-009C-E0BABAA40C42} - e:\games\The Battle for Middle-earth (tm)\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 06:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2013-01-09 07:06:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-09 06:06
ComboFix2.txt 2012-12-27 13:28
.
Před spuštěním: Volných bajtů: 137 747 161 088
Po spuštění: Volných bajtů: 137 684 000 768
.
- - End Of File - - 47DE81A6EA169BB5402661711EDF8244

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

[gjfish]

AdwCleaner
# AdwCleaner v2.105 - Logfile created 01/09/2013 at 11:40:07
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Zbynek - ZBYNEK-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Zbynek\Plocha\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Found : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKU\S-1-5-21-1220945662-573735546-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1037 octets] - [09/01/2013 11:40:07]

########## EOF - C:\AdwCleaner[R1].txt - [1097 octets] ##########

[vyosek]

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[gjfish]

AdwCleaner
# AdwCleaner v2.105 - Logfile created 01/09/2013 at 11:59:25
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Zbynek - ZBYNEK-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Zbynek\Plocha\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1166 octets] - [09/01/2013 11:40:07]
AdwCleaner[S1].txt - [954 octets] - [09/01/2013 11:59:25]

########## EOF - C:\AdwCleaner[S1].txt - [1013 octets] ##########

[vyosek]

Fajn, jak se chova PC

[gjfish]

Bohužel, potvůrka se chová stejně, tj. internet vytíží CPU na 100% (na to, že to je 2jádrový Intel 3.0 Ghz s 3 GB RAM DDR2 je to divné), moc děkuji za pomoc, ale již to nebudu natahovat a udělám novou čistou instalaci OS.
Ještě jednou moc děkuji.

[vyosek]

Nemate zac Zase nekdy

A na zaklade Pravidla o zamykani temat