pomaly PC, otevira se slozka pri startu PC,..

Zpráva

aqus · #16 Příspěvek od **aqus** » 26 led 2013 15:21

OTL Extras logfile created on: 26.1.2013 14:50:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\VANEK\Plocha
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 76,87% Memory free
3,85 Gb Paging File | 3,57 Gb Available in Paging File | 92,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 268,56 Gb Total Space | 163,43 Gb Free Space | 60,85% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 11,96 Gb Free Space | 12,25% Space Free | Partition Type: NTFS
Drive E: | 99,54 Gb Total Space | 30,40 Gb Free Space | 30,54% Space Free | Partition Type: NTFS

Computer Name: PETR | User Name: VANEK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0D049270-13E8-4CDC-BFCB-89C3871070EE}" = Nokia PC Internet Access
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D45EF03-E8EE-4355-81C3-F918CBCF1033}" = Nero 8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Balíček ovladače systému Windows - Nokia Modem (10/07/2010 4.6)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BSPlayer1" = BSPlayer
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Balíček ovladače systému Windows - Nokia Modem (02/24/2009 4.0)
"E5372C32E8562C76C24DBA6525002B1031495F34" = Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.8)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Balíček ovladače systému Windows - Nokia Modem (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 cs)" = Mozilla Firefox 12.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Internet Access" = Nokia PC Internet Access
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.50.1074" = Opera 11.50
"Optimik_is1" = Optimik 2.36c
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"RealPlayer 15.0" = RealPlayer
"Samsung SCX-4300 Series" = Samsung SCX-4300 Series
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sweet Home 3D_is1" = Sweet Home 3D version 2.5
"Trillian" = Trillian
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Sidebar" = Postranní panel systému Windows
"WinRAR archiver" = WinRAR
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZonerPhotoStudio11_CZ_is1" = Zoner Photo Studio 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8095

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.1.2013 13:20:32 | Computer Name = PETR | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace winamp.exe, verze 5.1.2.275, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.1.2013 06:44:46 | Computer Name = PETR | Source = Application Error | ID = 1000
Description = Chybující aplikace ssmmgr.exe, verze 3.2.2.5, chybující modul ssmmgr.exe,
verze 3.2.2.5, adresa chyby 0x00040045.

Error - 24.1.2013 07:38:43 | Computer Name = PETR | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 24.1.2013 07:38:43 | Computer Name = PETR | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 24.1.2013 07:38:43 | Computer Name = PETR | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

Error - 24.1.2013 07:40:20 | Computer Name = PETR | Source = Application Error | ID = 1000
Description = Chybující aplikace wscntfy.exe, verze 5.1.2600.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x10078890.

Error - 24.1.2013 07:40:20 | Computer Name = PETR | Source = Application Error | ID = 1000
Description = Chybující aplikace ssmmgr.exe, verze 3.2.2.5, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x10078890.

Error - 24.1.2013 07:40:21 | Computer Name = PETR | Source = Application Error | ID = 1000
Description = Chybující aplikace rthdcpl.exe, verze 2.2.0.2, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x10077f70.

Error - 24.1.2013 07:40:22 | Computer Name = PETR | Source = Application Error | ID = 1000
Description = Chybující aplikace ctfmon.exe, verze 5.1.2600.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x10078890.

Error - 24.1.2013 07:40:28 | Computer Name = PETR | Source = Application Error | ID = 1000
Description = Chybující aplikace groovemonitor.exe, verze 12.0.6500.5000, chybující
modul unknown, verze 0.0.0.0, adresa chyby 0x10077f70.

[ OSession Events ]
Error - 10.3.2010 10:23:39 | Computer Name = PETR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5813
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 18.6.2010 10:59:29 | Computer Name = PETR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 688
seconds with 60 seconds of active time. This session ended with a crash.

Error - 16.8.2010 02:03:08 | Computer Name = PETR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23.1.2013 05:40:01 | Computer Name = PETR | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20

Error - 23.1.2013 05:40:01 | Computer Name = PETR | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 24.1.2013 07:29:26 | Computer Name = PETR | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20

Error - 24.1.2013 07:29:26 | Computer Name = PETR | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 25.1.2013 10:01:33 | Computer Name = PETR | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20

Error - 25.1.2013 10:01:33 | Computer Name = PETR | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 26.1.2013 09:48:29 | Computer Name = PETR | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 26.1.2013 09:48:29 | Computer Name = PETR | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 26.1.2013 09:48:29 | Computer Name = PETR | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 26.1.2013 09:48:29 | Computer Name = PETR | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

[ TuneUp Events ]
Error - 17.1.2013 09:18:56 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 18.1.2013 07:03:42 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 18.1.2013 07:03:42 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 19.1.2013 10:45:11 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 19.1.2013 10:45:11 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 20.1.2013 04:48:30 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 20.1.2013 04:48:30 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 21.1.2013 06:15:45 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 21.1.2013 06:15:45 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 22.1.2013 09:31:05 | Computer Name = PETR | Source = TuneUp Program Statistics | ID = 131840
Description =

< End of report >

#17 Příspěvek od **vyosek** » 26 led 2013 23:26

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VANEK\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ao7kh2k4)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a66xkljx)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1409082233-1547161642-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1409082233-1547161642-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1409082233-1547161642-682003330-1004\..\SearchScopes\{600BD9BA-EAC1-4E4E-921C-BDDBFD19EBE1}: "URL" = http://www.google.cz/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1409082233-1547161642-682003330-1004\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc83540 ... =chrome&q={searchTerms}&lng={language}&iy=&ychte=us
FF - prefs.js..keyword.URL: "http://www.webhledani.cz/results.aspx?i=42&tp=ab&q="
FF - prefs.js..browser.search.defaultenginename: "WebHledani"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
[2009.06.01 12:16:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

aqus · #18 Příspěvek od **aqus** » 27 led 2013 11:45

zdarec...spustil jsem znovu, vlozil script, dal jsem opravit a po restartu pri spusteni to vyhodilo zase okno notepad.exe (viz minule prilozeny obrazek) ... zadny txt se neotevrel, tak jsem nasel podle datumu nejnovejsi txt soubor ulozeny v C:\_OTL\MovedFiles\01272013_113026.txt .....to je vypis z neho: zatim diky..PS: zase se pri startu otevrela sama slozka C:\Program Files\Common

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service SSPORT stopped successfully!
Service SSPORT deleted successfully!
File C:\WINDOWS\system32\Drivers\SSPORT.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\VANEK\LOCALS~1\Temp\catchme.sys not found.
Error: No service named ao7kh2k4 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ao7kh2k4 deleted successfully.
Error: No service named a66xkljx was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a66xkljx deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-1409082233-1547161642-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1409082233-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1409082233-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1409082233-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{600BD9BA-EAC1-4E4E-921C-BDDBFD19EBE1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{600BD9BA-EAC1-4E4E-921C-BDDBFD19EBE1}\ not found.
Registry key HKEY_USERS\S-1-5-21-1409082233-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Prefs.js: "http://www.webhledani.cz/results.aspx?i=42&tp=ab&q=" removed from keyword.URL
Prefs.js: "WebHledani" removed from browser.search.defaultenginename
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357} folder moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP356.tmp\mscorlib.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP356.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP384.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A2.tmp\PresentationBuildTasks.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6D8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7DB.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8CC.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI19B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI65.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
ADS C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: VANEK
->Temp folder emptied: 2119104 bytes
->Temporary Internet Files folder emptied: 4119682 bytes
->Java cache emptied: 3114723 bytes
->FireFox cache emptied: 1142273502 bytes
->Google Chrome cache emptied: 16685515 bytes
->Opera cache emptied: 110183102 bytes
->Flash cache emptied: 150722 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 220,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: VANEK
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: VANEK
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01272013_113026

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#19 Příspěvek od **vyosek** » 27 led 2013 14:10

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

aqus · #20 Příspěvek od **aqus** » 27 led 2013 14:52

ComboFix 13-01-27.03 - VANEK 27.01.2013 14:40:09.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1300 [GMT 1:00]
Spuštěný z: c:\documents and settings\VANEK\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-27 do 2013-01-27 )))))))))))))))))))))))))))))))
.
.
2013-01-27 10:30 . 2013-01-27 10:30 -------- d-----w- C:\_OTL
2013-01-26 13:53 . 2013-01-26 13:53 512 ----a-w- C:\PhysicalMBR.bin
2013-01-23 12:14 . 2013-01-23 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 12:14 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-22 17:58 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 14:57 . 2013-01-22 14:57 -------- d-----w- c:\program files\Common Files\Skype
2013-01-22 14:57 . 2013-01-22 14:57 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-12-13 15:18 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-12-13 15:17 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-12-13 15:17 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-12-13 15:17 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-12-13 15:17 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-12-13 15:17 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-12-13 15:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-12-13 15:17 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-12-13 15:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-12-13 15:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-31 15:30 . 2012-05-31 15:30 16896 ----a-w- c:\program files\wmdmhelper.dll
2012-05-31 15:30 . 2012-05-31 15:30 656896 ----a-w- c:\program files\rjbres.dll
2012-05-31 15:30 . 2012-05-31 15:30 45056 ----a-w- c:\program files\ierjplug.dll
2012-05-31 15:30 . 2012-05-31 15:30 361984 ----a-w- c:\program files\rjdlg.dll
2012-05-31 15:30 . 2012-05-31 15:30 34304 ----a-w- c:\program files\rjprog.dll
2012-05-31 15:30 . 2012-05-31 15:30 139264 ----a-w- c:\program files\dunzip32.dll
2012-05-31 15:30 . 2012-05-31 15:30 9728 ----a-w- c:\program files\fixrjb.exe
2012-05-31 15:30 . 2012-05-31 15:30 1115376 ----a-w- c:\program files\cddbmusicid.dll
2012-05-31 15:30 . 2012-05-31 15:30 943344 ----a-w- c:\program files\cddblink.dll
2012-05-31 15:30 . 2012-05-31 15:30 74240 ----a-w- c:\program files\tsasdk.dll
2012-05-31 15:30 . 2012-05-31 15:30 48640 ----a-w- c:\program files\tpasdk.dll
2012-05-31 15:30 . 2012-05-31 15:30 45056 ----a-w- c:\program files\mmcdda32.dll
2012-05-31 15:30 . 2012-05-31 15:30 23552 ----a-w- c:\program files\tnetdtct.dll
2012-05-31 15:30 . 2012-05-31 15:30 2041072 ----a-w- c:\program files\cddbcontrol.dll
2012-05-31 15:30 . 2012-05-31 15:30 67584 ----a-w- c:\program files\rpwa3260.dll
2012-05-31 15:30 . 2012-05-31 15:30 16296 ----a-w- c:\program files\realtfon.fon
2012-05-31 15:30 . 2012-05-31 15:30 45728 ----a-w- c:\program files\rpshellsearch.dll
2012-05-31 15:30 . 2012-05-31 15:30 375416 ----a-w- c:\program files\realconverter.exe
2012-05-31 15:30 . 2012-05-31 15:30 349304 ----a-w- c:\program files\convert.exe
2012-05-31 15:30 . 2012-05-31 15:30 390384 ----a-w- c:\program files\mc_enc_mp4v.dll
2012-05-31 15:30 . 2012-05-31 15:30 381040 ----a-w- c:\program files\realtrimmer.exe
2012-05-31 15:30 . 2012-05-31 15:30 129648 ----a-w- c:\program files\realshare.exe
2012-05-31 15:30 . 2012-05-31 15:30 719360 ----a-w- c:\program files\dbghelp.dll
2012-05-31 15:30 . 2012-05-31 15:30 72192 ----a-w- c:\program files\rjwmapln.dll
2012-05-31 15:30 . 2012-05-31 15:30 46592 ----a-w- c:\program files\rpau3260.dll
2012-05-31 15:29 . 2012-05-31 15:29 29824 ----a-w- c:\program files\rndevicedbbuilder.exe
2012-05-31 15:29 . 2012-05-31 15:29 88064 ----a-w- c:\program files\hxaudiodevicehook.dll
2012-05-31 15:29 . 2012-05-31 15:29 86528 ----a-w- c:\program files\rpplugprot.dll
2012-05-31 15:29 . 2012-05-31 15:29 64656 ----a-w- c:\program files\rpshell.dll
2012-05-31 15:29 . 2012-05-31 15:29 116888 ----a-w- c:\program files\rdsf3260.dll
2012-05-31 15:29 . 2012-05-31 15:29 18072 ----a-w- c:\program files\rphelperapp.exe
2012-05-31 15:29 . 2012-05-31 15:29 10240 ----a-w- c:\program files\realjbox.exe
2012-05-31 15:29 . 2012-05-31 15:29 499312 ----a-w- c:\program files\realplay.exe
2012-05-31 15:29 . 2012-05-31 15:29 439464 ----a-w- c:\program files\recordingmanager.exe
2012-08-13 17:53 . 2012-08-13 17:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-19 12:23 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-19 . D39127310CBAD1485EC5001A4ED1D853 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-27 614400]
"TkBellExe"="c:\program files\update\realsched.exe" [2012-05-31 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-09-18 14:16 171464 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 07:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-01-31 10:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2008-08-05 12:45 536576 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 09:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-07-29 15:18 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 15:54 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_JAN2013_TB]
2013-01-15 13:08 1177168 ------w- c:\program files\AVG Secure Search\ROC_JAN2013_TB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 12:38 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.12.2012 16:17 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.12.2012 16:18 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.12.2012 16:18 21256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.1.2013 13:14 21104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23.1.2013 13:14 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [26.1.2011 01:28 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-13 22:50]
.
2013-01-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1547161642-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2013-01-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1547161642-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page =
uSearchMigratedDefaultURL =
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.100.100.1 10.100.100.6
FF - ProfilePath - c:\documents and settings\VANEK\Data aplikací\Mozilla\Firefox\Profiles\76od3sn5.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2012-12-13 16:21; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 10:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-27 14:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(132)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2013-01-27 14:45:38
ComboFix-quarantined-files.txt 2013-01-27 13:45
ComboFix2.txt 2013-01-24 11:42
.
Před spuštěním: Volných bajtů: 176 634 130 432
Po spuštění: Volných bajtů: 176 610 316 288
.
- - End Of File - - 9896ECBDC50B5695D73CFEAAC98E6001

#21 Příspěvek od **vyosek** » 28 led 2013 01:16

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"GrooveMonitor"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_JAN2013_TB]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

Folder::
c:\program files\AVG Secure Search

File::
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1547161642-682003330-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1547161642-682003330-1004.job

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

aqus · #22 Příspěvek od **aqus** » 28 led 2013 18:29

zdravim, na pevnem PC je okno combofix - find 3M ...pise ze se vytvari log report a ze nemam spoustet zadne aplikace nez se to vytvori, ale uz se to vytvari asi hodinu a furt nic ...po restartu se zapl firewall i avast, tak sem je vypnul , ale stejne zadna zmena...jeste to necham hodku a pak sa kdyztak ozvu...nebo je normalni ze to trvda tak dlouho? predem dik..

#23 Příspěvek od **vyosek** » 29 led 2013 08:42

Zkuste jeste jednou zopakovat skript pro CF, ale v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

aqus · #24 Příspěvek od **aqus** » 29 led 2013 19:43

vypis z comofixu sem musel dohledat na disku C, protoze to vyhodilo okno ze nelze spustit notepad(viz priloha)

ComboFix 13-01-28.02 - Administrator 29.01.2013 19:32:33.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1618 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1547161642-682003330-1004.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1547161642-682003330-1004.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\AVG Secure Search\ROC_JAN2013_TB.exe
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1547161642-682003330-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1547161642-682003330-1004.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-28 do 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 18:23 . 2013-01-29 18:24 -------- d-----w- c:\documents and settings\Administrator
2013-01-28 16:31 . 2013-01-28 16:31 -------- d-----w- C:\avast! sandbox
2013-01-27 10:30 . 2013-01-27 10:30 -------- d-----w- C:\_OTL
2013-01-26 13:53 . 2013-01-26 13:53 512 ----a-w- C:\PhysicalMBR.bin
2013-01-23 12:14 . 2013-01-23 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 12:14 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-22 17:58 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 14:57 . 2013-01-22 14:57 -------- d-----w- c:\program files\Common Files\Skype
2013-01-22 14:57 . 2013-01-22 14:57 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 15:30 . 2012-05-31 15:30 16896 ----a-w- c:\program files\wmdmhelper.dll
2012-05-31 15:30 . 2012-05-31 15:30 656896 ----a-w- c:\program files\rjbres.dll
2012-05-31 15:30 . 2012-05-31 15:30 45056 ----a-w- c:\program files\ierjplug.dll
2012-05-31 15:30 . 2012-05-31 15:30 361984 ----a-w- c:\program files\rjdlg.dll
2012-05-31 15:30 . 2012-05-31 15:30 34304 ----a-w- c:\program files\rjprog.dll
2012-05-31 15:30 . 2012-05-31 15:30 139264 ----a-w- c:\program files\dunzip32.dll
2012-05-31 15:30 . 2012-05-31 15:30 9728 ----a-w- c:\program files\fixrjb.exe
2012-05-31 15:30 . 2012-05-31 15:30 1115376 ----a-w- c:\program files\cddbmusicid.dll
2012-05-31 15:30 . 2012-05-31 15:30 943344 ----a-w- c:\program files\cddblink.dll
2012-05-31 15:30 . 2012-05-31 15:30 74240 ----a-w- c:\program files\tsasdk.dll
2012-05-31 15:30 . 2012-05-31 15:30 48640 ----a-w- c:\program files\tpasdk.dll
2012-05-31 15:30 . 2012-05-31 15:30 45056 ----a-w- c:\program files\mmcdda32.dll
2012-05-31 15:30 . 2012-05-31 15:30 23552 ----a-w- c:\program files\tnetdtct.dll
2012-05-31 15:30 . 2012-05-31 15:30 2041072 ----a-w- c:\program files\cddbcontrol.dll
2012-05-31 15:30 . 2012-05-31 15:30 67584 ----a-w- c:\program files\rpwa3260.dll
2012-05-31 15:30 . 2012-05-31 15:30 16296 ----a-w- c:\program files\realtfon.fon
2012-05-31 15:30 . 2012-05-31 15:30 45728 ----a-w- c:\program files\rpshellsearch.dll
2012-05-31 15:30 . 2012-05-31 15:30 375416 ----a-w- c:\program files\realconverter.exe
2012-05-31 15:30 . 2012-05-31 15:30 349304 ----a-w- c:\program files\convert.exe
2012-05-31 15:30 . 2012-05-31 15:30 390384 ----a-w- c:\program files\mc_enc_mp4v.dll
2012-05-31 15:30 . 2012-05-31 15:30 381040 ----a-w- c:\program files\realtrimmer.exe
2012-05-31 15:30 . 2012-05-31 15:30 129648 ----a-w- c:\program files\realshare.exe
2012-05-31 15:30 . 2012-05-31 15:30 719360 ----a-w- c:\program files\dbghelp.dll
2012-05-31 15:30 . 2012-05-31 15:30 72192 ----a-w- c:\program files\rjwmapln.dll
2012-05-31 15:30 . 2012-05-31 15:30 46592 ----a-w- c:\program files\rpau3260.dll
2012-05-31 15:29 . 2012-05-31 15:29 29824 ----a-w- c:\program files\rndevicedbbuilder.exe
2012-05-31 15:29 . 2012-05-31 15:29 88064 ----a-w- c:\program files\hxaudiodevicehook.dll
2012-05-31 15:29 . 2012-05-31 15:29 86528 ----a-w- c:\program files\rpplugprot.dll
2012-05-31 15:29 . 2012-05-31 15:29 64656 ----a-w- c:\program files\rpshell.dll
2012-05-31 15:29 . 2012-05-31 15:29 116888 ----a-w- c:\program files\rdsf3260.dll
2012-05-31 15:29 . 2012-05-31 15:29 18072 ----a-w- c:\program files\rphelperapp.exe
2012-05-31 15:29 . 2012-05-31 15:29 10240 ----a-w- c:\program files\realjbox.exe
2012-05-31 15:29 . 2012-05-31 15:29 499312 ----a-w- c:\program files\realplay.exe
2012-05-31 15:29 . 2012-05-31 15:29 439464 ----a-w- c:\program files\recordingmanager.exe
2012-08-13 17:53 . 2012-08-13 17:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-19 12:23 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-19 . D39127310CBAD1485EC5001A4ED1D853 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-27 614400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2008-08-05 12:45 536576 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 12:38 721904]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.12.2012 16:17 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.12.2012 16:18 361032]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.12.2012 16:18 21256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23.1.2013 13:14 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.1.2013 13:14 21104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [26.1.2011 1:28 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.100.1 10.100.100.6
FF - ProfilePath - c:\documents and settings\VANEK\Data aplikací\Mozilla\Firefox\Profiles\76od3sn5.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - ExtSQL: 2012-12-13 16:21; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 10:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-29 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Celkový čas: 2013-01-29 19:39:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-29 18:39
ComboFix2.txt 2013-01-27 13:45
ComboFix3.txt 2013-01-24 11:42
.
Před spuštěním: Volných bajtů: 178 116 689 920
Po spuštění: Volných bajtů: 178 088 448 000
.
- - End Of File - - D8C0E7339D42DB79736DAE521A8A5A82

#25 Příspěvek od **vyosek** » 29 led 2013 19:53

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
vADVAPI32.dll
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

aqus · #26 Příspěvek od **aqus** » 29 led 2013 20:10

po dokonceni vyskocilo okno (viz obrazek), log prikladam

SystemLook 30.07.11 by jpshortstuff
Log created at 20:07 on 29/01/2013 by VANEK
Administrator - Elevation successful

========== filefind ==========

Searching for "vADVAPI32.dll"
C:\Program Files\Alky for Applications\Libraries\vadvapi32.dll --a---- 46032 bytes [22:01 22/03/2008] [22:01 22/03/2008] 05EA7E5899EE5E4F12A6E9CC386EE89B

-= EOF =-

aqus · #27 Příspěvek od **aqus** » 29 led 2013 20:11

PS: hledani knihovny bylo provedeno uz v normalnim systemu (ne v nouzevem), nevadi?

#28 Příspěvek od **vyosek** » 29 led 2013 21:12

Spustte Cf znovu, bez skriptu, jen dvojklikem

aqus · #29 Příspěvek od **aqus** » 29 led 2013 23:04

ComboFix 13-01-28.02 - VANEK 29.01.2013 22:56:38.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1406 [GMT 1:00]
Spuštěný z: c:\documents and settings\VANEK\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-28 do 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 18:23 . 2013-01-29 18:24 -------- d-----w- c:\documents and settings\Administrator
2013-01-27 10:30 . 2013-01-27 10:30 -------- d-----w- C:\_OTL
2013-01-26 13:53 . 2013-01-26 13:53 512 ----a-w- C:\PhysicalMBR.bin
2013-01-23 12:14 . 2013-01-23 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 12:14 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-22 17:58 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 14:57 . 2013-01-22 14:57 -------- d-----w- c:\program files\Common Files\Skype
2013-01-22 14:57 . 2013-01-22 14:57 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 15:30 . 2012-05-31 15:30 16896 ----a-w- c:\program files\wmdmhelper.dll
2012-05-31 15:30 . 2012-05-31 15:30 656896 ----a-w- c:\program files\rjbres.dll
2012-05-31 15:30 . 2012-05-31 15:30 45056 ----a-w- c:\program files\ierjplug.dll
2012-05-31 15:30 . 2012-05-31 15:30 361984 ----a-w- c:\program files\rjdlg.dll
2012-05-31 15:30 . 2012-05-31 15:30 34304 ----a-w- c:\program files\rjprog.dll
2012-05-31 15:30 . 2012-05-31 15:30 139264 ----a-w- c:\program files\dunzip32.dll
2012-05-31 15:30 . 2012-05-31 15:30 9728 ----a-w- c:\program files\fixrjb.exe
2012-05-31 15:30 . 2012-05-31 15:30 1115376 ----a-w- c:\program files\cddbmusicid.dll
2012-05-31 15:30 . 2012-05-31 15:30 943344 ----a-w- c:\program files\cddblink.dll
2012-05-31 15:30 . 2012-05-31 15:30 74240 ----a-w- c:\program files\tsasdk.dll
2012-05-31 15:30 . 2012-05-31 15:30 48640 ----a-w- c:\program files\tpasdk.dll
2012-05-31 15:30 . 2012-05-31 15:30 45056 ----a-w- c:\program files\mmcdda32.dll
2012-05-31 15:30 . 2012-05-31 15:30 23552 ----a-w- c:\program files\tnetdtct.dll
2012-05-31 15:30 . 2012-05-31 15:30 2041072 ----a-w- c:\program files\cddbcontrol.dll
2012-05-31 15:30 . 2012-05-31 15:30 67584 ----a-w- c:\program files\rpwa3260.dll
2012-05-31 15:30 . 2012-05-31 15:30 16296 ----a-w- c:\program files\realtfon.fon
2012-05-31 15:30 . 2012-05-31 15:30 45728 ----a-w- c:\program files\rpshellsearch.dll
2012-05-31 15:30 . 2012-05-31 15:30 375416 ----a-w- c:\program files\realconverter.exe
2012-05-31 15:30 . 2012-05-31 15:30 349304 ----a-w- c:\program files\convert.exe
2012-05-31 15:30 . 2012-05-31 15:30 390384 ----a-w- c:\program files\mc_enc_mp4v.dll
2012-05-31 15:30 . 2012-05-31 15:30 381040 ----a-w- c:\program files\realtrimmer.exe
2012-05-31 15:30 . 2012-05-31 15:30 129648 ----a-w- c:\program files\realshare.exe
2012-05-31 15:30 . 2012-05-31 15:30 719360 ----a-w- c:\program files\dbghelp.dll
2012-05-31 15:30 . 2012-05-31 15:30 72192 ----a-w- c:\program files\rjwmapln.dll
2012-05-31 15:30 . 2012-05-31 15:30 46592 ----a-w- c:\program files\rpau3260.dll
2012-05-31 15:29 . 2012-05-31 15:29 29824 ----a-w- c:\program files\rndevicedbbuilder.exe
2012-05-31 15:29 . 2012-05-31 15:29 88064 ----a-w- c:\program files\hxaudiodevicehook.dll
2012-05-31 15:29 . 2012-05-31 15:29 86528 ----a-w- c:\program files\rpplugprot.dll
2012-05-31 15:29 . 2012-05-31 15:29 64656 ----a-w- c:\program files\rpshell.dll
2012-05-31 15:29 . 2012-05-31 15:29 116888 ----a-w- c:\program files\rdsf3260.dll
2012-05-31 15:29 . 2012-05-31 15:29 18072 ----a-w- c:\program files\rphelperapp.exe
2012-05-31 15:29 . 2012-05-31 15:29 10240 ----a-w- c:\program files\realjbox.exe
2012-05-31 15:29 . 2012-05-31 15:29 499312 ----a-w- c:\program files\realplay.exe
2012-05-31 15:29 . 2012-05-31 15:29 439464 ----a-w- c:\program files\recordingmanager.exe
2012-08-13 17:53 . 2012-08-13 17:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-19 12:23 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-12-19 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-12-19 . D39127310CBAD1485EC5001A4ED1D853 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-27 614400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2008-08-05 12:45 536576 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 12:38 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.12.2012 16:17 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.12.2012 16:18 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.12.2012 16:18 21256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.1.2013 13:14 21104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23.1.2013 13:14 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [26.1.2011 01:28 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Doplňkový sken -------
.
uStart Page =
uSearchMigratedDefaultURL =
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.100.100.1 10.100.100.6
FF - ProfilePath - c:\documents and settings\VANEK\Data aplikací\Mozilla\Firefox\Profiles\76od3sn5.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2012-12-13 16:21; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 10:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-29 23:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(1584)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2013-01-29 23:01:43
ComboFix-quarantined-files.txt 2013-01-29 22:01
ComboFix2.txt 2013-01-29 18:39
ComboFix3.txt 2013-01-27 13:45
ComboFix4.txt 2013-01-24 11:42
.
Před spuštěním: Volných bajtů: 175 992 438 784
Po spuštění: Volných bajtů: 175 963 930 624
.
- - End Of File - - CACFFD31B7F8407EF9516E2CBB72F0D6

#30 Příspěvek od **vyosek** » 30 led 2013 13:00

Projedte SalityKillerem PC http://support.kaspersky.com/downloads/ ... killer.zip

Projedte PC ESET OnlineScannerem http://www.eset.com/cz/online-scanner/

VIRY.CZ

pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..

Re: pomaly PC, otevira se slozka pri startu PC,..