Prosím o kontrolu logu RSIT

[m2d]

Prosím o kontrolu logu
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-02-25 21:41:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (35%) free of 114 GB
Total RAM: 894 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:42:40, on 25.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\S3LoadSv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.toggle.com/?lang=en&cid=adfaa7a7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [VTTimer] ;;; VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [snuvcdsm] C:\WINDOWS\snuvcdsm.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Údržba databáze BUILDpower.lnk = C:\RTS\BUILDpower\BPStartUp.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nexis 3.5 license server - dT 2004 - Unknown owner - C:\crack\lmgrd.exe
O23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9124 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p0abfo70.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911, jqs@sun.com:1.0, toolbar@ask.com:3.14.0.100010, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://search.toggle.com/?lang=en&cid=adfaa7a7&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.13.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npFoxitReaderPlugin.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
Web Search.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p0abfo70.default\extensions\
2020Player_IKEA@2020Technologies.com

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p0abfo70.default\searchplugins\
toggle.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-18 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-18 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=;;; VTTimer.exe []
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2008-07-08 204800]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe [2008-06-18 82224]
"snuvcdsm"=C:\WINDOWS\snuvcdsm.exe [2007-05-23 20480]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-06-03 65536]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-09-09 1871872]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-05-23 197904]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2012-06-28 74752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-12-19 1044480]
"SDTray"=C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2012-11-13 3825176]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Údržba databáze BUILDpower.lnk - C:\RTS\BUILDpower\BPStartUp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMMyPictures"=1
"NoUserNameInStartMenu"=1
"NoSMHelp"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"HideRunAsVerb"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3acm"=L3codeca.acm

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-02-25 21:41:08 ----D---- C:\Program Files\trend micro
2013-02-25 21:41:07 ----D---- C:\rsit
2013-02-25 21:12:08 ----D---- C:\Program Files\SpeedFan
2013-02-25 20:59:33 ----A---- C:\ComboFix.txt
2013-02-25 20:43:00 ----A---- C:\Boot.bak
2013-02-25 20:42:54 ----RASHD---- C:\cmdcons
2013-02-25 20:39:37 ----A---- C:\WINDOWS\zip.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\SWSC.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\SWREG.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\sed.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\PEV.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\NIRCMD.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\MBR.exe
2013-02-25 20:39:37 ----A---- C:\WINDOWS\grep.exe
2013-02-25 20:38:20 ----D---- C:\Qoobox
2013-02-25 20:37:55 ----D---- C:\WINDOWS\erdnt
2013-02-23 08:39:14 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2013-02-23 08:36:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2013-02-23 08:35:34 ----D---- C:\Program Files\TuneUp Utilities 2013
2013-02-23 08:35:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2013-02-23 08:32:53 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-23 08:31:15 ----D---- C:\Program Files\Winamp Detect
2013-02-23 08:29:51 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2013-02-23 08:29:51 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2013-02-23 08:29:47 ----N---- C:\WINDOWS\system32\pxwma.dll
2013-02-23 08:27:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Winamp
2013-02-23 08:27:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\OpenCandy
2013-02-22 07:30:05 ----A---- C:\user.js
2013-02-22 07:29:37 ----D---- C:\Program Files\Toggle
2013-02-22 07:27:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Toggle
2013-02-21 11:57:04 ----D---- C:\WINDOWS\hpq
2013-02-21 06:08:34 ----D---- C:\Program Files\Defraggler
2013-02-20 12:02:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-02-20 07:23:04 ----D---- C:\Program Files\Mozilla Firefox
2013-02-19 18:40:14 ----D---- C:\Program Files\K-Lite Codec Pack
2013-02-19 14:23:58 ----D---- C:\Program Files\CCleaner
2013-02-18 18:46:08 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-02-18 18:46:08 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-02-18 18:45:58 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-02-18 18:45:58 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-02-18 18:45:55 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-02-18 18:45:54 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2013-02-18 18:45:54 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2013-02-18 18:45:53 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2013-02-18 18:38:24 ----A---- C:\WINDOWS\avastSS.scr
2013-02-18 18:38:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-02-18 18:36:17 ----D---- C:\Program Files\AVAST Software
2013-02-18 18:36:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-02-18 18:09:40 ----A---- C:\WINDOWS\wininit.ini
2013-02-18 15:11:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-02-18 15:10:27 ----A---- C:\WINDOWS\system32\sdnclean.exe
2013-02-18 15:10:07 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2013-02-18 07:02:11 ----A---- C:\WINDOWS\system32\javaws.exe
2013-02-18 07:01:52 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-02-18 07:01:51 ----A---- C:\WINDOWS\system32\javaw.exe
2013-02-18 07:01:51 ----A---- C:\WINDOWS\system32\java.exe
2013-02-03 15:48:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
2013-02-03 08:07:29 ----D---- C:\WINDOWS\WBEM
2013-02-03 08:05:46 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 month======

2013-02-25 21:41:08 ----D---- C:\Program Files
2013-02-25 21:17:04 ----AD---- C:\WINDOWS\system32
2013-02-25 20:56:04 ----D---- C:\WINDOWS
2013-02-25 20:56:04 ----A---- C:\WINDOWS\system.ini
2013-02-25 20:55:38 ----D---- C:\WINDOWS\system32\drivers\etc
2013-02-25 20:55:28 ----D---- C:\WINDOWS\Temp
2013-02-25 20:54:45 ----RSD---- C:\WINDOWS\Fonts
2013-02-25 20:51:53 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-25 20:50:34 ----D---- C:\WINDOWS\system32\drivers
2013-02-25 20:50:34 ----D---- C:\WINDOWS\AppPatch
2013-02-25 20:50:29 ----D---- C:\Program Files\Common Files
2013-02-25 20:43:00 ----RASH---- C:\boot.ini
2013-02-25 20:38:10 ----D---- C:\WINDOWS\Prefetch
2013-02-25 20:11:23 ----D---- C:\WINDOWS\Minidump
2013-02-25 19:35:51 ----D---- C:\flexlm
2013-02-23 09:32:04 ----D---- C:\Program Files\Winamp
2013-02-23 08:39:29 ----SHD---- C:\WINDOWS\Installer
2013-02-23 08:39:28 ----D---- C:\Config.Msi
2013-02-23 08:39:24 ----D---- C:\WINDOWS\system32\config
2013-02-21 12:56:12 ----D---- C:\WINDOWS\Help
2013-02-21 12:22:40 ----HD---- C:\WINDOWS\inf
2013-02-21 11:56:52 ----D---- C:\SwSetup
2013-02-20 12:02:06 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-02-19 14:35:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
2013-02-19 14:35:05 ----D---- C:\WINDOWS\SoftwareDistribution
2013-02-19 14:35:05 ----D---- C:\WINDOWS\Debug
2013-02-18 19:05:23 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-02-18 18:53:06 ----D---- C:\Program Files\Google
2013-02-18 18:45:55 ----SD---- C:\WINDOWS\Tasks
2013-02-18 18:44:49 ----D---- C:\WINDOWS\WinSxS
2013-02-18 15:11:02 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-02-18 07:01:32 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-02-18 07:01:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-02-18 07:01:25 ----D---- C:\Program Files\Java
2013-02-17 15:25:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Fine
2013-02-17 08:25:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\FINE
2013-02-15 14:13:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2013-02-15 13:52:01 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2013-02-03 08:10:08 ----D---- C:\WINDOWS\system32\cs-cz
2013-02-03 08:10:08 ----D---- C:\Program Files\Internet Explorer
2013-02-03 08:07:15 ----D---- C:\WINDOWS\Media
2013-02-03 08:07:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-02-03 08:07:13 ----D---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 hpdskflt;HP Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2008-05-23 24624]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 SFAUDIO;Sonic Focus DSP Driver; C:\WINDOWS\system32\drivers\sfaudio.sys [2007-12-10 23040]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-09-15 721904]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-07 336384]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-11-29 163328]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-09-09 1294200]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-04-03 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-03 879624]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-04-03 37280]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-04-03 74688]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-04 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2009-03-17 561152]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-06-13 1804160]
R3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ts_arusb.sys [2011-05-13 1054312]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
S3 abj1d4go;abj1d4go; C:\WINDOWS\system32\drivers\abj1d4go.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-03-31 264800]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-02-18 170912]
R2 S3LoadSv;S3LoadSv; C:\WINDOWS\system32\S3LoadSv.exe [2009-01-20 69632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-21 136176]
S2 Nexis 3.5 license server - dT 2004;Nexis 3.5 license server - dT 2004; C:\crack\lmgrd.exe [2004-11-22 195584]
S2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-11-02 1699168]
S2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-09-09 24064]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-18 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-21 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-20 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[vyosek]

Zdravim

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Stahnete Shortcut Cleaner http://www.bleepingcomputer.com/downloa ... t-cleaner/

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Spustte tradicne dvouklikem
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v miste spusteni jako sc-cleaner.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

[m2d]

dobrý den, děkuji za odpověď posílam první LOG.

Shortcut Cleaner 1.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/downloa ... t-cleaner/

Program started at: 02/26/2013 08:06:57 AM.

Searching C:\Documents and Settings\Administrator\Nabídka Start\

Searching C:\Documents and Settings\All Users\Nabídka Start\

Searching C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Documents and Settings\All Users\Plocha\

Searching C:\Documents and Settings\Administrator\Plocha\


0 bad shortcuts found.

Program finished at: 02/26/2013 08:07:02 AM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

[m2d]

a druhý log, ještě bych se chtěl zeptat, co může způsobovat náhle restartování. Dělá to zejména, když jede Winamp. Nainstaloval jsem speedfan a po restartu to vyhodilo něco HDO 120 - nestihl jsem to přesně - není to něco s operační pamětí?? Děkuji za odpověď a přidávám druhý log

# AdwCleaner v2.113 - Logfile created 02/26/2013 at 08:12:03
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Documents and Settings\Administrator\Data aplikací\OpenCandy
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\simplytech

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1715567821-1957994488-515967899-500\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-1715567821-1957994488-515967899-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=

-\\ Mozilla Firefox v19.0 (cs)

File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p0abfo70.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Web Search");
Found : user_pref("browser.search.defaultenginename", "Web Search");
Found : user_pref("browser.search.order.1", "Search the web (toggle)");
Found : user_pref("extensions.toggle.srchPrvdr", "Search the web (toggle)");
Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2958 octets] - [26/02/2013 08:12:03]

########## EOF - C:\AdwCleaner[R1].txt - [3018 octets] ##########

[vyosek]

Restarty muzou mit vice duvodu - RAM, HDD, teploty - podivame se tez na to

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

[m2d]

no to jsem asi zmastil,stahl jsem si postupný návod a jel podle toho,na kterém bylo napsáno že s logem poradí někdo zkušený a odkaz na tyto stránky půjde s tím ještě neco dělat?

[m2d]

když se počítač restartoval, tak teplota HDO byla 40 a TEMP1 56

[vyosek]

Dejte mi sem log z CF, mel by byt c:\combofix.txt

Odkud jste ten navod stahoval?

[m2d]

návod byl tady z nějakého fóra, je stejný jako jste ho doporučil rano jednomu uživateli zde

ComboFix 13-02-24.01 - Administrator 25.02.2013 20:45:47.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.894.381 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
ADS - system32: deleted 24 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Dokumenty\Jožka pracovní docházka.xls~RF321e23a.TMP
c:\documents and settings\Administrator\WINDOWS
c:\windows\Fonts\gautami.ttf
c:\windows\Fonts\latha.ttf
c:\windows\Fonts\mangal.ttf
c:\windows\Fonts\raavi.ttf
c:\windows\Fonts\shruti.ttf
c:\windows\Fonts\sylfaen.ttf
c:\windows\Fonts\tunga.ttf
c:\windows\IsUn0405.exe
.
.
.
c:\windows\system32\srsvc.dll . . . je infikován!!
.
c:\windows\system32\drivers\psched.sys . . . chybí !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-25 do 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-23 07:40 . 2013-02-23 07:40 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\TuneUp Software
2013-02-23 07:39 . 2012-11-02 14:57 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2013-02-23 07:36 . 2013-02-23 07:36 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TuneUp Software
2013-02-23 07:35 . 2013-02-23 07:39 -------- d-----w- c:\program files\TuneUp Utilities 2013
2013-02-23 07:35 . 2013-02-23 07:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2013-02-23 07:32 . 2013-02-23 07:32 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-23 07:31 . 2013-02-23 07:31 -------- d-----w- c:\program files\Winamp Detect
2013-02-23 07:29 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2013-02-23 07:29 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2013-02-23 07:29 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2013-02-23 07:27 . 2013-02-25 19:11 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Winamp
2013-02-23 07:27 . 2013-02-23 07:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\OpenCandy
2013-02-22 06:30 . 2013-02-22 06:30 49 ----a-w- C:\user.js
2013-02-22 06:29 . 2013-02-22 06:29 -------- d-----w- c:\program files\Toggle
2013-02-22 06:27 . 2013-02-23 07:38 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Toggle
2013-02-22 06:26 . 2013-02-22 06:26 -------- d-----w- c:\documents and settings\Administrator\Downloads
2013-02-21 10:57 . 2013-02-21 10:57 -------- d-----w- c:\windows\hpq
2013-02-21 05:08 . 2013-02-21 05:10 -------- d-----w- c:\program files\Defraggler
2013-02-19 17:40 . 2013-02-19 17:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2013-02-19 13:23 . 2013-02-19 13:24 -------- d-----w- c:\program files\CCleaner
2013-02-18 17:54 . 2013-02-18 17:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-02-18 17:46 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-18 17:46 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-18 17:45 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-18 17:45 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-02-18 17:45 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-18 17:45 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-02-18 17:45 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-02-18 17:45 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-02-18 17:38 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-18 17:38 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-18 17:36 . 2013-02-18 17:36 -------- d-----w- c:\program files\AVAST Software
2013-02-18 17:36 . 2013-02-18 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-02-18 14:11 . 2013-02-20 04:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-02-18 14:10 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-02-18 14:10 . 2013-02-18 14:11 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-02-18 06:01 . 2013-02-18 06:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-03 14:48 . 2013-02-03 14:48 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Leadertech
2013-02-03 07:17 . 2013-02-03 07:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-02-03 07:16 . 2013-02-03 07:16 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-02-03 07:10 . 2013-02-03 07:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-02-03 07:05 . 2013-02-03 07:07 -------- dc-h--w- c:\windows\ie8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 06:01 . 2012-08-19 12:58 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-18 06:01 . 2010-09-16 13:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-18 06:01 . 2009-09-18 14:05 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-20 06:24 . 2013-02-20 06:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-04 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
.
.
.
c:\windows\System32\srsvc.dll ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2008-05-16 94208]
"S3Trayp"="S3trayp.exe" [2008-07-08 204800]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-18 82224]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2007-05-23 20480]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-06-03 65536]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-09-09 1871872]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-12-19 1044480]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]
Údržba databáze BUILDpower.lnk - c:\rts\BUILDpower\BPStartUp.exe [2011-2-21 847872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [10.12.2007 12:41 23040]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2009 19:30 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.2.2013 18:45 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.2.2013 18:46 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.2.2013 18:46 21256]
R2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [20.1.2009 15:22 69632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [18.2.2013 15:10 1103392]
R3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;c:\windows\system32\drivers\ts_arusb.sys [22.5.2010 9:16 1054312]
S2 dbwgogjka;Support Microsoft;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 7:52 14336]
S2 Nexis 3.5 license server - dT 2004;Nexis 3.5 license server - dT 2004;c:\crack\lmgrd.exe [10.8.2010 17:30 195584]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [18.2.2013 15:10 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [18.2.2013 15:10 168384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2.11.2012 15:57 1699168]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys --> c:\windows\system32\DRIVERS\SCR3XX2K.sys [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [19.9.2012 9:50 10088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
dbwgogjka
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
ntmssvc
sharedaccess
ERSvc
Messenger
Seclogon
SRService
TrkWks
W32Time
uploadmgr
TermService
wscsvc
ip6fwhlp
mhn
sacsvr
trksvr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-18 17:51 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-02-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-18 22:50]
.
2013-02-25 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-02-18 13:08]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 11:28]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 11:28]
.
2013-02-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-18 13:07]
.
2013-02-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-02-18 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.toggle.com/?lang=en&cid=adfaa7a7
uDefault_Search_URL = about:blank
mSearch Bar = hxxp://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p0abfo70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.toggle.com/?lang=en&cid=adfaa7a7&q=
FF - ExtSQL: 2013-02-18 18:44; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extensions.toggle.hpOld0 - www.seznam.cz
FF - user.js: extensions.toggle.tlbrSrchUrl - hxxp://search.toggle.com/?lang={dfltLng}&cid={cid}&q=
FF - user.js: extensions.toggle.id - 20a62ce7000000000000002100998df4
FF - user.js: extensions.toggle.appId - {EE5558C0-C65E-4EF7-8C52-39632E6A21F3}
FF - user.js: extensions.toggle.instlDay - 15758
FF - user.js: extensions.toggle.vrsn - 1.8.12.7
FF - user.js: extensions.toggle.vrsni - 1.8.12.7
FF - user.js: extensions.toggle.vrsnTs - 1.8.12.77:29
FF - user.js: extensions.toggle.prtnrId - toggle
FF - user.js: extensions.toggle.prdct - toggle
FF - user.js: extensions.toggle.aflt - orgnl
FF - user.js: extensions.toggle.smplGrp - none
FF - user.js: extensions.toggle.tlbrId - base
FF - user.js: extensions.toggle.instlRef -
FF - user.js: extensions.toggle.dfltLng - en
FF - user.js: extensions.toggle.excTlbr - true
FF - user.js: extensions.toggle.ffxUnstlRst - false
FF - user.js: extensions.toggle.admin - false
FF - user.js: extensions.toggle.cid - adfaa7a7
FF - user.js: extensions.toggle.autoRvrt - false
FF - user.js: extensions.toggle.rvrt - true
FF - user.js: extensions.toggle.hmpg - true
FF - user.js: extensions.toggle.hmpgUrl - hxxp://search.toggle.com/?lang=en&cid=adfaa7a7
FF - user.js: extensions.toggle.dfltSrch - true
FF - user.js: extensions.toggle.srchPrvdr - Search the web (toggle)
FF - user.js: extensions.toggle.kw_url - hxxp://search.toggle.com/?lang=en&cid=adfaa7a7&q=
FF - user.js: extensions.toggle.dnsErr - true
FF - user.js: extensions.toggle.newTab - true
FF - user.js: extensions.toggle.newTabUrl - hxxp://search.toggle.com/?lang=en&cid=adfaa7a7
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Fine Geo 5.0 - c:\windows\IsUn0405.exe
AddRemove-NEXIS32 3.60.15 - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-25 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dbwgogjka]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1957994488-515967899-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,54,1d,46,ad,2a,7b,46,a3,53,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,83,4e,40,0e,38,69,4c,9a,1d,89,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,54,1d,46,ad,2a,7b,46,a3,53,20,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\windows\System32\BCMLogon.dll
.
Celkový čas: 2013-02-25 20:59:31
ComboFix-quarantined-files.txt 2013-02-25 19:59
.
Před spuštěním: Volných bajtů: 41 646 350 336
Po spuštění: Volných bajtů: 42 276 093 952
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 49153DDC99A5E7EB8D43012F29975001

[vyosek]

Ale vsude se pise, ze se pouziva jen na doporuceni A jeste k tomu cervene a velkym

Odinstalujte ten Spybot - Search & Destroy 2, ja to tu nepisu zbytecne...

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  srsvc.dll
  psched.sys

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[m2d]

dobry den, ten spybot jsem již odinstaloval, okamžitě jak jste psal - log. z CF byl udělaný předtím, už jsem to znovu rači nezpouštěl. Zde posílam první log

SystemLook 30.07.11 by jpshortstuff
Log created at 11:50 on 27/02/2013 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "srsvc.dll"
C:\WINDOWS\ServicePackFiles\i386\srsvc.dll --a---- 171008 bytes [23:00 25/02/2013] [07:52 14/04/2008] 35B91147124F64AC8081A2EDB9EA4DEE

Searching for "psched.sys"
C:\WINDOWS\ServicePackFiles\i386\psched.sys --a---- 69120 bytes [23:00 25/02/2013] [23:26 13/04/2008] 09298EC810B07E5D582CB3A3F9255424

-= EOF =-

[m2d]

a druhý log

# AdwCleaner v2.113 - Logfile created 02/27/2013 at 11:58:25
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\simplytech

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (cs)

File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p0abfo70.default\prefs.js

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p0abfo70.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("extensions.toggle.srchPrvdr", "Search the web (toggle)");
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3087 octets] - [26/02/2013 08:12:03]
AdwCleaner[S1].txt - [2183 octets] - [27/02/2013 11:58:25]

########## EOF - C:\AdwCleaner[S1].txt - [2243 octets] ##########

[m2d]

myslíte, že zasekávání může být způsobeno tímto? dnes se to seklo jinak- zmodrala obrazovka a už se to samo nerestartovalo, předtím se to vždy restartovalo po určité době.

[vyosek]

Ten system je hodne naboreny

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  FCopy::
  C:\WINDOWS\ServicePackFiles\i386\srsvc.dll | c:\windows\system32\srsvc.dll
  C:\WINDOWS\ServicePackFiles\i386\psched.sys | c:\windows\system32\drivers\psched.sys
  
  Mia::
  c:\windows\System32\wscntfy.exe
  c:\windows\System32\regsvc.dll
  
  SRPeek::
  c:\windows\System32\regsvc.dll
  c:\windows\System32\regsvc.dll
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "HP Software Update"=-
  "WatchDog"=-
  "WinampAgent"=-
  "SDTray"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
  "AvgUninstallURL"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "nltide_3"=-
  
  Driver::
  dbwgogjka
  
  NetSvc::
  dbwgogjka
  
  Collect::
  c:\windows\system32\cfgnm.dll
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1715567821-1957994488-515967899-500\Software\Microsoft\Internet Explorer\User Preferences]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[m2d]

5let to vydrželo,celý Fast+ jdu do toho