Zpomalené PC možná s nějakým "návštěvníkem"

[asparagus]

Zdravím, počítač i internet (zvláště fcb) mi běhá pomalu a možná mám v PC nějakého "návštěvníka", naskočil mi ve spodní liště Screen Scan (nebo tak něco). A tak se chci zeptat, co je Screen Scan? A prosím o kontrolu. Děkuji.



Log z RSIT je :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Počítač at 2013-09-16 21:44:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 42 GB (66%) free of 63 GB
Total RAM: 511 MB (24% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce7f509e62f15e.job
C:\WINDOWS\tasks\Norton Product Installer.job
C:\WINDOWS\tasks\Norton Product InstallerIdle.job
C:\WINDOWS\tasks\NSSstub.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A23EC902-1E7B-45E1-91F1-A40B584EB6D5}.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-09-03 68480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files\Translator\Translat 1\WEBIE.DLL [2009-10-28 409600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll [2013-06-18 231712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files\Translator\Translat 1\WEBIE.DLL [2009-10-28 409600]
{f999a48b-1950-4d81-9971-79018f807b4b} - FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll [2013-06-18 231712]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVCLOCK"=Rundll32 nvclock.dll,fnNvclock []
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-10-06 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-09-23 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-09-23 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-09-23 455168]
"nvch"=rchnewver.dll,go []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2013-03-07 4767304]
"NWEReboot"= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WEBTRAN"= []
"OEXPRESS"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2
"gusvc"=3

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"F:\Casino\ParadiseCasino\casino.exe"="F:\Casino\ParadiseCasino\casino.exe:*:Disabled:casino"
"C:\Casino\ParadiseCasino - Czech\casino.exe"="C:\Casino\ParadiseCasino - Czech\casino.exe:*:Disabled:casino"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe:*:Disabled:Nero ProductSetup"
"C:\Documents and Settings\Počítač\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\Počítač\Local Settings\Temp\Nero Web\SetupXu.exe:*:Disabled:Nero ProductSetup"
"F:\Program Files\Sega Rally\SEGA Rally_SSE1.exe"="F:\Program Files\Sega Rally\SEGA Rally_SSE1.exe:*:Disabled:SEGA Rally"
"F:\Program Files\Sega Rally\SEGA Rally.exe"="F:\Program Files\Sega Rally\SEGA Rally.exe:*:Disabled:SEGA Rally"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager"
"C:\sdc21\StrongDC.exe"="C:\sdc21\StrongDC.exe:*:Disabled:StrongDC++"
"C:\Documents and Settings\Počítač\Local Settings\Temporary Internet Files\Content.IE5\SZW1AEXC\winbox[1].exe"="C:\Documents and Settings\Počítač\Local Settings\Temporary Internet Files\Content.IE5\SZW1AEXC\winbox[1].exe:*:Disabled:winbox[1]"
"C:\Documents and Settings\Počítač\Local Settings\Temporary Internet Files\Content.IE5\C6FRK0X3\winbox[1].exe"="C:\Documents and Settings\Počítač\Local Settings\Temporary Internet Files\Content.IE5\C6FRK0X3\winbox[1].exe:*:Disabled:winbox[1]"
"C:\Documents and Settings\Počítač\Local Settings\Temporary Internet Files\Content.IE5\58Y0NY8E\winbox[1].exe"="C:\Documents and Settings\Počítač\Local Settings\Temporary Internet Files\Content.IE5\58Y0NY8E\winbox[1].exe:*:Disabled:winbox[1]"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2013-09-16 21:44:23 ----DC---- C:\Program Files\trend micro
2013-09-16 21:44:21 ----DC---- C:\rsit
2013-09-12 02:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-12 02:41:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-12 02:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-08-28 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

======List of files/folders modified in the last 1 months======

2013-09-16 21:44:23 ----DC---- C:\Program Files
2013-09-16 21:44:19 ----AC---- C:\WINDOWS\wincmd.ini
2013-09-16 21:23:59 ----DC---- C:\WINDOWS
2013-09-16 21:23:24 ----AC---- C:\WINDOWS\TRNCOM.INI
2013-09-16 21:06:17 ----DC---- C:\WINDOWS\system32
2013-09-16 19:25:03 ----DC---- C:\WINDOWS\Temp
2013-09-16 19:13:20 ----SHD---- C:\WINDOWS\CSC
2013-09-16 19:12:54 ----DC---- C:\WINDOWS\system32\drivers
2013-09-16 16:02:47 ----SHD---- C:\System Volume Information
2013-09-16 08:35:08 ----HDC---- C:\WINDOWS\inf
2013-09-16 08:34:13 ----DC---- C:\WINDOWS\system32\CatRoot2
2013-09-16 08:09:37 ----DC---- C:\WINDOWS\system32\Restore
2013-09-16 08:03:53 ----DC---- C:\WINDOWS\Debug
2013-09-15 12:43:15 ----DC---- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
2013-09-14 02:16:42 ----DC---- C:\Program Files\OpenOffice.org1.1.0
2013-09-12 04:46:25 ----SHDC---- C:\Config.Msi
2013-09-12 02:43:38 ----DC---- C:\WINDOWS\system32\dllcache
2013-09-12 02:43:33 ----DC---- C:\Program Files\Internet Explorer
2013-09-12 02:43:00 ----DC---- C:\WINDOWS\ie8updates
2013-09-12 02:38:41 ----DC---- C:\WINDOWS\system32\MRT
2013-09-12 02:34:34 ----AC---- C:\WINDOWS\system32\MRT.exe
2013-09-11 15:17:46 ----SHDC---- C:\WINDOWS\Installer
2013-09-11 02:33:33 ----SDC---- C:\WINDOWS\Tasks
2013-09-07 22:19:16 ----DC---- C:\Documents and Settings\Počítač\Data aplikací\Vso
2013-09-07 22:19:16 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-09-07 22:18:07 ----DC---- C:\WINDOWS\Minidump
2013-09-07 22:08:38 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-29 21361]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-05 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-10-30 117120]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VGAUTI;VGAUTI; \??\C:\WINDOWS\system32\DRIVERS\VGAUTI.sys []
R3 wanlink;wanlink; C:\WINDOWS\System32\DRIVERS\wanlink.sys [2003-09-04 47968]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Amsmpu4p;Amsmpu4p; \??\C:\DOCUME~1\POTA~1\LOCALS~1\Temp\Amsmpu4p.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 bcm4sbxp;ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-08-20 417863]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-18 606556]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmpe;nmpe; \??\C:\DOCUME~1\POTA~1\LOCALS~1\Temp\nmpe.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-03-05 491648]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2009-12-11 223128]
S3 W8100PCI;ASUS 802.11b/g Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2003-12-24 256512]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-03-07 45248]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe [2010-09-17 3727360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-04 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[asparagus]

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com

20 out of 10472 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 09/16/2013 10:41:15 PM
Execution time: 0 hours(s), 1 minute(s), and 55 seconds(s)





A jdu na Combofix...

[vyosek]

OK, pockam si na log a uvidime co pak dale...

[asparagus]

Ještě dotaz, mám Win XP, jak se přihlásím pod účtem Správce/Administrátor ?
A ten Screen Scan slouží k čemu?
Děkuji

[vyosek]

Ucet "Počítač" by měl mít opravnění Správce, takže spustte CF jen dvojklikem...

Ten Sceen Scan nejak presne zatim netusim, ale nic hezkeho a korektniho to neukazuje

[asparagus]

Jako Správce jsem přihlášený...
Po spuštění Combofixu mi vyskočilo, že mám v PC spuštěný bezpečnostní štít Eset NOD32 Antivirus 2.51, ale používám Avast a NOD32 mám asi špatně odinstalovaný, max. bych ho mohl nainstalovat (setup.exe soubor v PC mám) a zrušit onen rezidentní štít, nebo co s tím?

[asparagus]

Ten Screen Scan mi právě docela překvapil... Máte ale plnou důvěru

[vyosek]

Hlasku CF odkliknete a nechte jej pokracovat, on si sam jej vypne...

Pak udelame se zabezpecenim poradek, asi je tam jen nejaky zbytek...

[asparagus]

Log z ComboFixu:


ComboFix 13-09-16.01 - Počítač 17.09.2013 0:25.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.306 [GMT 2:00]
Spuštěný z: F:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.51 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\26.dll
C:\72.dll
C:\END
C:\Install.exe
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\windows\help\wmplayer.bak
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ijl11.dll
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\taskmgr.com
c:\windows\unin0411.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-16 do 2013-09-16 )))))))))))))))))))))))))))))))
.
.
2013-09-16 19:44 . 2013-09-16 19:44 -------- dc----w- c:\program files\trend micro
2013-09-16 19:44 . 2013-09-16 19:44 -------- dc----w- C:\rsit
2013-09-03 13:53 . 2013-09-03 13:53 187248 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-09 01:56 . 2002-09-23 12:00 386560 -c--a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2002-09-23 12:00 1877760 -c--a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2004-02-06 16:07 920064 -c--a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2002-09-23 12:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2002-09-23 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2002-09-23 12:00 18944 -c----w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2004-08-17 22:44 385024 -c----w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-04-14 17:24 1289216 -c--a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 -c----w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2002-09-23 12:00 406016 -c--a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2002-09-20 17:12 2072320 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2002-09-23 12:00 2195712 -c--a-w- c:\windows\system32\ntoskrnl.exe
2004-08-17 22:49 73728 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2013-06-18 11:54 231712 -c--a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVCLOCK"="nvclock.dll" [2002-09-18 69632]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-09-23 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-23 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-23 455168]
"nvch"="rchnewver.dll" [2009-11-01 351337]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)
"gusvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\sdc21\\StrongDC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11333:TCP"= 11333:TCP:*:Disabled:BitComet 11333 TCP
"11333:UDP"= 11333:UDP:*:Disabled:BitComet 11333 UDP
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [25.3.2012 17:47 21576]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [20.3.2013 22:16 49248]
R0 isdnlink;isdnlink;c:\windows\system32\drivers\linkisdn.sys [27.2.2004 19:57 610403]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.12.2009 22:39 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.11.2011 20:31 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.12.2008 22:32 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.12.2008 22:32 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [20.3.2013 22:16 66336]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5.1.2009 18:24 47360]
R3 VGAUTI;VGAUTI;c:\windows\system32\drivers\vgauti.sys [15.2.2004 12:23 37880]
R3 wanlink;wanlink;c:\windows\system32\drivers\wanlink.sys [27.2.2004 19:57 47968]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [20.3.2013 22:16 164736]
S3 nmpe;nmpe;\??\c:\docume~1\POTA~1\LOCALS~1\Temp\nmpe.sys --> c:\docume~1\POTA~1\LOCALS~1\Temp\nmpe.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [11.12.2009 22:44 223128]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - 50879365
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 17:02 1177552 -c--a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-14 00:23]
.
2011-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-03-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-09-13 23:32]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f509e62f15e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-29 14:35]
.
2013-08-06 c:\windows\Tasks\Norton Product Installer.job
- c:\windows\system32\Macromed\Shockwave 10\SymInstallStub.exe [2013-05-02 16:33]
.
2013-08-06 c:\windows\Tasks\Norton Product InstallerIdle.job
- c:\windows\system32\Macromed\Shockwave 10\SymInstallStub.exe [2013-05-02 16:33]
.
2009-06-16 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-06-16 04:59]
.
2008-04-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-04-24 14:31]
.
2011-02-23 c:\windows\Tasks\User_Feed_Synchronization-{A23EC902-1E7B-45E1-91F1-A40B584EB6D5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2013-09-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - c:\program files\expektMPP\MPPoker.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\Translat 1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\Translat 1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\Translat 1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\Translat 1\WEBIE.DLL
TCP: DhcpNameServer = 192.168.20.1 10.109.255.254
TCP: Interfaces\{18819904-7A06-4210-88F4-8F9689A3B8DC}: NameServer = 10.109.240.17,10.109.255.254
TCP: Interfaces\{A79E4B1E-1200-4A81-8BA5-36FABCC86089}: NameServer = 10.109.240.17,10.109.255.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
HKCU-Run-WEBTRAN - (no file)
HKCU-Run-OEXPRESS - (no file)
HKLM-Run-NWEReboot - (no file)
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AddRemove-{1D975A5E-1126-4F46-A423-41781934A63E} - c:\documents and settings\All Users\Data aplikací\{732BD52C-2B24-4AF1-8509-89A619EC2006}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-17 00:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-813497703-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2013-09-17 00:47:39
ComboFix-quarantined-files.txt 2013-09-16 22:47
.
Před spuštěním: Volných bajtů: 43 671 990 272
Po spuštění: Volných bajtů: 44 819 156 992
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 68714C0A77B217BD00D9D3226043C048
C6C881AD3F229781FE3CA67629B02485

[JaRon]

kedze vidim, ze tu od rana stepujes, jednorazovo zaskocim
pokial pride kolega odinstaluj SpyBot a vloz log MBAM

[asparagus]

Díky

Log z MBAM je:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.17.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Počítač :: G [administrátor]

Ochrana: Povolena

17.9.2013 10:05:42
MBAM-log-2013-09-17 (11-42-06).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|F:\|G:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 316479
Uplynulý čas: 1 hodin, 36 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 9
HKCR\Installer\Features\E5A579D1621164F44A32148791436AE3 (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKCR\Installer\Products\E5A579D1621164F44A32148791436AE3 (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5A579D1621164F44A32148791436AE3 (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKCR\Installer\UpgradeCodes\B0F0EB6EC578EC54F90B6FCD03D7DD95 (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\B0F0EB6EC578EC54F90B6FCD03D7DD95 (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKCR\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\Počítač\Data aplikací\PriceGong (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Počítač\Data aplikací\PriceGong\Data (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 5
C:\Documents and Settings\Počítač\Local Settings\Data aplikací\Conduit\CT2737658\FreeOnlineRadioPlayerRecorderAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\FreeOnlineRadioPlayerRecorder\FreeOnlineRadioPlayerRecorderToolbarHelper.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\FreeOnlineRadioPlayerRecorder\FreeOnlineRadioPlayerRecorderToolbarHelper1.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Počítač\Oblíbené položky\home.juicyaccess.com.url (Adware.DoubleD) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Počítač\Data aplikací\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.

(konec)

[JaRon]

najdene nechaj odstranit v MBAM a pockaj na kolegu

[asparagus]

Splněno, děkuji...

[JaRon]

nemas zac
vloz kolegovi aktualny log RSIT