Samovoľný reštart PC takmer vždy pri dlhšej neaktivite

[ola3]

Zdravím,
keď dlhšie nerobím nič na PC (možno cez 1/2 hod alebo viac), samovoľne sa reštartne a následne mi vypíše, že činnosť systému sa obnovila po vážnej chybe. Všimla som si to už dávno, ale až teraz som sa rozhodla to riešiť. Hľadala som tu, či mal niekto podobný problém, našla som toto tu:http://forum.viry.cz/viewtopic.php?f=13&t=84113 a na základe toho som chcela vyskúšať ten program Combofix (bohužiaľ návod na to som si prečítala až po tom, ako som ho použila)..teraz sa obávam, či ten program nevymazal niečo dôležité, čo nemal a či si nemám prostredníctvom bodu obnovy vrátiť PC do pôvodného stavu...Mohli by ste mi prosím skontrolovať ten log z cf, či je všetko ok?
Ďakujem za odpoveď .

ComboFix 14-08-31.01 - User 02.09.2014 17:49:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.200 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gwi1rfto.default-1379869318781\extensions\iiou19@doayi-.org
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gwi1rfto.default-1379869318781\extensions\iiou19@doayi-.org\bootstrap.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gwi1rfto.default-1379869318781\extensions\iiou19@doayi-.org\content\bg.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gwi1rfto.default-1379869318781\extensions\iiou19@doayi-.org\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gwi1rfto.default-1379869318781\extensions\iiou19@doayi-.org\install.rdf
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\User\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\User\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\User\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\User\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\User\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\User\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp
c:\documents and settings\User\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\background.html
c:\documents and settings\User\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\content.js
c:\documents and settings\User\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\lsdb.js
c:\documents and settings\User\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\manifest.json
c:\documents and settings\User\Local Settings\Application Data\Torch\User Data\Default\Extensions\fpchoohjmbhhmchgcblpaecpdlbdbckp\5.14\oYM3Rm42QAX.js
c:\documents and settings\User\SendTo\SNS-Resizer-1000.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-08-02 to 2014-09-02 )))))))))))))))))))))))))))))))
.
.
2014-08-04 11:13 . 2014-08-04 11:13 -------- d-----w- c:\program files\Common Files\Java
2014-08-04 11:12 . 2014-08-04 11:10 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-04 11:11 . 2014-08-04 11:10 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 14:16 . 2012-06-07 16:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 14:16 . 2011-08-05 14:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-01 16:46 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\documents and settings\User\Application Data\ICQM\icq.exe" [2014-03-30 33664344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-28 589824]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-08 3890208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Documents and Settings\\User\\Application Data\\ICQM\\icq.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11.7.2012 12:42 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [22.5.2013 17:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [22.5.2013 17:55 180632]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.8.2011 21:41 436792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 16:26 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5.8.2011 16:26 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [1.5.2014 18:46 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [22.5.2013 17:55 67824]
S2 CambridgeAudioRecorder;CambridgeAudioRecorder;c:\progra~1\CAMBRI~1\CAMBRI~1\AUDIOS~1.EXE -zglaxservice CambridgeAudioRecorder --> c:\progra~1\CAMBRI~1\CAMBRI~1\AUDIOS~1.EXE -zglaxservice CambridgeAudioRecorder [?]
S2 lijrjjniw;Helper Task;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 2:56 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [3.7.2012 11:43 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [3.7.2012 11:43 27776]
S3 ussuj;ussuj;\??\c:\windows\system32\0516.tmp --> c:\windows\system32\0516.tmp [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [24.5.2014 9:59 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [24.5.2014 9:59 85696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lijrjjniw
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 18:10 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 14:16]
.
2014-09-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01 16:45]
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-15 16:59]
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-15 16:59]
.
2014-09-02 c:\windows\Tasks\Opera scheduled Autoupdate 1393782384.job
- c:\program files\Opera\launcher.exe [2014-03-02 09:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=250&systemid=406&sr=0&q={searchTerms}
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.14.1 192.168.0.1
TCP: Interfaces\{5D5D6CCF-7D73-46CB-8735-9EE08691C5F9}: NameServer = 192.168.14.1,8.8.8.8
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gwi1rfto.default-1379869318781\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-MediaGet2 - c:\documents and settings\User\Local Settings\Application Data\MediaGet2\mediaget.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-FreePascal_is1 - c:\program files\unins000.exe
AddRemove-Speed Test 4354 - c:\program files\Speed Test 4354\uninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{5dee0f7c} - c:\progra~1\GSSUPP~1\ASSIST~1.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-02 18:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ussuj]
"ImagePath"="\??\c:\windows\system32\0516.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lijrjjniw]
"ServiceDll"="c:\windows\system32\dmhxo.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-09-02 18:04:45
ComboFix-quarantined-files.txt 2014-09-02 16:04
.
Pre-Run: 994 033 664 bytes free
Post-Run: 1 082 966 016 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 452B555779AEDED8DD337989375E1C77
8F558EB6672622401DA993E1E865C861

[Rudy]

Zdravím!
Proč spouštíte ComboDix, utilitu určenou pouze profesionálm? Hodláte si nabořit systém, nebo některou aplikaci?

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\system32\0516.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\system32\dmhxo.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Driver::
lijrjjniw
ussuj

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[ola3]

No, spravila som hlúposť ale zdá sa že mám z pekla šťastie. Ďakujem za Váš čas a pomoc ! Neviem či tu mám dať aj tento log čo teraz vyšiel, ale ak áno, tu je:

ComboFix 14-08-31.01 - User 04.09.2014 17:21:29.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.203 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\0516.tmp"
"c:\windows\system32\dmhxo.dll"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LIJRJJNIW
-------\Service_lijrjjniw
-------\Service_ussuj
.
.
((((((((((((((((((((((((( Files Created from 2014-08-04 to 2014-09-04 )))))))))))))))))))))))))))))))
.
.
2014-09-02 18:42 . 2014-09-02 18:42 -------- d-----w- c:\windows\jumpshot.com
2014-09-02 16:08 . 2014-09-02 16:08 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-02 16:09 . 2011-08-05 14:26 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-02 16:08 . 2014-05-01 16:46 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-02 16:08 . 2013-05-22 15:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-02 16:08 . 2013-05-22 15:55 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-02 16:08 . 2013-05-22 15:55 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-09-02 16:08 . 2011-08-05 14:26 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-09-02 16:08 . 2011-08-05 14:26 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-09-02 16:08 . 2011-08-05 14:26 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-09-02 16:08 . 2011-08-05 14:26 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-04 11:10 . 2014-08-04 11:11 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-04 11:10 . 2014-08-04 11:12 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-09 14:16 . 2012-06-07 16:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 14:16 . 2011-08-05 14:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-02 16:08 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\documents and settings\User\Application Data\ICQM\icq.exe" [2014-03-30 33664344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-28 589824]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-02 4085896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Documents and Settings\\User\\Application Data\\ICQM\\icq.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11.7.2012 12:42 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [22.5.2013 17:55 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [22.5.2013 17:55 192352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.8.2011 21:41 436792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5.8.2011 16:26 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5.8.2011 16:26 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [1.5.2014 18:46 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [22.5.2013 17:55 67824]
R2 CambridgeAudioRecorder;CambridgeAudioRecorder;c:\progra~1\CAMBRI~1\CAMBRI~1\AUDIOS~1.EXE -zglaxservice CambridgeAudioRecorder --> c:\progra~1\CAMBRI~1\CAMBRI~1\AUDIOS~1.EXE -zglaxservice CambridgeAudioRecorder [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [3.7.2012 11:43 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [3.7.2012 11:43 27776]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [24.5.2014 9:59 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [24.5.2014 9:59 85696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 18:10 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 14:16]
.
2014-09-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-02 16:08]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-15 16:59]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-15 16:59]
.
2014-09-04 c:\windows\Tasks\Opera scheduled Autoupdate 1393782384.job
- c:\program files\Opera\launcher.exe [2014-03-02 09:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=250&systemid=406&sr=0&q={searchTerms}
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.14.1 192.168.0.1
TCP: Interfaces\{5D5D6CCF-7D73-46CB-8735-9EE08691C5F9}: NameServer = 192.168.14.1,8.8.8.8
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\gwi1rfto.default-1379869318781\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-B991B020-2968-11D8-AF23-444553540000_is1 - c:\program files\FreeMind\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-04 17:34
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\CAMBRI~1\CAMBRI~1\AUDIOS~1.EXE
c:\program files\Cambridge\CambridgeContent\jre\bin\java.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-09-04 17:37:32 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-04 15:37
ComboFix2.txt 2014-09-02 16:04
.
Pre-Run: 6 126 305 280 bytes free
Post-Run: 6 102 544 384 voľných bajtov
.
- - End Of File - - CD85489AB602A53BDF684DCE1FCDA96A
8F558EB6672622401DA993E1E865C861

[Rudy]

Smazáno, log již vypadá čistý. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?

[ola3]

Ohľadom toho samoreštartovania sa nanešťastie nič nezmenilo. Dnes som ho zase nechala na skúšku bežať bez toho, aby som na ňom niečo robila a opäť sa reštartol. Viac v prílohe.

[Rudy]

Otevřte adresář c:\windows\minidump, jeho obsah zabalte do raru a přiložte k vašemu příštímu postu.

[ola3]

Tak tu to je

[Rudy]

Problém vypadá na virus. Spusťte ještě postupně tyto utility:

1. MBAM:

http://www.malwarebytes.org/mbam.php . Udělejte kompletní sken a dejte log. Předem nic nemažte.

2. MBAR:

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

[ola3]

1. log z MBAM-u

Scan Date: 6.9.2014
Scan Time: 18:59:57
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.06.06
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336829
Time Elapsed: 21 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Babylon.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [7df1cf1b0972fe3883fee597aa5855ab],
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [da94d71376054de9d4956e4bd032ea16],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jbpkiefagocgkmemidfngdkamloieekf, , [2f3f2ebc087351e5cf4a6f93867daa56],
PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jljheddigenhleadfofeccneimcmlefp, , [abc3d218abd001353a03210636cd857b],
PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\PERFORMERSOFT\PC Performer, , [b6b8c92191ea5dd94a9b221b689cba46],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [125c7f6b88f3122412c891ac1aeaf60a],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [4d2165850279dd59122f57e74bb9c43c],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [84ea2dbd5a210432606bd666be46f20e],
PUP.Optional.BProtector.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, , [e28c29c1a3d8300644d6e957808456aa],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [1757f0fa007bda5cdfd9c84daf542fd1],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [e688d911275482b4c11843fa3cc815eb],

Registry Values: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {49854940-6978-11E2-84C7-001BFC19F92B}, , [125c7f6b88f3122412c891ac1aeaf60a]
PUP.BProtector, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c2accd1db9c2ba7c4c82bf7d38ccef11]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1275210071-413027322-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {49854940-6978-11E2-84C7-001BFC19F92B}, , [e688d911275482b4c11843fa3cc815eb]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.OpenCandy, C:\Documents and Settings\User\Application Data\OpenCandy, , [432b2dbdb2c9fb3b9fadae1b917145bb],
PUP.Optional.OpenCandy, C:\Documents and Settings\User\Application Data\OpenCandy\391BC28277DA41A68CCCCD86984BDD3D, , [432b2dbdb2c9fb3b9fadae1b917145bb],
PUP.Optional.OpenCandy, C:\Documents and Settings\User\Application Data\OpenCandy\57528E30D2094171801DA402EBCD5A4E, , [432b2dbdb2c9fb3b9fadae1b917145bb],
PUP.Optional.OpenCandy, C:\Documents and Settings\User\Application Data\OpenCandy\OpenCandy_756065125B6D4110A610FB07DAB2D550, , [432b2dbdb2c9fb3b9fadae1b917145bb],
PUP.Optional.SpeedTest.A, C:\Documents and Settings\User\Application Data\speedtest4354, , [75f97e6c4239cd69e33aa4275ba734cc],
PUP.Optional.Datamngr.A, C:\Documents and Settings\User\AppData\LocalLow\DataMngr, , [ef7ff4f65c1fdb5b6b48953a0df5c040],
PUP.Optional.Supporter.A, C:\Program Files\GS Supporter, , [3a3492588eedf04661dcc22a6f9314ec],

Files: 45
PUP.Optional.InstalleRex.A, C:\Documents and Settings\All Users\Application Data\InstallMate\{99A98F9C-011B-49BC-AB57-4939424AAD6A}\Custom.dll, , [c2acf9f1b1ca3303904e6fd5e21e966a],
PUP.Optional.OpenCandy.A, C:\Documents and Settings\User\Application Data\OpenCandy\OpenCandy_756065125B6D4110A610FB07DAB2D550\LatestDLMgr.exe, , [a2cc02e8d7a475c1d5d341ecbe43af51],
Trojan.BProtector, C:\Documents and Settings\User\Application Data\speedtest4354\install_helper.exe, , [78f65397ed8ec96d7205c5ed06feb64a],
Malware.Packer.Gen, C:\Program Files\Windows Movie Maker\WMM2EXT.dll, , [620cdc0e9fdc50e6c12cb9a001ff4bb5],
PUP.Optional.Browsemngr.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\searchplugins\browsemngr.xml, , [fd7117d39fdc6bcb7264ed1d43c07e82],
PUP.Optional.Conduit.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\searchplugins\conduit.xml, , [3539c52506752b0ba5353be063a045bb],
PUP.Optional.OpenCandy, C:\Documents and Settings\User\Application Data\OpenCandy\391BC28277DA41A68CCCCD86984BDD3D\TuneUpUtilities2014_en-GB.exe, , [432b2dbdb2c9fb3b9fadae1b917145bb],
PUP.Optional.OpenCandy, C:\Documents and Settings\User\Application Data\OpenCandy\57528E30D2094171801DA402EBCD5A4E\Trial-14.0.1000.88_en-US_1004739_ROW-EN.exe, , [432b2dbdb2c9fb3b9fadae1b917145bb],
PUP.Optional.SpeedTest.A, C:\Documents and Settings\User\Application Data\speedtest4354\install_helper.exe, , [75f97e6c4239cd69e33aa4275ba734cc],
PUP.Optional.SpeedTest.A, C:\Documents and Settings\User\Application Data\speedtest4354\speedtest4354.crx, , [75f97e6c4239cd69e33aa4275ba734cc],
PUP.Optional.SpeedTest.A, C:\Documents and Settings\User\Application Data\speedtest4354\speedtest4354.xpi, , [75f97e6c4239cd69e33aa4275ba734cc],
PUP.Optional.Datamngr.A, C:\Documents and Settings\User\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [ef7ff4f65c1fdb5b6b48953a0df5c040],
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.admin", false);), ,[87e76882750687afe350ca59af5614ec]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[2c4224c66d0e1e18a093f52e5fa60cf4]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), ,[4b23de0c621934022a095ac926dfc43c]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[b1bd6a806b10ef472d06889b887d60a0]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[8ae4856593e84cea2b0834efc045dc24]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.id", "90f7b545000000000000001bfc19f92b");), ,[71fdb2382d4ed462ef448c977a8bff01]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlDay", "15626");), ,[e28c4e9cbbc04de974bfea399471ac54]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[87e76486ea91d660ad8662c15aab53ad]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[94da9b4f66153df965ce29fa64a159a7]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[dc925f8be596c76fa78c002337ce12ee]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[86e8b2382952c373cd661013fa0b1be5]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_de ... c19f92b&q=");), ,[ed8126c42a51eb4b0e2544dfc54005fb]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");), ,[432b9e4c1467ac8a35fe220174917090]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");), ,[99d57773b1cae155ca69f330a65f7987]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[d6987a708deed5619a991b082ed7fb05]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.78:00:38");), ,[e787d2186615c076a88b38eb17ee12ee]
PUP.Optional.Conduit.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\prefs.js, Good: (), Bad: (user_pref("CT2776682.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.as ... ource=2&q=");), ,[501ea743daa1e0568511db4852b3e11f]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_de ... c19f92b&q=");), ,[640aa8421962b086d7ded64c49bc1ae6]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.id", "90f7b545000000000000001bfc19f92b");), ,[8ce248a2bac1a1957e37101220e59e62]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), ,[d19dcd1d2b50ce68c0f58f9356af24dc]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlDay", "15626");), ,[73fb44a6bdbeb185ad0847db46bfcc34]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");), ,[92dc05e5a0db0234ddd8ee342adb29d7]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");), ,[b0be608acdae6fc7fabbe939b64ffc04]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.78:00:38");), ,[9cd22bbf7cff979f486d1c0661a434cc]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[383620caea9124125a5b2101dd2816ea]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[244aa1497dfef3432c8931f1689dda26]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[640aa44614673ef88530d44e966f46ba]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[a3cbf8f21b60e056cfe6948e7095b34d]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[3e30a248f5868fa7486d6fb307fe5fa1]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[2d4130ba314afe3895203ee434d16e92]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[1b530cde83f8ea4c8a2b53cf1ce9de22]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[70fe608afb8051e56154031fe61f29d7]
PUP.Optional.Babylon.A, C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u0cdnx36.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.admin", false);), ,[92dc4c9e502b3ff705b06bb74fb6956b]

Physical Sectors: 0
(No malicious items detected)


(end)

Ešte idem spustiť ten druhý...

[Rudy]

Vše nalezené smažte.

[ola3]

Včera sa mi počas skenovania tým MBAR-om resetol PC. Skúšala som to aj 2.krát a zase, akurát som si všimla, že sa to stalo počas skenovania súborov z Mozilly Firefox. Dnes ráno sa to stalo opäť, presne keď skenovalo toto: DATA/MOZILLA/FIREFOX/PROFILES/U0CDNX36.DEFAULT/TIMES.json. Čo sa tej Mozilly týka, už ju nepoužívam ako prehladiač lebo bola hrozne spomalená, ale ešte som ju neodinštalovávala (neviem či to s tým nejako súvisí, ale ak náhodou...). Potom sa zobrazil BSoD. Log z toho (system-log) bol len takýto:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 2 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 536002560, free: 29216768

Downloaded database version: v2014.09.06.07
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
Done!
Unhooking enabled.
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F917F917

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 61432497
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 61432560 Numsec = 258710760

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 163928604672 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-320153056-320173056)...
Done!
Infected: C:\Documents and Settings\User\Application Data\speedtest4354\install_helper.exe --> [Trojan.BProtector]
Infected: C:\Program Files\Windows Movie Maker\WMM2EXT.dll --> [Malware.Packer.Gen]
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 2 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 536002560, free: 245432320

Could not load protection driver
Downloaded database version: v2014.09.06.07
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
Done!
Unhooking enabled.
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F917F917

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 61432497
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 61432560 Numsec = 258710760

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 163928604672 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-320153056-320173056)...
Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 2 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 536002560, free: 57315328

Could not load protection driver
Downloaded database version: v2014.09.06.08
Initializing...
=======================================
Done!
Unhooking enabled.
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F917F917

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 61432497
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 61432560 Numsec = 258710760

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 163928604672 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-320153056-320173056)...
Done!

[ola3]

bscap0002.jpg (69.15 KiB) Zobrazeno 1053 x

[ola3]

bscap0000.jpg (43.1 KiB) Zobrazeno 1053 x

[Rudy]

Stáhněte, nainstalujte a spusťte CrystalDiskInfo: http://www.stahuj.centrum.cz/utility_a_ ... ldiskinfo/ a přes Úpravy>kopírovat sem dejte log.

[ola3]

----------------------------------------------------------------------------
CrystalDiskInfo 6.2.1 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP2 [5.1 Build 2600] (x86)
Date : 2014/09/07 14:05:02

-- Controller Map ----------------------------------------------------------
+ VIA Bus Master IDE Controller [ATA]
+ Primary IDE Channel (0)
- HL-DT-ST DVDRAM GSA-4167B
- Secondary IDE Channel (1)
+ VIA SATA RAID Controller [SCSI]
- Maxtor 6 L160M0 SCSI Disk Device

-- Disk List ---------------------------------------------------------------
(1) Maxtor 6L160M0 : 163,9 GB [0/2/2, pd1]

----------------------------------------------------------------------------
(1) Maxtor 6L160M0
----------------------------------------------------------------------------
Model : Maxtor 6L160M0
Firmware : BANC1G10
Serial Number : L3DBHE2H
Disk Size : 163,9 GB (8,4/137,4/163,9/163,9)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 320173056
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-7 T13 1532D version 0
Transfer Mode : ---- | SATA/150
Power On Hours : 685 hod. (?)
Power On Count : 9306 krát
Temperature : 30 C (86 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : C0FEh [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
03 207 206 _63 000000002A74 Čas na roztočení ploten
04 249 249 __0 00000000219F Počet spuštění/zastavení
05 253 253 _63 000000000002 Počet přemapovaných sektorů
06 253 253 100 000000000000 Počet dosáhnutí konce při čtení
07 253 252 __0 000000000000 Počet chybných hledání
08 248 243 187 00000000AEFA Čas potřebný na vyhledání
09 192 192 __0 00000000A0A5 Hodin v činnosti
0A 253 252 157 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 253 252 223 000000000000 Počet pokusů o překalibrování
0C 230 230 __0 00000000245A Počet cyklů zapnutí zařízení
C0 253 253 __0 000000000000 Počet vypnutí disku
C1 253 253 __0 000000000000 Počet cyklů načítání/vymazání
C2 _38 253 __0 00000000001E Teplota
C3 253 252 __0 000000000BB0 Počet oprav chybného čtení
C4 253 253 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 253 253 __0 000000000001 Počet podezřelých sektorů
C6 253 253 __0 000000000000 Počet neopravitelných sektorů
C7 199 199 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 253 252 __0 000000000000 Počet chyb při zápisu sektorů
C9 253 252 __0 000000000000 Počet chyb při čtení programů z disku
CA 253 252 __0 000000000000 Počet chyb při směrování údajů
CB 253 252 180 000000000000 Počet chyb v kódech na opravu chyb
CC 253 252 __0 000000000000 Počet softvérově opravených chyb v opravných kódech
CD 253 252 __0 000000000000 Počet chyb způsobených vysokou teplotou
CF 253 252 __0 000000000000 Množství napětí potřebného na roztočení disku
D0 253 252 __0 000000000000 Počet vyslaných impulzů na roztočení disku při nedostatečném napájení
D1 241 241 __0 000000000095 Výkon při vyhledávaní na disku při interních testech disku
D2 253 252 __0 000000000000 Specifický pro výrobce
D3 253 252 __0 000000000000 Počet vibrací při čtení
D4 253 252 __0 000000000000 Počet otřesů při zápisu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 4C33 4442 4845 3248 2020 2020 2020 2020 2020 2020
020: 0003 4000 0004 4241 4E43 3147 3130 4D61 7874 6F72
030: 2036 4C31 3630 4D30 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0100
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0102 0000 0040 0000
080: 00FE 001E 7C6B 7F09 4673 7C69 3E01 4663 407F 0000
090: 0000 0000 FFFE 0000 C0FE 0008 0029 00D5 C350 0000
100: 7400 1315 0000 0000 0029 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0001 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0113 0000 FFFF FFFF 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0021 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 CEA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 03 27 00 CF CE 74 2A 00 00 00 00 00 04 32
010: 00 F9 F9 9F 21 00 00 00 00 00 05 33 00 FD FD 02
020: 00 00 00 00 00 00 06 01 00 FD FD 00 00 00 00 00
030: 00 00 07 0A 00 FD FC 00 00 00 00 00 00 00 08 27
040: 00 F8 F3 FA AE 00 00 00 00 00 09 32 00 C0 C0 A5
050: A0 00 00 00 00 00 0A 2B 00 FD FC 00 00 00 00 00
060: 00 00 0B 2B 00 FD FC 00 00 00 00 00 00 00 0C 32
070: 00 E6 E6 5A 24 00 00 00 00 00 C0 32 00 FD FD 00
080: 00 00 00 00 00 00 C1 32 00 FD FD 00 00 00 00 00
090: 00 00 C2 32 00 26 FD 1E 00 00 00 00 00 00 C3 0A
0A0: 00 FD FC B0 0B 00 00 00 00 00 C4 08 00 FD FD 00
0B0: 00 00 00 00 00 00 C5 08 00 FD FD 01 00 00 00 00
0C0: 00 00 C6 08 00 FD FD 00 00 00 00 00 00 00 C7 08
0D0: 00 C7 C7 00 00 00 00 00 00 00 C8 0A 00 FD FC 00
0E0: 00 00 00 00 00 00 C9 0A 00 FD FC 00 00 00 00 00
0F0: 00 00 CA 0A 00 FD FC 00 00 00 00 00 00 00 CB 0B
100: 00 FD FC 00 00 00 00 00 00 00 CC 0A 00 FD FC 00
110: 00 00 00 00 00 00 CD 0A 00 FD FC 00 00 00 00 00
120: 00 00 CF 2A 00 FD FC 00 00 00 00 00 00 00 D0 2A
130: 00 FD FC 00 00 00 00 00 00 00 D1 24 00 F1 F1 95
140: 00 00 00 00 00 00 D2 32 00 FD FC 00 00 00 00 00
150: 00 00 D3 32 00 FD FC 00 00 00 00 00 00 00 D4 32
160: 00 FD FC 00 00 00 00 00 00 00 80 00 B2 04 01 5B
170: 03 00 01 00 02 3E 00 00 00 00 00 00 00 00 00 00
180: 00 00 3B 00 00 00 05 FE FA 01 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 1A 00 A3 FF 5C 00 30 00
1B0: 00 00 00 74 15 13 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 65

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 03 3F 00 00 00 00 00 00 00 00 00 00 04 00
010: 00 00 00 00 00 00 00 00 00 00 05 3F 00 00 00 00
020: 00 00 00 00 00 00 06 64 00 00 00 00 00 00 00 00
030: 00 00 07 00 00 00 00 00 00 00 00 00 00 00 08 BB
040: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
050: 00 00 00 00 00 00 0A 9D 00 00 00 00 00 00 00 00
060: 00 00 0B DF 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 C8 00 00 00 00 00
0E0: 00 00 00 00 00 00 C9 00 00 00 00 00 00 00 00 00
0F0: 00 00 CA 00 00 00 00 00 00 00 00 00 00 00 CB B4
100: 00 00 00 00 00 00 00 00 00 00 CC 00 00 00 00 00
110: 00 00 00 00 00 00 CD 00 00 00 00 00 00 00 00 00
120: 00 00 CF 00 00 00 00 00 00 00 00 00 00 00 D0 00
130: 00 00 00 00 00 00 00 00 00 00 D1 00 00 00 00 00
140: 00 00 00 00 00 00 D2 00 00 00 00 00 00 00 00 00
150: 00 00 D3 00 00 00 00 00 00 00 00 00 00 00 D4 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14