Prosím zkontrolovat log, dík.

Zpráva

michichi · #1 Příspěvek od **michichi** » 05 srp 2010 21:02

Dobrý večer,

odhalen Search Settings, postupovala jsem podle tohoto návodu combofixem :

http://www.viry.cz/forum/viewtopic.php?f=13&t=99332

a vyšel mi násled. log, o jehož odbornou kontrolu prosím:

ComboFix 10-08-05.01 - xxx 05.08.2010 20:34:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.975 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\alexa toolbar
c:\program files\alexa toolbar\AlxTB2.9.39.dll
c:\program files\alexa toolbar\Uninstall9.exe
c:\program files\Search Settings
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OSPPSVC
-------\Service_osppsvc

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-05 do 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-04 17:54 . 2010-08-04 18:24 -------- d-----w- c:\program files\RegCure
2010-08-01 09:22 . 2010-08-01 09:22 -------- d-----w- c:\program files\Common Files\Skype
2010-07-31 23:10 . 2010-08-05 18:42 -------- d-----w- c:\windows\system32\logishrd
2010-07-31 23:10 . 2010-07-31 23:10 -------- d-----w- c:\program files\Common Files\LWS
2010-07-31 23:10 . 2010-07-31 23:12 -------- d-----w- c:\program files\Logitech
2010-07-30 08:56 . 2010-07-30 08:56 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-30 08:56 . 2010-07-30 08:56 -------- d-----w- c:\program files\MSBuild
2010-07-30 08:55 . 2010-07-30 08:55 -------- d-----w- c:\program files\Reference Assemblies
2010-07-30 08:55 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-30 08:55 . 2010-07-30 08:55 -------- d-----w- C:\2d4a621d6636d0772da05d35e39c
2010-07-30 08:55 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-30 08:55 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-30 08:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-30 08:55 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-30 08:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-30 08:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-30 08:55 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-30 08:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-29 21:21 . 2010-07-29 21:21 -------- d-----w- c:\program files\Artisteer 2
2010-07-28 22:15 . 2010-07-29 18:51 -------- d-----w- c:\documents and settings\xxx\Webn
2010-07-28 18:26 . 2010-07-28 18:26 -------- d-----w- c:\windows\Hewlett-Packard
2010-07-27 18:02 . 2010-07-27 18:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-17 06:27 . 2010-07-17 06:27 12536 ------w- c:\windows\system32\avgrsstx.dll
2010-07-14 21:23 . 2010-07-14 21:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 16:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 18:42 . 2010-05-01 07:29 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-05 18:42 . 2010-04-23 06:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-05 18:03 . 2010-04-13 19:49 -------- d-----w- c:\program files\Yahoo SiteBuilder
2010-08-01 09:22 . 2010-02-12 00:45 -------- d-----r- c:\program files\Skype
2010-07-31 23:50 . 2006-03-02 12:00 83216 ----a-w- c:\windows\system32\perfc005.dat
2010-07-31 23:50 . 2006-03-02 12:00 440462 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 23:13 . 2010-02-12 09:57 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-31 23:11 . 2010-02-12 10:03 0 ------w- c:\windows\system32\drivers\lvuvc.hs
2010-07-28 19:36 . 2010-02-12 15:55 -------- d-----w- c:\program files\HP
2010-07-27 18:07 . 2010-02-14 09:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-23 16:58 . 2010-03-15 00:16 -------- d-----w- c:\program files\Zynga
2010-07-17 06:27 . 2010-02-11 15:45 243024 ------w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 06:27 . 2010-02-11 15:45 216400 ------w- c:\windows\system32\drivers\avgldx86.sys
2010-06-23 14:48 . 2010-04-11 01:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-14 20:52 . 2010-02-11 22:02 -------- d-----w- c:\program files\Google
2010-06-14 14:31 . 2009-07-15 22:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 13:28 . 2010-06-12 13:28 -------- d-----w- c:\program files\Adobe Media Player
2010-06-12 13:26 . 2010-06-12 13:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-03 16:39 . 2010-02-11 15:45 29584 ------w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-16 17:04 . 2010-05-16 17:04 2179836 ------w- C:\shoutcast-dsp-1-9-0-windows.exe
2010-05-14 22:04 . 2010-02-12 10:02 23904 ------w- c:\windows\system32\drivers\lvuvcflt.sys
2010-05-14 22:04 . 2010-02-12 10:03 6842592 ------w- c:\windows\system32\drivers\lvuvc.sys
2010-05-14 22:03 . 2010-02-12 10:03 539232 ------w- c:\windows\system32\LVUI2RC.dll
2010-05-14 22:03 . 2010-02-12 10:03 543328 ------w- c:\windows\system32\LVUI2.dll
2010-05-14 22:02 . 2010-04-23 06:01 276448 ------w- c:\windows\system32\drivers\lvrs.sys
2010-05-14 21:59 . 2010-05-14 21:59 203360 ------w- c:\windows\system32\lvci1301783.dll
2010-05-14 21:59 . 2010-02-12 10:03 416352 ------w- c:\windows\system32\lvcodec2.dll
2010-05-14 21:56 . 2010-05-14 21:56 10830680 ------w- c:\windows\system32\LogiDPP.dll
2010-05-14 21:56 . 2010-05-14 21:56 102744 ------w- c:\windows\system32\LogiDPPApp.exe
2010-05-14 21:55 . 2010-05-14 21:55 290648 ------w- c:\windows\system32\DevManagerCore.dll
2010-05-14 21:46 . 2010-02-12 10:03 37518 ------w- c:\windows\system32\Repository.reg
2010-05-07 21:13 . 2010-05-07 21:15 737280 ------w- c:\windows\iun6002.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-23 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-07-23 16:58 2734688 ------w- c:\program files\Zynga\tbZyn1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ------w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-23 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-23 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 10:36 2848568 ------w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 10:36 2848568 ------w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-12 135664]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Logitech Vid"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-30 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-05 202256]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-12 500208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech . Registrace produktu.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech . Registrace produktu.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech . Registrace produktu.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech . Registrace produktu.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 06:27 12536 ------w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\xxx\\Data aplikací\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\360Share Pro\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.2.2010 17:45 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.2.2010 17:45 243024]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16.7.2009 0:53 13696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 14:00 14336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17.7.2010 8:27 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17.7.2010 8:27 308136]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11.2.2010 17:33 22328]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.6.2010 22:52 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.2.2010 17:25 1691480]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-08-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-HYACINT-xxx.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-12 13:21]

2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 14:39]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 14:39]

2010-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-08-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-08-05 c:\windows\Tasks\User_Feed_Synchronization-{A90A19D3-6152-4DC8-A29D-5D7A231DAF89}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\xxx\Nabídka Start\Programy\IMVU\Run IMVU.lnk
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.brisni-tance-praha.cz/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\dmnk82qe.default\
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\dmnk82qe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\dmnk82qe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files\Alexa Toolbar\AlxTB2.9.39.dll
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 20:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7492)
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\documents and settings\xxx\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-08-05 20:50:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-05 18:49

Před spuštěním: Volných bajtů: 388 131 872 768
Po spuštění: Volných bajtů: 391 464 468 480

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 45382FE703FAAAF6201903FF2D8295B1

#2 Příspěvek od **Rudy** » 05 srp 2010 21:11

Search Settings a další věci byly smazány. Ještě proveďte online test souboru c:\windows\system32\lvci1301783.dll na www.virustotal.com . Výsledek oznamte.

michichi · #3 Příspěvek od **michichi** » 05 srp 2010 23:42

dobrý večer,

uděláno, toto mi z testu vypadlo:

Virustotal je služba, která analyzuje podezřelé soubory na přítomnost virů, červů, trojanů a dalšího malware, pomocí detekčního jádra mnoha antivirů. Více informací...

Soubor již byl testován:
MD5: a8161f6cdf933e164f7810e1ca7071cd
Poprvé zaslán: 2010.06.04 02:32:41 UTC
Datum: 2010.06.04 02:32:41 UTC [>62D]
Výsledky: 0/41
Stálý odkaz: analisis/49373b4c73223f5720869ffe61b114cd27d6ec0eef4040257f040b26821d227c-1275618761

Děkuju moc, zase ráno se sem mrknu pro další instrukce. Dobrou.

#4 Příspěvek od **Rudy** » 06 srp 2010 17:15

V tom případě je log čistý.

michichi · #5 Příspěvek od **michichi** » 06 srp 2010 18:13

Díky moc Rudo.

Mezitím jsem si trošku prohlížela toto fórum, a musím říct, že tady děláte super práci pro nás uživatele. Je to úžasná směs obětavosti, nadšení a skutečně odhodlaného nasazení pro věc, se kterým se dnes člověk setká jen málokdy.

Pořád mám ještě trošku problémy, restartuje se mi počítač, když chci volat Skypem, nebo když zkusí m upravit Skype - Nástroje - zvuky - a z dropdown menu vyberu Logicool webcam, kterou normálně používám (těsně než začal tento problém, se naistalovala jakási akrualizace softwaru této kamery) mám zkusit znovu nainstalovat webcam?

#6 Příspěvek od **Rudy** » 06 srp 2010 18:24

Webcam zkute nainstalovat znovu a reinstal Skype by možná také nebyl od věci.

michichi · #7 Příspěvek od **michichi** » 07 srp 2010 11:58

Milí rádcové,

dnes jsem odinstalovala Skype, webcam a tiskárnu (její zapnutí taky vyhazovalo bs) a copak mezi programy neobjevím?
No ano, Search Settings v1.2.3. Tak moc mě má rád, že se ke mě vrací.

Z antivirů používám AVG 9.0 Free verzi.

Musím se přiznat, že jsem zazálohovala systém, ještě než jsem našla toto fórum. Že by se Searh Settings vracel s této zálohy?

Začla jsem tedy od začátku ComboFixem. Sken netrval ani pět minut a log kopíruji zde (teď jenom zrestaruju pc a hned jsem zpátky tady na té stránce):

omboFix 10-08-06.03 - xxx 07.08.2010 12:33:04.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1056 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-07 do 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-07 10:08 . 2008-04-14 02:21 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2010-08-07 10:08 . 2008-04-14 02:21 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2010-08-07 10:08 . 2008-04-14 02:21 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2010-08-07 10:08 . 2008-04-14 02:21 870784 ----a-w- c:\windows\system32\ati3d1ag.dll
2010-08-07 10:08 . 2008-04-14 02:21 377984 -c--a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2010-08-07 10:08 . 2008-04-14 02:21 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2010-08-07 09:42 . 2010-08-07 09:42 -------- d-----w- c:\program files\Common Files\Java
2010-08-06 14:21 . 2010-08-06 14:21 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-06 11:09 . 2010-08-06 11:09 -------- d-----w- c:\program files\trend micro
2010-08-06 11:09 . 2010-08-06 11:09 -------- d-----w- C:\rsit
2010-08-05 21:10 . 2010-08-05 21:10 -------- d-----w- c:\program files\iPod
2010-08-05 21:07 . 2010-08-05 21:08 -------- d-----w- c:\program files\QuickTime
2010-08-05 21:07 . 2010-08-05 21:07 -------- d-----w- c:\program files\Apple Software Update
2010-08-05 20:39 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-05 20:39 . 2010-08-07 09:42 -------- d-----w- c:\program files\Java
2010-08-05 20:24 . 2010-08-05 20:24 -------- d-----w- c:\program files\Secunia
2010-08-04 17:54 . 2010-08-04 18:24 -------- d-----w- c:\program files\RegCure
2010-07-31 23:10 . 2010-08-07 07:49 -------- d-----w- c:\windows\system32\logishrd
2010-07-31 23:10 . 2010-08-07 09:25 -------- d-----w- c:\program files\Common Files\LWS
2010-07-31 23:10 . 2010-08-07 09:25 -------- d-----w- c:\program files\Logitech
2010-07-30 08:56 . 2010-07-30 08:56 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-30 08:56 . 2010-07-30 08:56 -------- d-----w- c:\program files\MSBuild
2010-07-30 08:55 . 2010-07-30 08:55 -------- d-----w- c:\program files\Reference Assemblies
2010-07-30 08:55 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-30 08:55 . 2010-07-30 08:55 -------- d-----w- C:\2d4a621d6636d0772da05d35e39c
2010-07-30 08:55 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-30 08:55 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-30 08:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-30 08:55 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-30 08:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-30 08:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-30 08:55 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-30 08:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-29 21:21 . 2010-07-29 21:21 -------- d-----w- c:\program files\Artisteer 2
2010-07-28 22:15 . 2010-07-29 18:51 -------- d-----w- c:\documents and settings\xxx\Webn
2010-07-28 18:26 . 2010-07-28 18:26 -------- d-----w- c:\windows\Hewlett-Packard
2010-07-27 18:02 . 2010-07-27 18:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-17 06:27 . 2010-07-17 06:27 12536 ------w- c:\windows\system32\avgrsstx.dll
2010-07-14 16:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 10:14 . 2010-02-12 20:16 -------- d-----w- c:\program files\Bonjour
2010-08-07 10:10 . 2010-05-07 21:15 -------- d-----w- c:\program files\WYSIWYG Web Builder 6
2010-08-07 10:01 . 2010-05-01 07:29 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-07 09:30 . 2010-02-12 09:57 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-08-07 09:27 . 2010-02-12 10:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-07 07:48 . 2010-04-23 06:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-05 21:10 . 2010-02-12 20:16 -------- d-----w- c:\program files\iTunes
2010-08-05 21:10 . 2010-02-12 20:14 -------- d-----w- c:\program files\Common Files\Apple
2010-08-05 20:49 . 2010-02-11 15:49 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-05 20:36 . 2010-05-16 16:41 -------- d-----w- c:\program files\Winamp
2010-08-05 20:36 . 2010-05-16 16:42 -------- d-----w- c:\program files\Winamp Detect
2010-08-05 18:03 . 2010-04-13 19:49 -------- d-----w- c:\program files\Yahoo SiteBuilder
2010-07-31 23:50 . 2006-03-02 12:00 83216 ----a-w- c:\windows\system32\perfc005.dat
2010-07-31 23:50 . 2006-03-02 12:00 440462 ----a-w- c:\windows\system32\perfh005.dat
2010-07-28 19:36 . 2010-02-12 15:55 -------- d-----w- c:\program files\HP
2010-07-27 18:07 . 2010-02-14 09:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-23 16:58 . 2010-03-15 00:16 -------- d-----w- c:\program files\Zynga
2010-07-17 06:27 . 2010-02-11 15:45 243024 ------w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 06:27 . 2010-02-11 15:45 216400 ------w- c:\windows\system32\drivers\avgldx86.sys
2010-06-23 14:48 . 2010-04-11 01:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-14 20:52 . 2010-02-11 22:02 -------- d-----w- c:\program files\Google
2010-06-14 14:31 . 2009-07-15 22:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 13:28 . 2010-06-12 13:28 -------- d-----w- c:\program files\Adobe Media Player
2010-06-03 16:39 . 2010-02-11 15:45 29584 ------w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 17:04 . 2010-05-16 17:04 2179836 ------w- C:\shoutcast-dsp-1-9-0-windows.exe
2010-05-14 21:59 . 2010-05-14 21:59 203360 ------w- c:\windows\system32\lvci1301783.dll
2010-05-14 21:56 . 2010-05-14 21:56 10830680 ------w- c:\windows\system32\LogiDPP.dll
2010-05-14 21:56 . 2010-05-14 21:56 102744 ------w- c:\windows\system32\LogiDPPApp.exe
2010-05-14 21:55 . 2010-05-14 21:55 290648 ------w- c:\windows\system32\DevManagerCore.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_18.42.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-07 09:49 . 2010-08-07 09:49 16384 c:\windows\Temp\Perflib_Perfdata_668.dat
+ 2010-08-07 09:49 . 2010-08-07 09:49 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
+ 2010-08-05 21:04 . 2010-04-19 18:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-08-05 21:04 . 2010-04-19 18:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-08-05 21:07 . 2010-08-05 21:07 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2010-08-05 20:49 . 2010-08-05 20:49 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.17.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2010-08-05 20:50 . 2010-08-05 20:50 64000 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.20.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2008-06-16 08:31 . 2008-06-16 08:31 7808 c:\windows\system32\drivers\psi_mf.sys
+ 2010-08-05 20:49 . 2010-08-05 20:49 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\6.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2010-08-05 20:49 . 2010-08-05 20:49 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\20.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2010-08-05 20:50 . 2010-08-05 20:50 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\6.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2010-08-05 20:49 . 2010-08-05 20:49 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\17.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2010-08-05 20:49 . 2010-08-05 20:49 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.20.0__ce2cb7e279207b9e\cli_ure.dll
+ 2010-08-05 20:50 . 2010-08-05 20:50 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\20.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
- 2010-06-16 08:30 . 2010-06-16 08:30 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2010-08-05 22:37 . 2010-08-05 22:37 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2010-08-05 21:15 . 2010-08-05 21:18 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
+ 2010-08-05 21:15 . 2010-08-05 21:18 311760 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll
+ 2010-08-07 09:42 . 2010-07-17 03:00 153376 c:\windows\system32\javaws.exe
+ 2010-08-07 09:42 . 2010-07-17 03:00 145184 c:\windows\system32\javaw.exe
- 2010-03-30 09:26 . 2010-03-30 09:25 145184 c:\windows\system32\javaw.exe
+ 2010-08-07 09:42 . 2010-07-17 03:00 145184 c:\windows\system32\java.exe
- 2010-03-30 09:26 . 2010-03-30 09:25 145184 c:\windows\system32\java.exe
+ 2010-08-05 21:01 . 2010-08-05 21:01 807424 c:\windows\Installer\59a9d5.msi
+ 2010-08-05 20:39 . 2010-08-05 20:39 577536 c:\windows\Installer\5997a7.msi
+ 2010-08-07 09:42 . 2010-08-07 09:42 180224 c:\windows\Installer\561f68.msi
+ 2010-08-05 21:11 . 2010-08-05 21:11 372736 c:\windows\Installer\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}\iTunesIco.exe
+ 2010-08-05 20:49 . 2010-08-05 20:49 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.6.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2010-08-05 20:50 . 2010-08-05 20:50 856064 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.6.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2010-08-05 22:37 . 2010-08-05 22:37 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2010-06-16 08:30 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-07-16 00:19 . 2010-08-06 07:08 3598288 c:\windows\system32\FNTCACHE.DAT
+ 2010-08-05 21:04 . 2010-04-19 18:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-08-05 21:04 . 2010-04-19 18:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-08-05 21:11 . 2010-08-05 21:11 5731328 c:\windows\Installer\59b980.msi
+ 2010-08-05 21:08 . 2010-08-05 21:08 9472000 c:\windows\Installer\59b1e5.msi
+ 2010-08-05 21:07 . 2010-08-05 21:07 1554944 c:\windows\Installer\59af37.msi
+ 2010-08-05 21:04 . 2010-08-05 21:04 3089408 c:\windows\Installer\59aa37.msi
+ 2010-08-05 20:50 . 2010-08-05 20:50 3091456 c:\windows\Installer\59a696.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-23 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-07-23 16:58 2734688 ------w- c:\program files\Zynga\tbZyn1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ------w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-23 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-07-23 2734688]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 10:36 2848568 ------w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 10:36 2848568 ------w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-12 135664]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-05 202256]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-12 500208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI (RC3).lnk - c:\program files\Secunia\PSI (RC3)\psi.exe [2008-6-16 663552]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI (RC3).lnk - c:\program files\Secunia\PSI (RC3)\psi.exe [2008-6-16 663552]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI (RC3).lnk - c:\program files\Secunia\PSI (RC3)\psi.exe [2008-6-16 663552]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI (RC3).lnk - c:\program files\Secunia\PSI (RC3)\psi.exe [2008-6-16 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 06:27 12536 ------w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\xxx\\Data aplikací\\IMVUClient\\1VivoxVoice.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\360Share Pro\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.2.2010 17:45 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.2.2010 17:45 243024]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16.7.2009 0:53 13696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17.7.2010 8:27 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17.7.2010 8:27 308136]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16.6.2008 10:31 7808]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.6.2010 22:52 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.2.2010 17:25 1691480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - Ati HotKey Poller
*Deregistered* - PROCEXP141
.
Obsah adresáře 'Naplánované úlohy'

2010-08-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-HYACINT-xxx.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-12 13:21]

2010-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 14:39]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 14:39]

2010-08-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-06 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-08-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-08-07 c:\windows\Tasks\User_Feed_Synchronization-{A90A19D3-6152-4DC8-A29D-5D7A231DAF89}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\xxx\Nabídka Start\Programy\IMVU\Run IMVU.lnk
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.brisni-tance-praha.cz/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\dmnk82qe.default\
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\dmnk82qe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\dmnk82qe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Logitech Vid HD - c:\program files\Logitech\Vid\vid.exe
HKU-Default-RunOnce-WUAppSetup - c:\program files\Common Files\logishrd\WUApp32.exe
Notify-AtiExtEvent - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-07 12:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6004)
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-07 12:37:34
ComboFix-quarantined-files.txt 2010-08-07 10:37
ComboFix2.txt 2010-08-05 18:50

Před spuštěním: Volných bajtů: 442 738 126 848
Po spuštění: Volných bajtů: 443 262 291 968

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 04B2CD4CCD43EA307080D5B4D68D09E9

#8 Příspěvek od **Rudy** » 07 srp 2010 13:18

Log vypadá čistý.

michichi · #9 Příspěvek od **michichi** » 07 srp 2010 16:58

Děkuju moc za kontrolu.

Potíže se Skypem trvají, modrá smrť se zjeví pokaždé, když kliknu na "Audio Settings" (nastavení zvuků) nebo když kliknu na zelené tlačítko pro telefonování. Jdu šťárat v Skypové podpoře.

Zdravím všechny poradce a jiné dobroděje na fóru.

michichi · #10 Příspěvek od **michichi** » 07 srp 2010 17:08

Skype i webcam jsem přeinstalovala. Zapomněla jsem to dříve napsat.

#11 Příspěvek od **Rudy** » 07 srp 2010 17:14

Co je napsáno na té modré obrazovce?

michichi · #12 Příspěvek od **michichi** » 07 srp 2010 23:46

Zdravím už pozdě večer, mezi tím jsem byla s dcerkou na pohotovosti, tak se sem na skok vracím.

Ráno zkusím dát jiný reproduktor a jiná sluchátka na Skype, třeba se to tím vyřeší.

Jinak po restartu mi počítač posílal chybové hlášení a pak se otevřela Mozilla na tuto stránku:

http://wer.microsoft.com/responses/Resp ... 0bb367231a

kde po zvolení angličtiny přešel na tuto stránku:

http://wer.microsoft.com/Responses/Resp ... 8973f#here

Ovšem po mém zásahu - smazání Search Settings a ATI (to jsem asi mazat neměla), přeinstalaci Skypu a webcamu přechází na tuto stránku:

http://wer.microsoft.com/Responses/Resp ... a1cd0#here
(corrupted error).

Další změny po této přeinstalaci a výmazu:
- ikony na obrazovce se zarovnaly a vše i písmo v browseru je větší, (což mi nevadí)
- při vypínání pc je v panelu možnost "Úsporný režim" šedým písmem a nedá se vybrat, možnosti "Vypnou" a "Restartovat" zůstávají.

Možná jsem odinstalovala i něco, co tam mělo zůstat.

Omlouvám se moc za vzniklý guláš (zatímco by se spíš hodil ten opravdový).

#13 Příspěvek od **Rudy** » 08 srp 2010 09:09

Rozhodně neměl být smazán ATI, je to sw ke gr. kartě. Přeinstalujte ovladač. Problém s úsporným režimem budeme muset řešit opravou systému.

michichi · #14 Příspěvek od **michichi** » 08 srp 2010 09:29

Dobré nedělní ráno.

Nejnovější situace je taková, že opět restart po zavolání Skypem, dokonce teď 2x bylo i vyzvánění, kdežto včera byl restart ihned po zavolání, bez vyzvánění. Chybová hláška Windows Error Reporting (WER) následuje:

Help and Support | Security | Microsoft Update

Stop (blue screen) error caused by a device or driver

You received this message because a hardware device, its driver, or related software has caused a stop error, also called a blue screen error. This type of error means the computer has shut down abruptly to protect itself from potential data corruption or loss. In this case, we were unable to detect the specific device or driver that caused the problem.

The following troubleshooting steps might prevent the stop error from recurring. Try them in the order given. If one step does not solve the problem, then move on to the next one.
Steps to solve this problem

Download and install the latest updates and device drivers for your computer

1. Use Windows Update to check for and install updates:
1.

Click to go online to the Windows Update websiteClick to go online to the Windows Update website

Note
If Microsoft Update is installed, you'll be taken to the Microsoft Update website.
2.

Click Custom to check for available updates.
3.

In the left pane, under Select by Type, click each of the following links to view all available updates:
*

High Priority
*

Software, Optional
*

Hardware, Optional

4.

Select the updates you want, click Review and install updates, and then click Install Updates.
2.

If you recently added a new hardware device to your computer, go online to the manufacturer's website to see if a driver update is available.

How do I find my computer manufacturer?

Click Start, click Run, type msinfo32, and then click OK. Your computer manufacturer is listed as the System Manufacturer in the right pane of the System Information window.

Go to www.microsoft.com and search for "computer manufacturers"Click to go online to see contact information for most computer manufacturers
3.

If you recently added a new program to your computer, go online to the manufacturer's website to see if an update is available.

Scan your computer for viruses

Many blue screen errors can be caused by computer viruses or other types of malicious software.

If you have an antivirus program installed on your computer, make sure it is up to date with the latest antivirus definitions and perform a complete scan of your system. Check your antivirus product's website for information on getting the latest updates.

If you do not have antivirus software installed on your computer, we recommend using a web-based scanner to check your computer for malware. Many of the top antivirus software providers offer this service free of charge on their websites.

To see a list of Microsoft and third-party providers of antispyware, anti-malware, and antivirus software, go online to the following website:

Go to www.microsoft.com and search for "Security software"Security software: Downloads and trials

To see a list of antivirus software vendors, go online to the following Knowledge Base article:

Go to support.microsoft.com and search for "49500"List of antivirus software vendors

Tip
Consider scanning your computer using more than one web-based antivirus scanner, even if you have an antivirus program installed on your computer. This will help make sure that you are using the most up-to-date antivirus definitions and allows you to benefit from the different strengths of each antivirus software manufacturer. If you do run multiple antivirus products, make sure you run only one product at a time. Running multiple antivirus products simultaneously can produce incorrect results.

Check your hard disk for errors

You can help solve some computer problems and improve the performance of your computer by making sure that your hard disk has no errors.

1.

Click Start, and then click My Computer.
2.

Right-click the hard disk drive that you want to check, and then click Properties.
3.

Click the Tools tab, and then, under Error-checking, click Check Now.

To automatically repair problems with files and folders that the scan detects, select Automatically fix file system errors. Otherwise, the disk check will report problems but not fix them.

To perform a thorough disk check, select Scan for and attempt recovery of bad sectors. This scan attempts to find and repair physical errors on the hard disk itself, and it can take much longer to complete.

To check for both file errors and physical errors, select both Automatically fix file system errors and Scan for and attempt recovery of bad sectors.
4.

Click Start.

Depending upon the size of your hard disk, this might take several minutes or longer. For best results, don't use your computer for any other tasks while it's checking for errors.

Note
If you select Automatically fix file system errors for a disk that is in use (for example, the partition that contains Windows), you'll be prompted to reschedule the disk check for the next time you restart your computer.

For more information, go online to read the following article:

Go to www.support.microsoft.com and search for "315265"How to perform disk error checking in Windows XP

Steps to work around this problem

Warning
These steps are designed to address a particular problem but might do so by temporarily disabling or removing some functionality on your computer.

Remove any new hardware or software to isolate the cause of the blue screen

If you received the blue screen error after adding a new hardware device or program, and downloading updates didn't solve the problem, try removing the device or program and restarting Windows. If removing the new device or program allows Windows to start without the error, contact the device or program's manufacturer to get product updates or to learn about any known issues with the device or program.

Restore your computer to an earlier state

If the blue screen error occurred after installing a system or program update, consider using the System Restore feature to remove the changes. System Restore uses "restore points" that have been saved on your computer to return your system to a point in time before the problem began. This won't fix the problem, but it can make your computer work again.

Do one of the following:

If Windows doesn't start:

1.

Restart the computer and, when the screen becomes blank during startup, repeatedly press F8 until the Windows Advanced Options Menu displays.
2.

Use your arrow keys to select Safe Mode with Command Prompt, and then press ENTER.

For more information about safe mode start up options, go online to read an article in the Microsoft Knowledge Base:

Click to read KB315222Click to read KB315222
3.

If you are prompted to select a version of Windows, select the correct version, and then press ENTER.
4.

Log on to the computer using the Administrator account or an account that has administrator credentials.
5.

Type the following command at a command prompt, and then press ENTER:

[systemroot]\system32\restore\rstrui.exe

(Where [systemroot] is the drive and directory where your Windows system files are located -- for example, "C:\Windows")
6.

Follow the instructions that appear on the screen to restore the computer to an earlier state.

Or, if Windows starts:

1.

Log on to Windows using an administrator account.
2.

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
3.

On the Welcome to System Restore page, select Restore my computer to an earlier time, and then click Next.
4.

On the Select a Restore Point page, click the most recent system checkpoint in the On this list, click a restore point list, and then click Next. You might receive a message that lists configuration changes that System Restore will make. Review this list, and then click OK.
5.

On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows configuration, and then restarts the computer.
6.

Log on to the computer as an administrator.
7.

When the System Restore Restoration Complete page appears, click OK.

Advanced troubleshooting

The following steps can help determine what is causing a blue screen error and provide additional options for solving the problem. Try the above troubleshooting steps first before trying these advanced troubleshooting steps.

This section is intended for advanced computer users, such as software developers and network administrators. If you are not comfortable with advanced troubleshooting procedures, we recommend that you perform these steps with someone who is.

Step 1: Start Windows in safe mode

1.

Restart the computer and, when the screen becomes blank during startup, repeatedly press F8 until the Windows Advanced Options Menu displays.
2.

Use your arrow keys to select Safe Mode, and then press ENTER.

For more information about safe mode start up options, go online to read the following article:

Start your computer in safe modeStart your computer in safe mode
3.

If you are prompted to select a version of Windows, select the correct version, and then press ENTER.

Step 2: Collect more information about your computer

To continue troubleshooting this problem, you will need to collect more information about your computer, and then use it to find more information online.

1.

Use Event Viewer to find specific information about this problem
Event Viewer is an advanced tool that displays detailed information about significant events on your computer. It can be helpful when troubleshooting problems and errors with Windows and other programs.
1.

Click Start, click Run, type EVENTVWR, and then click OK.
2.

Click Application.
3.

Click View, and then click Filter.
4.

In the Event Source drop-down menu, click any one of the following: Save Dump, System Error, or Windows Error Reporting.
5.

In the Event ID field, type 1001, and then click OK.
6.

Review each event listed and write down the bugcheck code (for example, 0x000000D1 or 0x0000008E).
7.

Go to the next step to search the Internet for a solution.
2.

Perform an Internet search

Use the information you collected in the previous step to search the Internet for more help. If you find troubleshooting steps, make sure that they apply to your specific computer before you follow them.
1. Go online to search the Internet for specific bugcheck codes you found using Event Viewer. For example, search for "0x000000D1" or "0x0000008E."
2. Go online to search the Internet for the driver name. For example, search for "portcls.sys."
3. Go online to search the Internet using different combinations of text, such as "Blue Screen" or "Stop Error" along with the driver or device name. For example, you could search for "portcls.sys bluescreen".

Step 3: Roll back or disable the problem driver

1.

Start Device Manager. To do this, click Start, click Run, type devmgmt.msc, and then click OK.
2.

Based on the driver and device information you obtained in Step 2 above, double-click the device that you have determined might be causing the problem.
3.

If you think the problem was caused by a recent update of the driver, click the Driver tab, and then click the Roll Back Driver button. If the problem did not coincide with a recent updating of the driver, then click the Disable button instead.

Step 4: Determine whether a third-party program is causing the problem

1.

Click Start, click Run, type msconfig, and then click OK.
2.

Click the General tab, click Selective Startup, clear the Load startup items check box, and then select the Load System Services check box.
3.

Click OK, and then restart the computer.
4.

If Windows starts, go to Step 5. If Windows does not start, go to Step 7.

Step 5: Identify the conflicting program

Because of the number of programs that might be listed, we recommend that you use the following process of elimination:

1.

Click Start, click Run, type msconfig, and then click OK.
2.

Click the Startup tab.
3.

Select approximately half of the listed items, and then click OK.
4.

Restart the computer.
5.

If Windows does not start, restart Windows in safe mode.
6.

Repeat this process until you have identified the program that is causing the problem.
7.

Once you determine that a specific program is causing the problem, we recommend that you remove it if you are not using it.

How do I uninstall a program?
1.

Click Start, click Control Panel, and then click Add or Remove Programs.
2.

Click Change or Remove Programs, click the program you want to remove, and then click Change/Remove or Remove.

Note
If the program that you want to uninstall isn't listed, it might not have been created for your version of Windows. To uninstall the program, check the information that came with the program or contact the manufacturer for more information.
8.

If you do not want to remove the program, contact the software manufacturer for a solution to the problem.

Step 6: Disable all third-party services

Disable all third-party services to find out whether the problem is being caused by one of them.

Warning
The following procedure describes how to turn off third-party services. Be careful not to disable Microsoft services, because doing so will turn off System Restore and cause you to lose all system restore points.

1.

Click Start, click Run, type msconfig, and then click OK.
2.

Click the Services tab, and then click the Hide all Microsoft services check box to filter the list to third-party services only.
3.

Click Disable all to disable the listed third-party services.
4.

Restart the computer and check to see if the problem has gone away. If it has, you know that one of the disabled third-party services is causing the problem. Go to step 7 to identify which service is causing the problem.

Step 7: Locate and disable the third-party service causing the problem

Warning
The following procedure describes how to turn off third-party services. Be careful not to disable Microsoft services, because doing so will turn off System Restore and cause you to lose all system restore points.

Because of the number of services that might be listed, we recommend that you use the following process of elimination:

1.

Click Start, click Run, type msconfig, and then click OK.
2.

Click the Services tab, and then click the Hide all Microsoft services check box to filter the list to third-party services only.
3.

Disable approximately half the services on the list, and then click OK.
4.

Restart the computer in normal mode.
*

If Windows starts, then the problem service is among those you disabled. Repeat the process of enabling services in msconfig and restarting Windows until you determine which one causes Windows to not start in normal mode (this is the service that is causing the problem).
*

If Windows does not start, then the problem service is among those you left enabled. Repeat the process of disabling services and restarting Windows until you determine which one causes Windows to start in normal mode (this is the service that is causing the problem).
5.

If you have determined which service is causing the problem, we recommend that you disable it and contact the service's manufacturer for information on how to solve the problem. Also, make sure you re-enable any of the other services you disabled for diagnostic purposes.

#15 Příspěvek od **Rudy** » 08 srp 2010 10:01

Vypadá to na chybu systému. Nevyhnete se patrně opravě z instal. CD.

VIRY.CZ

Prosím zkontrolovat log, dík.

Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.

Re: Prosím zkontrolovat log, dík.