VIRY.CZ

Dělal jsem to poprvé podle návodu tak doufám že je to OK. Jen naokraj měl jsem problém s vypnutím rezidentních štíto od Avastu. Hlásilo to zapnuté štíty verze Avastu vis níže a přitom byly vypnuté na verzi kterou mám v PC 5.0.677. Že bych měl v PC dva ????


ComboFix 10-11-07.07 - sangoko 07.11.2010 21:54:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1050 [GMT 1:00]
Spuštěný z: c:\users\sangoko\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090422-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\sangoko\AppData\Roaming\Desktopicon
c:\users\sangoko\AppData\Roaming\Desktopicon\config.ini
c:\users\sangoko\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\ST6UNST.000
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-07 do 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 21:14 . 2010-11-07 21:20 -------- d-----w- c:\users\sangoko\AppData\Local\temp
2010-11-07 21:14 . 2010-11-07 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-01 20:57 . 2010-11-01 20:57 -------- d-----w- c:\program files\WinPcap
2010-11-01 20:57 . 2010-11-02 13:02 -------- d-----w- C:\BandwidthMeter
2010-11-01 13:55 . 2010-11-05 17:44 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-31 15:33 . 2010-10-31 15:33 -------- d-----w- c:\program files\Landi2003
2010-10-31 15:32 . 2010-10-31 15:32 475136 ------w- c:\windows\Setup1.exe
2010-10-31 15:32 . 2010-10-31 15:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-10-31 15:10 . 2010-10-31 15:10 -------- d-----w- c:\users\sangoko\Seznamy stop
2010-10-31 15:10 . 2010-10-31 15:10 -------- d-----w- c:\users\sangoko\Přednášky
2010-10-31 15:09 . 2010-10-31 15:09 -------- d-----w- c:\users\sangoko\Ozvučené subory
2010-10-26 19:03 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 19:03 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 19:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-24 07:48 . 2010-10-24 08:04 -------- d-----w- c:\users\sangoko\AppData\Local\Deployment
2010-10-24 06:53 . 2010-10-24 06:53 -------- d-----w- c:\windows\cs
2010-10-24 06:48 . 2010-10-24 06:48 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\DSETUP.dll
2010-10-24 06:48 . 2010-10-24 06:48 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\DXSETUP.exe
2010-10-24 06:48 . 2010-10-24 06:48 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\dsetup32.dll
2010-10-24 06:48 . 2010-10-24 06:48 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\DSETUP.dll
2010-10-24 06:48 . 2010-10-24 06:48 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\DXSETUP.exe
2010-10-24 06:48 . 2010-10-24 06:48 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\dsetup32.dll
2010-10-24 06:47 . 2010-11-04 13:43 -------- d-----w- c:\users\sangoko\AppData\Local\Windows Live
2010-10-24 06:46 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-12 19:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 19:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 19:36 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-02 20:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-07 15:12 . 2010-09-19 11:34 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-04-22 15:34 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-04-22 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-04-22 15:34 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-04-22 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-04-22 15:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-04-22 15:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 16:33 . 2010-10-26 19:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 19:03 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-26 19:03 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 19:03 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-17 14:11 . 2010-09-15 17:54 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 17:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-05-30 311976]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-30 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-30 16040]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sangoko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bandwidth Meter.lnk]
path=c:\users\sangoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bandwidth Meter.lnk
backup=c:\windows\pss\Bandwidth Meter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 12:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-02-13 12:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2010-06-03 19:05 4699136 ----a-w- c:\program files\Nexus Radio\Nexus Radio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-28 12:39 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-07-06 19:19 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-04-02 10:48 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
TOSCDSPD.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca0e1f73f62108;Služba Google Update (gupdate1ca0e1f73f62108);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-24 98984]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 691696]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-24 594600]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:32]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:32]

2010-11-07 c:\windows\Tasks\User_Feed_Synchronization-{1FD776CB-3058-4844-897A-E17B4997AABB}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/m/
uInternet Settings,ProxyOverride = local
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFExternalAlert.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\RadioWMPCore.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 22:19
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-11-07 22:31:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-07 21:31
ComboFix2.txt 2010-11-06 21:58

Před spuštěním: Volných bajtů: 11 770 732 544
Po spuštění: Volných bajtů: 14 624 337 920

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 2738204185956AE18329B76233FA9D47

Zdravim a pekny den preji

A nebylo v navodu taky neco jako ze se nema CF pouzivat bez doporuceni radce - jeho svevolnym pouzitim ztracite narok na podporu. Dale nize mate dalsi nebezpeci CF. Navic jste CF nepouzil poprve, jak vyplyva z logu, nemate tam jeste nekde log ComboFix.txt

Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Folder::
  c:\program files\Ask.com
  
  Registry::
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AdobeBridge"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  
  Driver::
  Akamai
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\User_Feed_Synchronization-{1FD776CB-3058-4844-897A-E17B4997AABB}.job
  
  DDS::
  uStart Page = hxxp://google.atcomet.com/m/
  
  Firefox::
  FF - ProfilePath - c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dobrý den, děkuji za výprask. Už budu hodnej slibuji. Přiznávám se toto z 6.11.10 bylo poprvé. Chcete po mě tohle "Combofix.txt" nevím jestli jsem to pochopil dobře doufám že jste měl na mysli ten první vis níže. Když jsem do lišty dal toto "Combofix.txt" vyjelo mi to co jsem Vám poslal. Tak snad je to zprávně. Co se týče té další akce počkám na Vaší komunikaci.
Předem děkuji. Jirka D.
Jo co to vlastně má udělat, nebo jaký má být výsledek na PC když použiji to co jste poslal??



ComboFix 10-11-07.01 - sangoko 06.11.2010 22:18:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.862 [GMT 1:00]
Spuštěný z: c:\downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090422-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antivirus 2009
c:\program files\VirusRemover2008
c:\program files\VirusRemover2008\Viruses.bdt
c:\programdata\Microsoft\Windows\Start Menu\Programs\VirusRemover2008
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\sangoko\AppData\Roaming\Desktopicon
c:\users\sangoko\AppData\Roaming\Desktopicon\config.ini
c:\users\sangoko\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\sangoko\AppData\Roaming\Microsoft\Windows\Recent\BitComet.url
c:\users\sangoko\FAVORI~1\ehthumbs_vista.db
c:\users\sangoko\Favorites\ehthumbs_vista.db
c:\windows\ST6UNST.000
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-06 do 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 21:40 . 2010-11-06 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-05 20:28 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CBF80A9-8CB6-4880-8876-3365D7FDDE75}\mpengine.dll
2010-11-01 20:57 . 2010-11-01 20:57 -------- d-----w- c:\program files\WinPcap
2010-11-01 20:57 . 2010-11-02 13:02 -------- d-----w- C:\BandwidthMeter
2010-11-01 13:55 . 2010-11-05 17:44 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-31 15:33 . 2010-10-31 15:33 -------- d-----w- c:\program files\Landi2003
2010-10-31 15:32 . 2010-10-31 15:32 475136 ------w- c:\windows\Setup1.exe
2010-10-31 15:32 . 2010-10-31 15:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-10-31 15:10 . 2010-10-31 15:10 -------- d-----w- c:\users\sangoko\Seznamy stop
2010-10-31 15:10 . 2010-10-31 15:10 -------- d-----w- c:\users\sangoko\Přednášky
2010-10-31 15:09 . 2010-10-31 15:09 -------- d-----w- c:\users\sangoko\Ozvučené subory
2010-10-26 19:03 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 19:03 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 19:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-24 07:48 . 2010-10-24 08:04 -------- d-----w- c:\users\sangoko\AppData\Local\Deployment
2010-10-24 06:53 . 2010-10-24 06:53 -------- d-----w- c:\windows\cs
2010-10-24 06:48 . 2010-10-24 06:48 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\DSETUP.dll
2010-10-24 06:48 . 2010-10-24 06:48 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\DXSETUP.exe
2010-10-24 06:48 . 2010-10-24 06:48 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\dsetup32.dll
2010-10-24 06:48 . 2010-10-24 06:48 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\DSETUP.dll
2010-10-24 06:48 . 2010-10-24 06:48 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\DXSETUP.exe
2010-10-24 06:48 . 2010-10-24 06:48 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\dsetup32.dll
2010-10-24 06:47 . 2010-11-04 13:43 -------- d-----w- c:\users\sangoko\AppData\Local\Windows Live
2010-10-24 06:46 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-12 19:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 19:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 19:36 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-02 20:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-07 15:12 . 2010-09-19 11:34 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-04-22 15:34 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-04-22 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-04-22 15:34 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-04-22 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-04-22 15:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-04-22 15:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 16:33 . 2010-10-26 19:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 19:03 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-26 19:03 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 19:03 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-17 14:11 . 2010-09-15 17:54 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 17:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-05-30 311976]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-30 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-30 16040]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sangoko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bandwidth Meter.lnk]
path=c:\users\sangoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bandwidth Meter.lnk
backup=c:\windows\pss\Bandwidth Meter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 12:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-02-13 12:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2010-06-03 19:05 4699136 ----a-w- c:\program files\Nexus Radio\Nexus Radio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-28 12:39 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-07-06 19:19 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-04-02 10:48 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca0e1f73f62108;Služba Google Update (gupdate1ca0e1f73f62108);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-24 98984]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 691696]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-24 594600]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:32]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 18:32]

2010-11-06 c:\windows\Tasks\User_Feed_Synchronization-{1FD776CB-3058-4844-897A-E17B4997AABB}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/m/
uInternet Settings,ProxyOverride = local
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFExternalAlert.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\RadioWMPCore.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 22:44
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-11-06 22:58:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-06 21:57

Před spuštěním: 3 022 462 976
Po spuštění: 9 193 119 744

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 0CEC71A2A84C1B3A42587834B0444748

Log jste dal spravny...

Pokracujte aplikovani skriptu jak jsem psal vyse - skript smaze skodlive soubory, sluzby, zapisy v registru a taky opravi chybne zapisy v registru

Dobrý večer, tak jsem zkopíroval všechno co bylo součástí toho Kodu ( barevně) vytvořil jsem ten soubor jak jste popsal a na ploče vložil do té ikony Combo fixu. Zahlásilo to že mám zapnuto Avast tu starou verzy. Tak jsem vypnul tu novou a jakékoliv další zabezpečení a dal OK, ale pořád to hlásilo že tu starou verzi mám zapnutou, dal jsem OK. Naběhlo to modré okno, nějaký popis a potom vyskočilo jestli jsem vkládal CSFcript? a že vkládaný soubor je špatně datovaný nebo tak něco. Dal jsem OK a celá akce se ukončila. Co mám dělat? PC pracuje jak se zdá dobře, ale samozřejmě když nevím jak má vypadat ideální stav tak to těžko posoudím. Každopádně mi nejde do hlavy to s tím Avastem proč mi to pořád hlásí že to je zapnuto když v PC mi to hlásí že je to vypnuto. Děkuji za odpovědi které zodpoví moje otázky. Děkuji Jirka D.

Muze to byt chybna detekce CF ohledne toho avastu

Podivejte se jestli mate spravne pojmenovany skript, musi se jmenova CFScript.txt a zkuste to znovu, pripadne v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Posílám foto jak to vypadá , no nemá to tu příponu txt ale na tom vašem vzoru to také není tak nevím.
V tom nouzovém režimu se mi do toho moc nechce protože po tom co to udělám nevím jak dál váš popis končí jak se tam dostanu ale né co se bude dít potom a co mám dělat. Mám vedle sebe ještě jeden Pc kdyby to tenhle nerozchodil. Tak co teď ? Děkuji

Mate ten skript spatne pojmenovany, mate CSFcript, ma byt CFScript...nouzovy rezim je podobny normalnimu, pracuje se v nem uplne stejne, pouze bezi na zakladnich ovladacich a havet v nem byva neskodna...

Takze skript pojmenujte spravne a provedte krok s jeho apliakci

Tak tady toje, doufám že je to provedené dobře. Teď si jenom říkám co asi zjistíte. Děkuji za další informace a kontrolu. Jirka D.



ComboFix 10-11-07.07 - sangoko 10.11.2010 20:58:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1159 [GMT 1:00]
Spuštěný z: c:\users\sangoko\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\sangoko\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090422-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{1FD776CB-3058-4844-897A-E17B4997AABB}.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{1FD776CB-3058-4844-897A-E17B4997AABB}.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Akamai


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-10 do 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 20:24 . 2010-11-10 20:28 -------- d-----w- c:\users\sangoko\AppData\Local\temp
2010-11-07 13:19 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FE25211-F8D5-4CEE-A081-4CA3AB60CE5B}\mpengine.dll
2010-11-06 23:38 . 2010-11-06 23:38 -------- d-----w- c:\users\sangoko\AppData\Roaming\SUPERAntiSpyware.com
2010-11-06 23:38 . 2010-11-06 23:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-06 23:38 . 2010-11-06 23:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-01 20:57 . 2010-11-01 20:57 -------- d-----w- c:\program files\WinPcap
2010-11-01 20:57 . 2010-11-02 13:02 -------- d-----w- C:\BandwidthMeter
2010-11-01 13:55 . 2010-11-05 17:44 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-31 15:33 . 2010-10-31 15:33 -------- d-----w- c:\program files\Landi2003
2010-10-31 15:32 . 2010-10-31 15:32 475136 ------w- c:\windows\Setup1.exe
2010-10-31 15:32 . 2010-10-31 15:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-10-31 15:10 . 2010-10-31 15:10 -------- d-----w- c:\users\sangoko\Seznamy stop
2010-10-31 15:10 . 2010-10-31 15:10 -------- d-----w- c:\users\sangoko\Přednášky
2010-10-31 15:09 . 2010-10-31 15:09 -------- d-----w- c:\users\sangoko\Ozvučené subory
2010-10-26 19:03 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 19:03 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 19:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-24 07:48 . 2010-10-24 08:04 -------- d-----w- c:\users\sangoko\AppData\Local\Deployment
2010-10-24 06:53 . 2010-10-24 06:53 -------- d-----w- c:\windows\cs
2010-10-24 06:48 . 2010-10-24 06:48 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\DSETUP.dll
2010-10-24 06:48 . 2010-10-24 06:48 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\DXSETUP.exe
2010-10-24 06:48 . 2010-10-24 06:48 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\86c571b21cb734718\dsetup32.dll
2010-10-24 06:48 . 2010-10-24 06:48 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\DSETUP.dll
2010-10-24 06:48 . 2010-10-24 06:48 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\DXSETUP.exe
2010-10-24 06:48 . 2010-10-24 06:48 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\84b9c3321cb734717\dsetup32.dll
2010-10-24 06:47 . 2010-11-04 13:43 -------- d-----w- c:\users\sangoko\AppData\Local\Windows Live
2010-10-24 06:46 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-12 19:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 19:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 19:36 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-02 20:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-07 15:12 . 2010-09-19 11:34 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-04-22 15:34 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-04-22 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-04-22 15:34 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-04-22 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-04-22 15:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-04-22 15:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 16:33 . 2010-10-26 19:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 19:03 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-26 19:03 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 19:03 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-17 14:11 . 2010-09-15 17:54 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-05-30 311976]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-30 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-30 16040]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sangoko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bandwidth Meter.lnk]
path=c:\users\sangoko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bandwidth Meter.lnk
backup=c:\windows\pss\Bandwidth Meter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 12:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-02-13 12:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2010-06-03 19:05 4699136 ----a-w- c:\program files\Nexus Radio\Nexus Radio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-28 12:39 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-07-06 19:19 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-04-02 10:48 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
TOSCDSPD.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe

R2 gupdate1ca0e1f73f62108;Služba Google Update (gupdate1ca0e1f73f62108);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-24 98984]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-24 594600]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{1FD776CB-3058-4844-897A-E17B4997AABB}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = local
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFExternalAlert.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\RadioWMPCore.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\users\sangoko\AppData\Roaming\Mozilla\Firefox\Profiles\qu52wjqv.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 21:26
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(11084)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-11-10 21:36:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-10 20:36
ComboFix2.txt 2010-11-07 21:31
ComboFix3.txt 2010-11-06 21:58

Před spuštěním: 7 263 936 512
Po spuštění: 7 186 460 672

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 2C86C34F9A76623B79DDC771EF0EACD6

Provedte kompletni odinstalaci Avastu pomoci tohoto http://www.avast.com/cs-cz/uninstall-utility a pak jej znovu nainstalujte

Jinak log vypada cisty, jak se chova PC

Děkuji za info. Jsem jen zvědavej proč mám odinstalovat Avast? Odkud ho mám potom zase nainstalovat - doporučíte mi nějakou stránku kde je Free verze? Jinak PC se chová slušně Děkuji Jirka D

Vypada ze ma nejak poskozene ovladace a navic se mi nejak nezda ze by jej CF detekoval tak divne...je to pro jistotu...Stahnout jej muzete odsud (stahnete ten prvni Free) http://www.avast.com/cs-cz/free-antivirus-download

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u google toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Dejte novy log z RSIT a napiste co PC

Děkuji za postup.

1, Co přesně znamená: "Po použiti utilitu smazte" ? Mám ji jenom nechat přesunout do koše nebo odinstalovat?

2,Píšete také: Dejte novy log z RSIT. Znamená to kliknout na váš odkaz RSIT a posupovat podle postupu v něm uvedeném?

3, Ccleaner už mám nějaký čas v PC a používám ho. Mám ho odinstalovat a nainstalovat ho z vašeho odhazu znovu?

4, Dále jsem si nedávno zakoupil program na zrychlení počítače

http://www.zrychlenipocitace.cz/?affid= ... utocontent

co mu říkáte jako odborník?

Předem děkuji za odpovědi na moje 4 otázky.

S pozdravem Jirka D.

Smazat staci hodit do kose a ten pak vysypat

Pokud nemate CCleaner aktualni, tak si stahnete nejnovejsi verzi (http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ )

Log z RSIT - presne jak pisete - klik do podpisu a dle navod udelat log

O te utilite toho moc nevim, pouzivam na cisteni CCleaner a bohate mi staci - zkusim se poptat i kolegu ci nemaji zkusenosti...

Super děkuji za odpovědi. Jdu pokračovat ve vašem postupu abych mohl poslat ten Log.

Děkuji