VIRY.CZ

Zdravim,

mám problém s pc, poslední dobou je pomalé, občas se zasekne na par sekund.

prosim o pomoc

prikladam log RSIT:

mLogfile of random's system information tool 1.06 (written by random/random)
Run by r.goca at 2013-03-13 19:38:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 115 GB (75%) free of 153 GB
Total RAM: 2014 MB (36% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-08 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-08 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-06-23 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-06-23 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-06-23 142360]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-19 8491008]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-09-19 81920]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-08-30 408088]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
"swSetupLinkMaker"=C:\Program Files\akERPcz\swSetupLinkMaker.exe [2012-05-21 24576]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24 49208]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"=C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2011-09-16 1804648]
"NokiaPCInternetAccess"=C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2009-05-26 651264]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2012-08-22 1368768]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2012-08-22 1368768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2009-07-31 2680160]

C:\Documents and Settings\r.goca\Nabídka Start\Programy\Po spuštění
Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-06-12 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLogonScripts"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"MaxGPOScriptWait"=240

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDesktopCleanupWizard"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart 5510 series)"
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikátor HP (HP Photosmart 5510 series)"
"C:\Program Files\QIP 2012\qip.exe"="C:\Program Files\QIP 2012\qip.exe:*:Enabled:QIP 2012"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2013-03-08 18:17:30 ----A---- C:\WINDOWS\system32\javaws.exe
2013-03-08 18:17:05 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-03-08 18:17:05 ----A---- C:\WINDOWS\system32\javaw.exe
2013-03-08 18:17:05 ----A---- C:\WINDOWS\system32\java.exe
2013-03-08 16:15:35 ----D---- C:\Documents and Settings\r.goca\Data aplikací\Opera
2013-03-08 16:15:03 ----D---- C:\Program Files\Opera
2013-03-08 03:59:04 ----D---- C:\Program Files\Mozilla Firefox
2013-03-05 15:46:03 ----SHD---- C:\RECYCLER
2013-02-26 15:27:07 ----D---- C:\Documents and Settings\r.goca\Data aplikací\AVS4YOU
2013-02-26 13:17:40 ----D---- C:\Documents and Settings\r.goca\Data aplikací\Malwarebytes
2013-02-26 13:15:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-02-26 13:15:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-02-25 15:31:29 ----A---- C:\ComboFix.txt
2013-02-25 14:24:20 ----A---- C:\Boot.bak
2013-02-25 14:24:16 ----RASHD---- C:\cmdcons
2013-02-25 14:21:25 ----A---- C:\WINDOWS\zip.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\SWSC.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\SWREG.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\sed.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\PEV.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\NIRCMD.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\MBR.exe
2013-02-25 14:21:25 ----A---- C:\WINDOWS\grep.exe
2013-02-25 14:19:19 ----D---- C:\Qoobox
2013-02-25 14:18:46 ----D---- C:\WINDOWS\erdnt
2013-02-25 10:15:18 ----D---- C:\Program Files\trend micro
2013-02-25 10:15:17 ----D---- C:\rsit
2013-02-20 15:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2778344$
2013-02-20 15:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2799494$
2013-02-20 15:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$
2013-02-20 15:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$
2013-02-20 15:02:37 ----A---- C:\WINDOWS\imsins.BAK
2013-02-15 10:47:42 ----D---- C:\Documents and Settings\r.goca\Data aplikací\DofusTesting

======List of files/folders modified in the last 1 months======

2013-03-13 19:38:18 ----D---- C:\Documents and Settings\r.goca\Data aplikací\Skype
2013-03-13 19:24:06 ----D---- C:\WINDOWS\Temp
2013-03-13 13:45:35 ----D---- C:\WINDOWS\Prefetch
2013-03-13 08:42:17 ----D---- C:\WINDOWS\security
2013-03-12 22:38:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-03-11 08:30:12 ----A---- C:\WINDOWS\system32\log.txt
2013-03-10 19:54:28 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2013-03-09 04:49:06 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-03-08 18:17:48 ----SHD---- C:\WINDOWS\Installer
2013-03-08 18:17:30 ----D---- C:\WINDOWS\system32
2013-03-08 18:16:34 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-03-08 18:16:33 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-03-08 18:16:13 ----D---- C:\Program Files\Java
2013-03-08 18:15:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-03-08 16:15:03 ----RD---- C:\Program Files
2013-03-05 15:43:08 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-03-04 19:05:16 ----D---- C:\WINDOWS\system32\drivers
2013-02-26 15:20:47 ----D---- C:\WINDOWS\AppPatch
2013-02-25 15:30:58 ----SD---- C:\WINDOWS\Tasks
2013-02-25 15:30:18 ----D---- C:\WINDOWS
2013-02-25 15:30:18 ----A---- C:\WINDOWS\system.ini
2013-02-25 15:28:16 ----D---- C:\Program Files\Common Files
2013-02-25 15:23:37 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-25 14:24:20 ----RASH---- C:\boot.ini
2013-02-24 07:47:57 ----D---- C:\Documents and Settings\r.goca\Data aplikací\AIMP
2013-02-23 15:29:19 ----HD---- C:\WINDOWS\inf
2013-02-20 17:27:18 ----RSD---- C:\WINDOWS\assembly
2013-02-20 17:27:18 ----D---- C:\WINDOWS\Microsoft.NET
2013-02-20 15:04:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-02-20 15:04:23 ----HD---- C:\WINDOWS\$hf_mig$
2013-02-20 15:04:23 ----D---- C:\WINDOWS\ie8updates
2013-02-20 15:02:14 ----D---- C:\Program Files\Internet Explorer
2013-02-20 14:59:16 ----D---- C:\WINDOWS\WinSxS
2013-02-18 17:26:36 ----D---- C:\_Goca
2013-02-17 19:50:24 ----A---- C:\WINDOWS\ModemLog_Nokia E52 USB Modem.txt
2013-02-17 15:17:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-02-16 15:26:24 ----D---- C:\Documents and Settings\r.goca\Data aplikací\uTorrent
2013-02-15 10:57:04 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-02-15 10:56:37 ----D---- C:\Documents and Settings\r.goca\Data aplikací\Dofus2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-12-19 26624]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-12-19 42912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-12-19 94544]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-12-19 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5032.sys [2007-04-13 235928]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-03-26 62208]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-08-30 45056]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-19 6852032]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2009-07-07 168936]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2009-05-20 74368]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2009-07-28 49016]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2010-04-10 2967168]
S3 catchme;catchme; \??\C:\DOCUME~1\R4A3B~1.GOC\LOCALS~1\Temp\catchme.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-06-12 6278272]
S3 massfilter;Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2010-02-22 9216]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2009-06-11 36992]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 105856]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2010-03-02 105856]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2010-03-02 105856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2012-08-22 123320]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-12-19 17272]
R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-08-30 182808]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [2007-12-19 140664]
R2 avast! NetAgent;avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [2007-12-19 50552]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-08 170912]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-08-30 121368]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-19 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-05-10 94208]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-02-26 3560800]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-07-30 144752]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-08-30 1464856]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [2007-12-19 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [2007-12-19 345464]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-29 136176]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-09-01 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-29 136176]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-08 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Použij T-Cleaner, který smaže případné zbytky po aplikacích které se použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: d.jemelka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 2262441 bytes
->Flash cache emptied: 17964 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: drobek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

User: j.trubak
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 65500022 bytes
->Flash cache emptied: 456 bytes

User: jemelka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->FireFox cache emptied: 34942866 bytes
->Google Chrome cache emptied: 6446471 bytes
->Flash cache emptied: 642 bytes

User: jemelka.AGRIKOMP-CZ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 31546028 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: r.goca
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 320469 bytes
->FireFox cache emptied: 392198692 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 985364 bytes
->Flash cache emptied: 58191 bytes

User: schmitt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 5909 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 510,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 03142013_075343

dobry vecer,

rad bych se zeptal na dalsi postup, zatim nevnimam nejake zlepseni.

diky za odpoved

aswed píše:dobry vecer,

rad bych se zeptal na dalsi postup, zatim nevnimam nejake zlepseni.

diky za odpoved

Pokračovat samozřejmě budeme jen to chce trošku trpělivosti, protože tu bývám až večer.


Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

omlouvam se netrpelivost a dekuji za Vas cas

prikladam log z combofixu: snad jsem spravne vypnul avast.

ComboFix 13-03-14.02 - r.goca 14.03.2013 22:24:38.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2014.1316 [GMT 1:00]
Spuštěný z: c:\_goca\OsobnÝ\ComboFix.exe
AV: avast! antivirus 4.7.820 [VPS 130314-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-14 do 2013-03-14 )))))))))))))))))))))))))))))))
.
.
2013-03-08 17:17 . 2013-03-08 17:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 17:17 . 2013-03-08 17:16 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-08 15:15 . 2013-03-08 15:15 -------- d-----w- c:\documents and settings\r.goca\Local Settings\Data aplikací\Opera
2013-03-08 15:15 . 2013-03-08 15:15 -------- d-----w- c:\program files\Opera
2013-03-04 07:07 . 2013-03-04 07:07 -------- d-sh--w- c:\documents and settings\r.goca\IECompatCache
2013-02-26 14:27 . 2013-02-26 14:27 -------- d-----w- c:\documents and settings\r.goca\Data aplikací\AVS4YOU
2013-02-26 12:17 . 2013-02-26 12:17 -------- d-----w- c:\documents and settings\r.goca\Data aplikací\Malwarebytes
2013-02-26 12:15 . 2013-02-26 12:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-26 12:15 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-26 12:15 . 2013-02-26 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-15 09:47 . 2013-02-15 09:47 -------- d-----w- c:\documents and settings\r.goca\Data aplikací\DofusTesting
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 17:16 . 2012-06-18 08:12 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-08 17:16 . 2012-06-18 08:12 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-05 14:43 . 2012-05-29 06:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 14:43 . 2011-08-29 09:45 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-14 07:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2008-04-14 07:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2008-04-14 08:06 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2008-04-14 07:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 07:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 07:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-14 07:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2013-03-08 02:59 . 2013-03-08 02:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-23 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-23 142360]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8491008]
"nwiz"="nwiz.exe" [2007-09-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-08-30 408088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"swSetupLinkMaker"="c:\program files\akERPcz\swSetupLinkMaker.exe" [2012-05-21 24576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 240 (0xf0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3131\Scripts\Logon\0\0]
"Script"=update_akerp_program.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3131\Scripts\Logon\1\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3135\Scripts\Logon\0\0]
"Script"=update_akerp_program.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3135\Scripts\Logon\1\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-4127\Scripts\Logon\0\0]
"Script"=update_akerp_program.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-4127\Scripts\Logon\1\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-4130\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^r.goca^Nabídka Start^Programy^Po spuštění^Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk]
path=c:\documents and settings\r.goca\Nabídka Start\Programy\Po spuštění\Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk
backup=c:\windows\pss\Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-03-24 11:13 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-05-26 11:21 651264 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2012-08-22 13:12 1368768 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\AvAgent.exe"=
"c:\\Program Files\\QIP 2012\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16109:TCP"= 16109:TCP:avast! NetAgent "Apply To" feature
"16108:TCP"= 16108:TCP:avast! NetAgent "Remote Chest" feature
.
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [22.8.2012 15:59 123320]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [24.4.2012 8:09 182808]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [9.1.2013 19:06 3560800]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [24.4.2012 8:09 1464856]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [29.8.2011 10:29 6609920]
S0 cerc6;cerc6; [x]
S2 avast! NetAgent;avast! NetAgent;c:\program files\Alwil Software\Avast4\AvAgent.exe [29.8.2011 10:39 50552]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.2.2013 13:15 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [14.5.2012 15:56 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.2.2013 13:15 21104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.8.2012 23:55 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.8.2012 23:55 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 18:36 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 14:43]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 10:13]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 10:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=310D05DA-BD76-4871-A6E0-F8AAC7257B27&apn_ptnrs=&apn_sauid=494D6A4C-D393-4F66-B8B8-C145D4E5C93D&apn_dtid=OSJ000&&q=
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 22:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2008)
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
Celkový čas: 2013-03-14 22:30:20
ComboFix-quarantined-files.txt 2013-03-14 21:30
.
Před spuštěním: Volných bajtů: 125 956 128 768
Po spuštění: Volných bajtů: 125 906 194 432
.
- - End Of File - - 7D546F108D8CA371C4921FE616908761

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

provedeno posilam log

ComboFix 13-03-14.02 - r.goca 14.03.2013 23:14:23.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2014.1026 [GMT 1:00]
Spuštěný z: c:\_goca\Osobní\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\r.goca\Plocha\CFScript.txt
AV: avast! antivirus 4.7.820 [VPS 130314-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-14 do 2013-03-14 )))))))))))))))))))))))))))))))
.
.
2013-03-08 17:17 . 2013-03-08 17:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 17:17 . 2013-03-08 17:16 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-08 15:15 . 2013-03-08 15:15 -------- d-----w- c:\documents and settings\r.goca\Local Settings\Data aplikací\Opera
2013-03-08 15:15 . 2013-03-08 15:15 -------- d-----w- c:\program files\Opera
2013-03-04 07:07 . 2013-03-04 07:07 -------- d-sh--w- c:\documents and settings\r.goca\IECompatCache
2013-02-26 14:27 . 2013-02-26 14:27 -------- d-----w- c:\documents and settings\r.goca\Data aplikací\AVS4YOU
2013-02-26 12:17 . 2013-02-26 12:17 -------- d-----w- c:\documents and settings\r.goca\Data aplikací\Malwarebytes
2013-02-26 12:15 . 2013-02-26 12:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-26 12:15 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-26 12:15 . 2013-02-26 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-15 09:47 . 2013-02-15 09:47 -------- d-----w- c:\documents and settings\r.goca\Data aplikací\DofusTesting
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 17:16 . 2012-06-18 08:12 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-08 17:16 . 2012-06-18 08:12 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-05 14:43 . 2012-05-29 06:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 14:43 . 2011-08-29 09:45 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-14 07:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2008-04-14 07:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2008-04-14 08:06 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2008-04-14 07:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 07:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 07:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-14 07:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2013-03-08 02:59 . 2013-03-08 02:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-23 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-23 142360]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8491008]
"nwiz"="nwiz.exe" [2007-09-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-08-30 408088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"swSetupLinkMaker"="c:\program files\akERPcz\swSetupLinkMaker.exe" [2012-05-21 24576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 240 (0xf0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3131\Scripts\Logon\0\0]
"Script"=update_akerp_program.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3131\Scripts\Logon\1\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3135\Scripts\Logon\0\0]
"Script"=update_akerp_program.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-3135\Scripts\Logon\1\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-4127\Scripts\Logon\0\0]
"Script"=update_akerp_program.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-4127\Scripts\Logon\1\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1945372436-69011807-1140763523-4130\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^r.goca^Nabídka Start^Programy^Po spuštění^Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk]
path=c:\documents and settings\r.goca\Nabídka Start\Programy\Po spuštění\Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk
backup=c:\windows\pss\Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-03-24 11:13 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-05-26 11:21 651264 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2012-08-22 13:12 1368768 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\AvAgent.exe"=
"c:\\Program Files\\QIP 2012\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16109:TCP"= 16109:TCP:avast! NetAgent "Apply To" feature
"16108:TCP"= 16108:TCP:avast! NetAgent "Remote Chest" feature
.
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [22.8.2012 15:59 123320]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [24.4.2012 8:09 182808]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [9.1.2013 19:06 3560800]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [24.4.2012 8:09 1464856]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [29.8.2011 10:29 6609920]
S0 cerc6;cerc6; [x]
S2 avast! NetAgent;avast! NetAgent;c:\program files\Alwil Software\Avast4\AvAgent.exe [29.8.2011 10:39 50552]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.2.2013 13:15 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [14.5.2012 15:56 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.2.2013 13:15 21104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.8.2012 23:55 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.8.2012 23:55 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 18:36 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 14:43]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 10:13]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 10:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
uInternet Settings,ProxyServer = akczs1:8080
uInternet Settings,ProxyOverride = 192.168.;companyweb;akczs1;intern.agrikomp.cz;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1524)
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
Celkový čas: 2013-03-14 23:19:31
ComboFix-quarantined-files.txt 2013-03-14 22:19
ComboFix2.txt 2013-03-14 21:30
.
Před spuštěním: Volných bajtů: 125 911 654 400
Po spuštění: Volných bajtů: 125 898 637 312
.
- - End Of File - - 991C8A8722E483AFD80D1333AC70D3A7

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Search.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.


V mezičase defragmentuj disk buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem

dobry den, cela procedura provedena, prikladam pozadovany log.

dekuji

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 07:00:39
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : r.goca - AKCZPC145
# Boot Mode : Normal
# Running from : C:\Documents and Settings\r.goca\Plocha\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\searchplugins\Askcom.xml
Folder Found : C:\Documents and Settings\jemelka.AGRIKOMP-CZ\Local Settings\Data aplikací\AskToolbar
Folder Found : C:\Documents and Settings\jemelka\Local Settings\Data aplikací\AskToolbar
Folder Found : C:\Documents and Settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\extensions\toolbar@ask.com
Folder Found : C:\Documents and Settings\r.goca\Local Settings\Data aplikací\AskToolbar
Folder Found : C:\Documents and Settings\schmitt\Local Settings\Data aplikací\AskToolbar

***** [Registry] *****

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found : HKU\S-1-5-21-1945372436-69011807-1140763523-3131\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (cs)

File : C:\Documents and Settings\d.jemelka\Data aplikací\Mozilla\Firefox\Profiles\rhkq30o6.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\jemelka.AGRIKOMP-CZ\Data aplikací\Mozilla\Firefox\Profiles\y30pdgqg.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

File : C:\Documents and Settings\j.trubak\Data aplikací\Mozilla\Firefox\Profiles\dilai2ar.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

File : C:\Documents and Settings\jemelka\Data aplikací\Mozilla\Firefox\Profiles\jkbmwvxn.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\r.goca\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\jemelka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Documents and Settings\d.jemelka\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\r.goca\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3891 octets] - [16/03/2013 07:00:39]

########## EOF - C:\AdwCleaner[R1].txt - [3951 octets] ##########

Znovu spusť AdwCleaner ale tentokrát klikni na Delete,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té na Tebe opět vypadne log který mi sem zkopíruj.

Provedeno prikladam log:


# AdwCleaner v2.114 - Logfile created 03/17/2013 at 08:36:37
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : r.goca - AKCZPC145
# Boot Mode : Normal
# Running from : C:\Documents and Settings\r.goca\Plocha\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\searchplugins\Askcom.xml
Folder Deleted : C:\Documents and Settings\jemelka.AGRIKOMP-CZ\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\jemelka\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\r.goca\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\schmitt\Local Settings\Data aplikací\AskToolbar

***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (cs)

File : C:\Documents and Settings\d.jemelka\Data aplikací\Mozilla\Firefox\Profiles\rhkq30o6.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\jemelka.AGRIKOMP-CZ\Data aplikací\Mozilla\Firefox\Profiles\y30pdgqg.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

File : C:\Documents and Settings\j.trubak\Data aplikací\Mozilla\Firefox\Profiles\dilai2ar.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\r.goca\Data aplikací\Mozilla\Firefox\Profiles\3n2t064w.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

File : C:\Documents and Settings\jemelka\Data aplikací\Mozilla\Firefox\Profiles\jkbmwvxn.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\r.goca\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\jemelka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Documents and Settings\d.jemelka\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\r.goca\Data aplikací\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4020 octets] - [16/03/2013 07:00:39]
AdwCleaner[R2].txt - [3929 octets] - [17/03/2013 08:35:48]
AdwCleaner[S1].txt - [3908 octets] - [17/03/2013 08:36:37]

########## EOF - C:\AdwCleaner[S1].txt - [3968 octets] ##########

Bezva uklizeno, jaký je stav PC ?

zda se to ted byt lepsi, diky za cas a ochotu

Není zač a