Prosím o kontrolu,občas nelze otevřít žádný program Vyřešeno

[nerolli]

V průběhu kontroly se mi zobrazila hláška: Jednotka není připravena k použití, možná jsou otevřená dvířka, zkontrolujte jednotku A: a přesvěčte se, zda je vložen disk a zda jsou zavřena dvířka.
Kde je jednotka A jsem nepochopila a klikla na pokračovat..

[Reklama]

[memphisto]

Jednota A je disketová jednotka

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

[nerolli]

ComboFix 13-09-22.01 - PC 22.09.2013 19:57:47.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.578 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET43.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET4F.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-22 do 2013-09-22 )))))))))))))))))))))))))))))))
.
.
2013-09-22 17:30 . 2013-09-22 17:30 -------- d-----w- c:\windows\LastGood
2013-09-22 17:29 . 2010-02-10 19:20 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2013-09-22 17:29 . 2010-02-10 19:20 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2013-09-22 17:29 . 2010-02-10 19:20 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
2013-09-22 17:29 . 2010-02-10 19:20 217088 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2013-09-22 17:29 . 2010-02-10 19:20 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2013-09-22 17:21 . 2013-09-22 17:21 -------- d-----w- c:\program files\CPUID
2013-09-22 12:50 . 2013-09-22 12:50 -------- d-----w- c:\windows\ERUNT
2013-09-21 23:14 . 2013-09-22 12:34 -------- d-----w- C:\AdwCleaner
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\PC\Data aplikací\Malwarebytes
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-21 22:57 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-21 22:57 . 2013-09-21 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-21 22:12 . 2013-09-21 22:12 -------- d-----w- c:\program files\Trend Micro
2013-09-21 21:53 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-09-21 21:52 . 2013-09-21 21:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-09-20 11:12 . 2013-09-20 11:12 -------- d-----w- c:\program files\ESET
2013-09-17 08:58 . 2013-06-18 14:21 91544 ----a-w- c:\program files\Mozilla Firefox\updated\nssdbm3.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-08-28 18:14 . 2013-08-28 18:20 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 13:53 . 2012-09-07 12:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 13:53 . 2012-08-17 23:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2006-03-02 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-27 21:30 . 2013-05-13 17:18 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 21:30 . 2011-12-22 18:00 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 21:30 . 2011-12-22 18:00 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2009-03-31 20:47 . 2013-04-11 22:17 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ATIModeChange"="Ati2mdxx.exe" [2005-02-23 25088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX125 Series]
2009-09-14 07:00 200704 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 07:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
2013-04-03 01:04 3684488 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2009-02-20 15:55 326656 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"N360"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [13.5.2013 19:18 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [13.5.2013 19:18 175176]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2010 22:43 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.12.2011 20:00 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.12.2011 20:00 369584]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [26.4.2012 22:25 32768]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 18:07 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2011 20:00 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.5.2013 19:18 66336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.9.2013 0:57 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [21.9.2013 23:53 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [21.9.2013 23:53 1033688]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [26.4.2012 22:25 587472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.9.2013 0:57 22856]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [21.9.2013 23:53 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 13:53]
.
2013-09-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 08:58]
.
2013-09-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-21 08:58]
.
2013-09-21 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-21 08:57]
.
2013-09-21 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-09-21 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.100.1
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://games.bigfishgames.com/en_fashio ... 0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy- ... 0.0.15.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.13.cab
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://games.bigfishgames.com/en_great- ... 0.0.12.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.10.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://games.bigfishgames.com/en_chocol ... .0.0.6.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2013-08-29 19:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-EEventManager - c:\program files\Epson Software\Event Manager\EEventManager.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-22 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2013-09-22 20:06:50
ComboFix-quarantined-files.txt 2013-09-22 18:06
.
Před spuštěním: Volných bajtů: 65 766 244 352
Po spuštění: Volných bajtů: 65 721 171 968
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0221B588CEE70F11EE1C536247F33AE6
413FC2A0C716421B3158746D63736515

[nerolli]

PC se mi zrychlil, už nemám problém se spouštěním programů, na ploše se mi objevila dlouho postrádaná ikona "tento pc" a také IExplorer, který roky vůbec nepoužívám. Ale při kontrole v ccleaneru jsem dnes opakovaně přišla na to, že se mi z Exploreru ukládají dočasné soubory.
Vše jsem vymazala, spustila Firefox a udělala novou analýza a Firefox měl 2 dočasné soubory a Explorer 47 je to normální? :)

A ještě se mi po aplikaci Combofixu na Vašich stránkách najednou zorbazuje Výstraha: 530 login authetication failed, která mi vyskočí 2 až 3x

[memphisto]

Odinstaluj Spybot a Spyware Terminátora a znova Combofix

[nerolli]

Tak změna, po restartu, se mi vše zobrazuje nějak divně, širší. Zase se mi pc trochu zpomalilo, ale ne tak jak to bylo na počátku, zmizela mi nabídka "úsporný režim" a při přetahovaní okna na ploše se mi to seká a vlní, což předtím nedělalo..
Nastavila jsem tedy poslední známou konfig ale nic se nezměnilo.

Log Combofixu po odinstalaci antispy


ComboFix 13-09-22.01 - PC 22.09.2013 22:07:49.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.625 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-22 do 2013-09-22 )))))))))))))))))))))))))))))))
.
.
2013-09-22 17:29 . 2010-02-10 19:20 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2013-09-22 17:29 . 2010-02-10 19:20 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2013-09-22 17:29 . 2010-02-10 19:20 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
2013-09-22 17:29 . 2010-02-10 19:20 217088 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2013-09-22 17:29 . 2010-02-10 19:20 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2013-09-22 17:21 . 2013-09-22 17:21 -------- d-----w- c:\program files\CPUID
2013-09-22 12:50 . 2013-09-22 12:50 -------- d-----w- c:\windows\ERUNT
2013-09-21 23:14 . 2013-09-22 12:34 -------- d-----w- C:\AdwCleaner
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\PC\Data aplikací\Malwarebytes
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-21 22:57 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-21 22:57 . 2013-09-21 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-21 22:12 . 2013-09-21 22:12 -------- d-----w- c:\program files\Trend Micro
2013-09-20 11:12 . 2013-09-20 11:12 -------- d-----w- c:\program files\ESET
2013-09-17 08:58 . 2013-06-18 14:21 91544 ----a-w- c:\program files\Mozilla Firefox\updated\nssdbm3.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-08-28 18:14 . 2013-08-28 18:20 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 13:53 . 2012-09-07 12:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 13:53 . 2012-08-17 23:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2006-03-02 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-27 21:30 . 2013-05-13 17:18 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 21:30 . 2011-12-22 18:00 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 21:30 . 2011-12-22 18:00 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2009-03-31 20:47 . 2013-04-11 22:17 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 07:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2009-02-20 15:55 326656 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"N360"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [13.5.2013 19:18 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [13.5.2013 19:18 175176]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2010 22:43 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.12.2011 20:00 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.12.2011 20:00 369584]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 18:07 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2011 20:00 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.5.2013 19:18 66336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.9.2013 0:57 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.9.2013 0:57 22856]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 13:53]
.
2013-09-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
TCP: DhcpNameServer = 192.168.100.1
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://games.bigfishgames.com/en_fashio ... 0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy- ... 0.0.15.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.13.cab
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://games.bigfishgames.com/en_great- ... 0.0.12.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.10.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://games.bigfishgames.com/en_chocol ... .0.0.6.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2013-08-29 19:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-EPSON SX125 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE
MSConfigStartUp-SpywareTerminatorUpdater - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-22 22:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3040)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-09-22 22:15:09
ComboFix-quarantined-files.txt 2013-09-22 20:15
ComboFix2.txt 2013-09-22 18:06
.
Před spuštěním: Volných bajtů: 65 856 524 288
Po spuštění: Volných bajtů: 65 840 472 064
.
- - End Of File - - B0C203CAC891CE09F75CA2D6D69AE896
413FC2A0C716421B3158746D63736515

[nerolli]

Tak změna, po restartu, se mi vše zobrazuje nějak divně, širší. Zase se mi pc trochu zpomalilo, ale ne tak jak to bylo na počátku, zmizela mi nabídka "úsporný režim" a při přetahovaní okna na ploše se mi to seká a vlní, což předtím nedělalo..
Nastavila jsem tedy poslední známou konfig ale nic se nezměnilo.

Ještě jsem přišla na to, že mi nefunguje zvuk.

[jaro3]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

Odinstaluj jeden antivir
Pak znovu Combofix.

Ty ostatní problémy vyřešíme potom.

[nerolli]

Dobře, jen pro info zvuk mi najednou zase jede.

Ale mám problém s tím Nortonem, nemůžu ho nikde najít.

[nerolli]

Tak jsem našla jednu složku symantec, jinak nic tu jsem smázla přesto ten norton v tom logu stále vidím, tak nevím jak ho dopadnout :)

ComboFix 13-09-22.01 - PC 23.09.2013 14:31:14.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.691 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-23 do 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-22 21:51 . 2013-09-22 21:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-09-22 21:51 . 2013-09-22 21:51 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\eSupport.com
2013-09-22 17:29 . 2010-02-10 19:20 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2013-09-22 17:29 . 2010-02-10 19:20 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2013-09-22 17:29 . 2010-02-10 19:20 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
2013-09-22 17:29 . 2010-02-10 19:20 217088 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2013-09-22 17:29 . 2010-02-10 19:20 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2013-09-22 17:21 . 2013-09-22 17:21 -------- d-----w- c:\program files\CPUID
2013-09-22 12:50 . 2013-09-22 12:50 -------- d-----w- c:\windows\ERUNT
2013-09-21 23:14 . 2013-09-22 12:34 -------- d-----w- C:\AdwCleaner
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\PC\Data aplikací\Malwarebytes
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-21 22:12 . 2013-09-21 22:12 -------- d-----w- c:\program files\Trend Micro
2013-09-20 11:12 . 2013-09-20 11:12 -------- d-----w- c:\program files\ESET
2013-09-17 08:58 . 2013-06-18 14:21 91544 ----a-w- c:\program files\Mozilla Firefox\updated\nssdbm3.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-08-28 18:14 . 2013-08-28 18:20 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 13:53 . 2012-09-07 12:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 13:53 . 2012-08-17 23:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2006-03-02 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-27 21:30 . 2013-05-13 17:18 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 21:30 . 2011-12-22 18:00 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 21:30 . 2011-12-22 18:00 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2009-03-31 20:47 . 2013-04-11 22:17 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 07:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2009-02-20 15:55 326656 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"N360"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [13.5.2013 19:18 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [13.5.2013 19:18 175176]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2010 22:43 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.12.2011 20:00 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.12.2011 20:00 369584]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 18:07 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2011 20:00 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.5.2013 19:18 66336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [22.9.2013 23:51 23456]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 13:53]
.
2013-09-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
TCP: DhcpNameServer = 192.168.100.1
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://games.bigfishgames.com/en_fashio ... 0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy- ... 0.0.15.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.13.cab
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://games.bigfishgames.com/en_great- ... 0.0.12.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.10.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://games.bigfishgames.com/en_chocol ... .0.0.6.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2013-08-29 19:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
**************************************************************************
.
scan completed successfully
hidden files: 0
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-23 14:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3748)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-09-23 14:39:24
ComboFix-quarantined-files.txt 2013-09-23 12:39
ComboFix2.txt 2013-09-22 20:15
ComboFix3.txt 2013-09-22 18:06
.
Před spuštěním: Volných bajtů: 65 672 208 384
Po spuštění: Volných bajtů: 65 663 668 224
.
- - End Of File - - D1765DE8FD89DCBB9D55012403A0BF77
413FC2A0C716421B3158746D63736515

[memphisto]

Tady máš na toho Nortona nástroj:
https://support.norton.com/sp/cs/cz/hom ... file_cs_cz

[nerolli]

Děkuji za ten nástroj, norton je už zdá se fuč :)


ComboFix 13-09-23.02 - PC 23.09.2013 18:10:17.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.695 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-23 do 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-22 21:51 . 2013-09-22 21:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-09-22 21:51 . 2013-09-22 21:51 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\eSupport.com
2013-09-22 17:29 . 2010-02-10 19:20 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2013-09-22 17:29 . 2010-02-10 19:20 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2013-09-22 17:29 . 2010-02-10 19:20 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
2013-09-22 17:29 . 2010-02-10 19:20 217088 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2013-09-22 17:29 . 2010-02-10 19:20 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2013-09-22 17:21 . 2013-09-22 17:21 -------- d-----w- c:\program files\CPUID
2013-09-22 12:50 . 2013-09-22 12:50 -------- d-----w- c:\windows\ERUNT
2013-09-21 23:14 . 2013-09-22 12:34 -------- d-----w- C:\AdwCleaner
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\PC\Data aplikací\Malwarebytes
2013-09-21 22:58 . 2013-09-21 22:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-09-21 22:12 . 2013-09-21 22:12 -------- d-----w- c:\program files\Trend Micro
2013-09-20 11:12 . 2013-09-20 11:12 -------- d-----w- c:\program files\ESET
2013-09-17 08:58 . 2013-06-18 14:21 91544 ----a-w- c:\program files\Mozilla Firefox\updated\nssdbm3.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-08-28 18:14 . 2013-08-28 18:20 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 13:53 . 2012-09-07 12:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 13:53 . 2012-08-17 23:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2006-03-02 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-03-02 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-03-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2006-03-02 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-27 21:30 . 2013-05-13 17:18 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 21:30 . 2011-12-22 18:00 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 21:30 . 2011-12-22 18:00 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2009-03-31 20:47 . 2013-04-11 22:17 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 07:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2009-02-20 15:55 326656 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"N360"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [13.5.2013 19:18 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [13.5.2013 19:18 175176]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2010 22:43 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.12.2011 20:00 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.12.2011 20:00 369584]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.5.2009 18:07 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2011 20:00 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.5.2013 19:18 66336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21.6.2013 9:53 162408]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [22.9.2013 23:51 23456]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 13:53]
.
2013-09-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
TCP: DhcpNameServer = 192.168.100.1
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://games.bigfishgames.com/en_fashio ... 0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy- ... 0.0.15.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.13.cab
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://games.bigfishgames.com/en_great- ... 0.0.12.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocol ... 0.0.10.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://games.bigfishgames.com/en_chocol ... .0.0.6.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2013-08-29 19:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\wjfurlfy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-23 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1596)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-09-23 18:18:27
ComboFix-quarantined-files.txt 2013-09-23 16:18
ComboFix2.txt 2013-09-23 12:39
ComboFix3.txt 2013-09-22 20:15
ComboFix4.txt 2013-09-22 18:06
.
Před spuštěním: Volných bajtů: 65 669 349 376
Po spuštění: Volných bajtů: 65 674 776 576
.
- - End Of File - - E90A3C88E25165F3D7B026B7BEA78549
413FC2A0C716421B3158746D63736515