Prohlížeč zatěžuje CPU na 100% Vyřešeno

[rados-75]

ComboFix 13-06-01.01 - Doma 2013-06-01 19:51:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1195 [GMT 2:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\system32\Dvbpws.dll
c:\windows\system32\SET265.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETEC.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-01 do 2013-06-01 )))))))))))))))))))))))))))))))
.
.
2013-06-01 17:31 . 2013-06-01 17:31 29904 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\MpKsl73375525.sys
2013-06-01 13:09 . 2013-06-01 13:10 -------- dc----w- c:\documents and settings\Administrator
2013-06-01 12:39 . 2013-06-01 12:39 -------- dc----w- c:\documents and settings\Doma\Data aplikací\Malwarebytes
2013-06-01 12:38 . 2013-06-01 12:38 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-06-01 12:38 . 2013-04-04 12:50 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2013-06-01 12:38 . 2013-06-01 13:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-01 12:10 . 2013-06-01 12:10 388096 -c--a-r- c:\documents and settings\Doma\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-01 07:04 . 2013-06-01 12:10 -------- dc----w- c:\program files\trend micro
2013-06-01 07:04 . 2013-06-01 07:04 -------- dc----w- C:\rsit
2013-06-01 05:37 . 2013-05-13 23:49 7016152 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\mpengine.dll
2013-05-31 22:03 . 2013-05-13 23:49 7016152 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-31 22:03 . 2013-05-02 15:28 238872 -c----w- c:\windows\system32\MpSigStub.exe
2013-05-31 21:59 . 2013-05-31 21:59 -------- dc----w- c:\program files\Microsoft Security Client
2013-05-31 21:15 . 2013-05-31 21:16 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\Avg2013
2013-05-29 16:09 . 2013-05-29 16:09 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\VS Revo Group
2013-05-29 16:09 . 2009-12-30 09:20 27064 -c--a-w- c:\windows\system32\drivers\revoflt.sys
2013-05-29 16:09 . 2013-05-29 16:09 -------- dc----w- c:\program files\VS Revo Group
2013-05-29 15:35 . 2013-05-29 15:35 -------- dc----w- c:\program files\Defraggler
2013-05-29 15:34 . 2013-05-29 15:35 -------- dc----w- c:\program files\Google
2013-05-29 15:17 . 2013-05-29 15:17 -------- dc----w- c:\documents and settings\Doma\Data aplikací\TuneUp Software
2013-05-29 15:13 . 2013-05-31 21:16 -------- dc----w- c:\documents and settings\All Users\Data aplikací\MFAData
2013-05-29 15:13 . 2013-05-29 15:13 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2013-05-29 15:13 . 2013-05-29 15:13 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\MFAData
2013-05-29 15:02 . 2013-05-29 15:02 -------- dc----w- c:\program files\CCleaner
2013-05-10 07:57 . 2013-05-10 07:57 187456 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 16:31 . 2012-04-18 21:10 693976 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-26 16:31 . 2011-05-14 17:57 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-30 16:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SpeedFan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2006-10-16 20:17 1941784 ----a-w- c:\program files\Acronis True Image Home 10\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 15:18 1098072 ----a-w- d:\garmin\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
2011-03-03 08:38 380416 ----a-w- c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 -c--a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]
2003-03-11 08:52 45056 ----a-w- c:\program files\Restore Desktop\RestoreDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-16 20:12 1164912 ----a-w- c:\program files\Acronis True Image Home 10\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-12-19 15:09 2846720 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-12-21 12:34 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Garmin Core Update Service"=2 (0x2)
"RichVideo"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"CmdAgent"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 MpKsl73375525;MpKsl73375525;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\MpKsl73375525.sys [2013-06-01 29904]
R1 prio;prio driver;c:\windows\system32\drivers\prio.sys [2005-11-28 29184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [2008-03-07 9856]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-10-01 374152]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2008-03-07 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2008-03-07 167040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-06-01 22856]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2008-03-07 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2008-03-07 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2008-03-07 10496]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-06-01 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-06-01 701512]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-05-29 27064]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-03-07 9446]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [2007-03-21 176256]
S4 Garmin Core Update Service;Garmin Core Update Service;d:\garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - HTTPFILTER
*NewlyCreated* - MPKSL73375525
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-29 15:35 1165776 -c--a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:34]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:34]
.
2013-06-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\wnn8u1fr.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=cs
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-09-05 14:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-WgaLogon - (no file)
MSConfigStartUp-Comodo Firewall - c:\program files\Comodo\Firewall\CPF.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
MSConfigStartUp-Garmin Lifetime Updater - d:\garmin\GarminLifetime.exe
AddRemove-XPv3.8.273 - c:\windows\Radeon Omega Drivers v3.8.273
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-01 19:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E3DA86AE59C8E3DCBD8E6D8572D975E093CDD8B756C646E721E5B94CD3F82DDD76C6738A48333688574D7328174811E7365C5BCE9B217B57394F3EE4C011C40CCEB267361C7764DA57D0375D9EB997CDD88E0E0BCF8218164A19C5111DD559B6E1E2BB43BCFBE09A82EA6BAC1431A5E2B2609B8B3FA801169B0C942297E3B615A78A6ED9D6D881E5A4DC68B14662B7C77C4154FD7886FEA0F86495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DFEBC9E127BECC74CA9C6AECB7A5D14073A4BF9E60E076E3C18F47729A30CFAEDEDD73DC371B7F82EC0D6C5DB3D9333DBB34ABC5A122FFC10CABDBFA0A4DE5B1977417245151B04877AC4E76E6BE0A9C2160752AC79A9973A8C9988F1FD741E9E7064DA9420D9D0A5C7CEB95F36310F6E766927B3DEC9E564882D7C3FEBB039BD39C8FC3B15873F05D8FEBFC105E951B17A1B5D2DB1E48357F8E5790D82F914DABFB994A7CB3EA7C07423B28C15F65584DD89CA37B0558185AE7093C2A83D0E018BC991A8F199D39DF34BFD98F6C47001EFE678D5F37B62020D43102D986975DBB44B17F505BA007E484D42A411C46E6614A9A36FE4391F838E13EAFCE1F2913C6956FBA7D947DF7071C1D5D41A6C0E17410DBDD0BFF424E7BDDA51C5E5D01A97E948CD3C9865199F8706BFAD1F37039A820D6D28979950AE3B5CA501DC7E3D060DBF4A93BB44C55EB2BA3C99029F739BF7ED8B895216787ABB177E0AD07B1BC43A22E4749492F32232463C6876AA7BE8553426EBA95CE3930755A722A04C48356F97C608C586A404D7D165CB065CA8755F2BFC2CABE2CFE679209EEC7E784EDCBE8B4ADA4757CFC38BC810D80D3D00D8F3E0878738256B05044817F4730B2B62CBAE7E5FE5C2DCC3C55E460C3DDC764C02A66F220822DB1F2ADFF4235794CE93517428EA3F092C8795064BC21ACC78308B931084A25BB70F84BD554BDA281E631D16BC36C9EE8F3A1D7992BF7CA164872880FC1866580BCF3FFD869E805D73630F0F6B5F4B3D4C291336452913F58DF7040C7BAE84A25602990009389ECE9A4F9C9F106760401C47407D3E8ADBE5BACDDD9A047A844A8EE96A6515935F1E5402CE4B4034F8492D2A85538FCF2D152777884F45113EE11AED97171510C26E577EC45BC20ED82CA20BD2827ECC2FA70286EC95A0F0E0FED59B9EBEA7731B66CAE72DDB92A2974291C8AF970238DF48ECB3049B2A78ED3D12218FCC1FE58F33CC084F1CE00520E683643563C6AC8EA48159DED32D6ABA3A92540F7381739A036D4B83B010A8337CF784137B2D27E06DC8761F73266EF1988E2BD32A0A8C0B0A3341B7F2B7E76467DFF28A38CA0C4F5843AD7E74488F8F01B3C3AC2D260603001622EBFC247F9B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\prio.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\prio.dll
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2013-06-01 19:59:08
ComboFix-quarantined-files.txt 2013-06-01 17:59
.
Před spuštěním: Volných bajtů: 11 465 789 440
Po spuštění: Volných bajtů: 11 740 434 432
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 73E2EC8A2DA3B662570F9356D0A323F1

[Reklama]

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\documents and settings\Doma\Local Settings\Data aplikací\Avg2013

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[rados-75]

ComboFix 13-06-01.01 - Doma 2013-06-01 21:00:43.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1139 [GMT 2:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Doma\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-01 do 2013-06-01 )))))))))))))))))))))))))))))))
.
.
2013-06-01 19:07 . 2013-06-01 19:07 29904 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\MpKsleb34100e.sys
2013-06-01 17:31 . 2013-06-01 17:31 29904 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\MpKsl73375525.sys
2013-06-01 13:09 . 2013-06-01 13:10 -------- dc----w- c:\documents and settings\Administrator
2013-06-01 12:39 . 2013-06-01 12:39 -------- dc----w- c:\documents and settings\Doma\Data aplikací\Malwarebytes
2013-06-01 12:38 . 2013-06-01 12:38 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-06-01 12:38 . 2013-04-04 12:50 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2013-06-01 12:38 . 2013-06-01 13:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-01 12:10 . 2013-06-01 12:10 388096 -c--a-r- c:\documents and settings\Doma\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-01 07:04 . 2013-06-01 12:10 -------- dc----w- c:\program files\trend micro
2013-06-01 07:04 . 2013-06-01 07:04 -------- dc----w- C:\rsit
2013-06-01 05:37 . 2013-05-13 23:49 7016152 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\mpengine.dll
2013-05-31 22:03 . 2013-05-13 23:49 7016152 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-31 22:03 . 2013-05-02 15:28 238872 -c----w- c:\windows\system32\MpSigStub.exe
2013-05-31 21:59 . 2013-05-31 21:59 -------- dc----w- c:\program files\Microsoft Security Client
2013-05-31 21:15 . 2013-05-31 21:16 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\Avg2013
2013-05-29 16:09 . 2013-05-29 16:09 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\VS Revo Group
2013-05-29 16:09 . 2009-12-30 09:20 27064 -c--a-w- c:\windows\system32\drivers\revoflt.sys
2013-05-29 16:09 . 2013-05-29 16:09 -------- dc----w- c:\program files\VS Revo Group
2013-05-29 15:35 . 2013-05-29 15:35 -------- dc----w- c:\program files\Defraggler
2013-05-29 15:34 . 2013-05-29 15:35 -------- dc----w- c:\program files\Google
2013-05-29 15:17 . 2013-05-29 15:17 -------- dc----w- c:\documents and settings\Doma\Data aplikací\TuneUp Software
2013-05-29 15:13 . 2013-05-31 21:16 -------- dc----w- c:\documents and settings\All Users\Data aplikací\MFAData
2013-05-29 15:13 . 2013-05-29 15:13 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2013-05-29 15:13 . 2013-05-29 15:13 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\MFAData
2013-05-29 15:02 . 2013-05-29 15:02 -------- dc----w- c:\program files\CCleaner
2013-05-10 07:57 . 2013-05-10 07:57 187456 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 16:31 . 2012-04-18 21:10 693976 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-26 16:31 . 2011-05-14 17:57 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-30 16:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SpeedFan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2006-10-16 20:17 1941784 ----a-w- c:\program files\Acronis True Image Home 10\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 15:18 1098072 ----a-w- d:\garmin\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
2011-03-03 08:38 380416 ----a-w- c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 -c--a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]
2003-03-11 08:52 45056 ----a-w- c:\program files\Restore Desktop\RestoreDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-16 20:12 1164912 ----a-w- c:\program files\Acronis True Image Home 10\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-12-19 15:09 2846720 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-12-21 12:34 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Garmin Core Update Service"=2 (0x2)
"RichVideo"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"CmdAgent"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 MpKsleb34100e;MpKsleb34100e;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\MpKsleb34100e.sys [2013-06-01 29904]
R1 prio;prio driver;c:\windows\system32\drivers\prio.sys [2005-11-28 29184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [2008-03-07 9856]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-10-01 374152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-06-01 418376]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2008-03-07 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2008-03-07 167040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-06-01 22856]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2008-03-07 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2008-03-07 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2008-03-07 10496]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-06-01 701512]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-05-29 27064]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-03-07 9446]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [2007-03-21 176256]
S4 Garmin Core Update Service;Garmin Core Update Service;d:\garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLEB34100E
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-29 15:35 1165776 -c--a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:34]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\wnn8u1fr.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=cs
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-09-05 14:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-01 21:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E3DA86AE59C8E3DCBD8E6D8572D975E093CDD8B756C646E721E5B94CD3F82DDD76C6738A48333688574D7328174811E7365C5BCE9B217B57394F3EE4C011C40CCEB267361C7764DA57D0375D9EB997CDD88E0E0BCF8218164A19C5111DD559B6E1E2BB43BCFBE09A82EA6BAC1431A5E2B2609B8B3FA801169B0C942297E3B615A78A6ED9D6D881E5A4DC68B14662B7C77C4154FD7886FEA0F86495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DFEBC9E127BECC74CA9C6AECB7A5D14073A4BF9E60E076E3C18F47729A30CFAEDEDD73DC371B7F82EC0D6C5DB3D9333DBB34ABC5A122FFC10CABDBFA0A4DE5B1977417245151B04877AC4E76E6BE0A9C2160752AC79A9973A8C9988F1FD741E9E7064DA9420D9D0A5C7CEB95F36310F6E766927B3DEC9E564882D7C3FEBB039BD39C8FC3B15873F05D8FEBFC105E951B17A1B5D2DB1E48357F8E5790D82F914DABFB994A7CB3EA7C07423B28C15F65584DD89CA37B0558185AE7093C2A83D0E018BC991A8F199D39DF34BFD98F6C47001EFE678D5F37B62020D43102D986975DBB44B17F505BA007E484D42A411C46E6614A9A36FE4391F838E13EAFCE1F2913C6956FBA7D947DF7071C1D5D41A6C0E17410DBDD0BFF424E7BDDA51C5E5D01A97E948CD3C9865199F8706BFAD1F37039A820D6D28979950AE3B5CA501DC7E3D060DBF4A93BB44C55EB2BA3C99029F739BF7ED8B895216787ABB177E0AD07B1BC43A22E4749492F32232463C6876AA7BE8553426EBA95CE3930755A722A04C48356F97C608C586A404D7D165CB065CA8755F2BFC2CABE2CFE679209EEC7E784EDCBE8B4ADA4757CFC38BC810D80D3D00D8F3E0878738256B05044817F4730B2B62CBAE7E5FE5C2DCC3C55E460C3DDC764C02A66F220822DB1F2ADFF4235794CE93517428EA3F092C8795064BC21ACC78308B931084A25BB70F84BD554BDA281E631D16BC36C9EE8F3A1D7992BF7CA164872880FC1866580BCF3FFD869E805D73630F0F6B5F4B3D4C291336452913F58DF7040C7BAE84A25602990009389ECE9A4F9C9F106760401C47407D3E8ADBE5BACDDD9A047A844A8EE96A6515935F1E5402CE4B4034F8492D2A85538FCF2D152777884F45113EE11AED97171510C26E577EC45BC20ED82CA20BD2827ECC2FA70286EC95A0F0E0FED59B9EBEA7731B66CAE72DDB92A2974291C8AF970238DF48ECB3049B2A78ED3D12218FCC1FE58F33CC084F1CE00520E683643563C6AC8EA48159DED32D6ABA3A92540F7381739A036D4B83B010A8337CF784137B2D27E06DC8761F73266EF1988E2BD32A0A8C0B0A3341B7F2B7E76467DFF28A38CA0C4F5843AD7E74488F8F01B3C3AC2D260603001622EBFC247F9B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
.
**************************************************************************
.
Celkový čas: 2013-06-01 21:10:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-01 19:10
ComboFix2.txt 2013-06-01 17:59
.
Před spuštěním: Volných bajtů: 11 769 790 464
Po spuštění: Volných bajtů: 11 744 768 000
.
- - End Of File - - 998FC0B1DBBCCAD18CB90EB477B2579A

[memphisto]

Nic se neprovedlo. ZKus to v nouzovém režimu

[rados-75]

ComboFix 13-06-01.01 - Doma 2013-06-01 22:42:58.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1255 [GMT 2:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Doma\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-01 do 2013-06-01 )))))))))))))))))))))))))))))))
.
.
2013-06-01 20:55 . 2013-06-01 20:55 29904 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\MpKsl01b2dd59.sys
2013-06-01 13:09 . 2013-06-01 13:10 -------- dc----w- c:\documents and settings\Administrator
2013-06-01 12:39 . 2013-06-01 12:39 -------- dc----w- c:\documents and settings\Doma\Data aplikací\Malwarebytes
2013-06-01 12:38 . 2013-06-01 12:38 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-06-01 12:38 . 2013-04-04 12:50 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2013-06-01 12:38 . 2013-06-01 13:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-01 12:10 . 2013-06-01 12:10 388096 -c--a-r- c:\documents and settings\Doma\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-01 07:04 . 2013-06-01 12:10 -------- dc----w- c:\program files\trend micro
2013-06-01 07:04 . 2013-06-01 07:04 -------- dc----w- C:\rsit
2013-06-01 05:37 . 2013-05-13 23:49 7016152 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\mpengine.dll
2013-05-31 22:03 . 2013-05-13 23:49 7016152 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-31 22:03 . 2013-05-02 15:28 238872 -c----w- c:\windows\system32\MpSigStub.exe
2013-05-31 21:59 . 2013-05-31 21:59 -------- dc----w- c:\program files\Microsoft Security Client
2013-05-31 21:15 . 2013-05-31 21:16 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\Avg2013
2013-05-29 16:09 . 2013-05-29 16:09 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\VS Revo Group
2013-05-29 16:09 . 2009-12-30 09:20 27064 -c--a-w- c:\windows\system32\drivers\revoflt.sys
2013-05-29 16:09 . 2013-05-29 16:09 -------- dc----w- c:\program files\VS Revo Group
2013-05-29 15:35 . 2013-05-29 15:35 -------- dc----w- c:\program files\Defraggler
2013-05-29 15:34 . 2013-05-29 15:35 -------- dc----w- c:\program files\Google
2013-05-29 15:17 . 2013-05-29 15:17 -------- dc----w- c:\documents and settings\Doma\Data aplikací\TuneUp Software
2013-05-29 15:13 . 2013-05-31 21:16 -------- dc----w- c:\documents and settings\All Users\Data aplikací\MFAData
2013-05-29 15:13 . 2013-05-29 15:13 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2013-05-29 15:13 . 2013-05-29 15:13 -------- dc----w- c:\documents and settings\Doma\Local Settings\Data aplikací\MFAData
2013-05-29 15:02 . 2013-05-29 15:02 -------- dc----w- c:\program files\CCleaner
2013-05-10 07:57 . 2013-05-10 07:57 187456 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 16:31 . 2012-04-18 21:10 693976 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-26 16:31 . 2011-05-14 17:57 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-30 16:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SpeedFan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2006-10-16 20:17 1941784 ----a-w- c:\program files\Acronis True Image Home 10\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 15:18 1098072 ----a-w- d:\garmin\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
2011-03-03 08:38 380416 ----a-w- c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 -c--a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]
2003-03-11 08:52 45056 ----a-w- c:\program files\Restore Desktop\RestoreDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-16 20:12 1164912 ----a-w- c:\program files\Acronis True Image Home 10\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-12-19 15:09 2846720 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-12-21 12:34 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Garmin Core Update Service"=2 (0x2)
"RichVideo"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"CmdAgent"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 MpKsl01b2dd59;MpKsl01b2dd59;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F17AD03E-2131-4131-9501-C01C7CAC19AA}\MpKsl01b2dd59.sys [2013-06-01 29904]
R1 prio;prio driver;c:\windows\system32\drivers\prio.sys [2005-11-28 29184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [2008-03-07 9856]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-10-01 374152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-06-01 418376]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2008-03-07 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2008-03-07 167040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-06-01 22856]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2008-03-07 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2008-03-07 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2008-03-07 10496]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-06-01 701512]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-05-29 27064]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-03-07 9446]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [2007-03-21 176256]
S4 Garmin Core Update Service;Garmin Core Update Service;d:\garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL01B2DD59
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-29 15:35 1165776 -c--a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:34]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-29 15:34]
.
2013-06-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\wnn8u1fr.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=cs
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-09-05 14:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-01 22:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E3DA86AE59C8E3DCBD8E6D8572D975E093CDD8B756C646E721E5B94CD3F82DDD76C6738A48333688574D7328174811E7365C5BCE9B217B57394F3EE4C011C40CCEB267361C7764DA57D0375D9EB997CDD88E0E0BCF8218164A19C5111DD559B6E1E2BB43BCFBE09A82EA6BAC1431A5E2B2609B8B3FA801169B0C942297E3B615A78A6ED9D6D881E5A4DC68B14662B7C77C4154FD7886FEA0F86495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DFEBC9E127BECC74CA9C6AECB7A5D14073A4BF9E60E076E3C18F47729A30CFAEDEDD73DC371B7F82EC0D6C5DB3D9333DBB34ABC5A122FFC10CABDBFA0A4DE5B1977417245151B04877AC4E76E6BE0A9C2160752AC79A9973A8C9988F1FD741E9E7064DA9420D9D0A5C7CEB95F36310F6E766927B3DEC9E564882D7C3FEBB039BD39C8FC3B15873F05D8FEBFC105E951B17A1B5D2DB1E48357F8E5790D82F914DABFB994A7CB3EA7C07423B28C15F65584DD89CA37B0558185AE7093C2A83D0E018BC991A8F199D39DF34BFD98F6C47001EFE678D5F37B62020D43102D986975DBB44B17F505BA007E484D42A411C46E6614A9A36FE4391F838E13EAFCE1F2913C6956FBA7D947DF7071C1D5D41A6C0E17410DBDD0BFF424E7BDDA51C5E5D01A97E948CD3C9865199F8706BFAD1F37039A820D6D28979950AE3B5CA501DC7E3D060DBF4A93BB44C55EB2BA3C99029F739BF7ED8B895216787ABB177E0AD07B1BC43A22E4749492F32232463C6876AA7BE8553426EBA95CE3930755A722A04C48356F97C608C586A404D7D165CB065CA8755F2BFC2CABE2CFE679209EEC7E784EDCBE8B4ADA4757CFC38BC810D80D3D00D8F3E0878738256B05044817F4730B2B62CBAE7E5FE5C2DCC3C55E460C3DDC764C02A66F220822DB1F2ADFF4235794CE93517428EA3F092C8795064BC21ACC78308B931084A25BB70F84BD554BDA281E631D16BC36C9EE8F3A1D7992BF7CA164872880FC1866580BCF3FFD869E805D73630F0F6B5F4B3D4C291336452913F58DF7040C7BAE84A25602990009389ECE9A4F9C9F106760401C47407D3E8ADBE5BACDDD9A047A844A8EE96A6515935F1E5402CE4B4034F8492D2A85538FCF2D152777884F45113EE11AED97171510C26E577EC45BC20ED82CA20BD2827ECC2FA70286EC95A0F0E0FED59B9EBEA7731B66CAE72DDB92A2974291C8AF970238DF48ECB3049B2A78ED3D12218FCC1FE58F33CC084F1CE00520E683643563C6AC8EA48159DED32D6ABA3A92540F7381739A036D4B83B010A8337CF784137B2D27E06DC8761F73266EF1988E2BD32A0A8C0B0A3341B7F2B7E76467DFF28A38CA0C4F5843AD7E74488F8F01B3C3AC2D260603001622EBFC247F9B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-06-01 22:58:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-01 20:58
ComboFix2.txt 2013-06-01 19:10
ComboFix3.txt 2013-06-01 17:59
.
Před spuštěním: Volných bajtů: 13 444 497 408
Po spuštění: Volných bajtů: 11 743 072 256
.
- - End Of File - - 4E0ED0251D8F528A1C55D5ED0422BF5F

[memphisto]

Zase nic, ale nevadí. Nebylo to nic nezbytného. Jen zbytečnosti.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

+ Nový log z HJT

Jak se chová PC?

[rados-75]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:30:06, on 2013-06-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\prio.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 6046 bytes

[memphisto]

Jak se chová PC?

[rados-75]

Vypadá to že je to o něco lepší. Nyní jsme na nějakých 70% s použitím Flash Playeru

[memphisto]

V HJT fixni:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Napiš o jakou sestavu se jedná. On je Flash docela nenažraný...

[rados-75]

Konfigurace:
Win XP Pro SP3
AMD Athlon XP 2500+
1,5 GB RAM
MB: GB GA-7VT600 1394

[memphisto]

Ten procesor je už dnes docela slabý. Obávám se, že problém bude v něm. Flash je poměrně náročný a pokud máš v prohlížeči otevřeno více záložek, tak už může být problém...