preventivka při zvláštním chování

Zpráva

nereide · #1 Příspěvek od **nereide** » 18 bře 2015 22:54

Dobrý den, obracím se na Vás s prosbou o kontrolu logu z RSIT. Jen cítím, že se PC trochu zadrhává a navíc mi to při vyhledávání ukázalo, že jsem připojená přes proxy síť dánské univerzity do které bych neměla mít vůbec přístup (týká se i přítelova PC na stejném netu zde doma).

Tak jen pro jistotu. Odpověď nespěchá, dostanu se k tomu až zítra v noci

Logfile of random's system information tool 1.10 (written by random/random)
Run by uzivatel at 2015-03-18 22:43:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (26%) free of 153 GB
Total RAM: 953 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:44:49, on 18.3.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\a0e0855f-305e-4fb2-bec7-aea89cad7f44.exe /check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1530185827
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 3837 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@xstandard.com/XStandard]
"Description"=
"Path"=C:\Program Files\XStandard\Bin\NPXStandard.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-24 5226600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"=C:\Program Files\AVAST Software\Avast\setup\emupdate\a0e0855f-305e-4fb2-bec7-aea89cad7f44.exe [2015-03-18 183232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [2015-02-08 960688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-24 5226600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AudioSrv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-19 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*:Enabled:igfxsrvc Module"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\tlntsvr.exe"="C:\WINDOWS\system32\tlntsvr.exe:*:Disabled:telnet"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe"="C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe:*:Enabled:KMPProcess"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-03-18 22:43:22 ----D---- C:\rsit
2015-03-18 19:45:28 ----A---- C:\WINDOWS\system32\drivers\asw27B.tmp
2015-03-18 19:45:28 ----A---- C:\WINDOWS\system32\drivers\asw27A.tmp
2015-03-18 19:45:27 ----A---- C:\WINDOWS\system32\drivers\asw279.tmp
2015-03-18 19:45:26 ----A---- C:\WINDOWS\system32\drivers\asw278.tmp
2015-03-18 19:45:25 ----A---- C:\WINDOWS\system32\drivers\asw277.tmp
2015-03-18 19:45:25 ----A---- C:\WINDOWS\system32\drivers\asw276.tmp
2015-03-18 19:45:24 ----A---- C:\WINDOWS\system32\drivers\asw275.tmp
2015-03-18 19:45:22 ----A---- C:\WINDOWS\system32\drivers\asw274.tmp
2015-03-18 19:45:08 ----A---- C:\WINDOWS\system32\aswBoot.exe
2015-03-18 19:45:00 ----A---- C:\WINDOWS\avastSS.scr
2015-03-05 22:17:13 ----D---- C:\Program Files\Mozilla Firefox
2015-02-19 19:45:55 ----D---- C:\output
2015-02-19 19:42:00 ----D---- C:\Program Files\A-PDF Split
2015-02-19 19:40:24 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\GetRightToGo

======List of files/folders modified in the last 1 month======

2015-03-18 22:43:35 ----D---- C:\Program Files\trend micro
2015-03-18 21:34:26 ----D---- C:\WINDOWS\temp
2015-03-18 19:45:31 ----SD---- C:\WINDOWS\Tasks
2015-03-18 19:45:28 ----D---- C:\WINDOWS\system32\drivers
2015-03-18 19:45:08 ----D---- C:\WINDOWS\system32
2015-03-18 19:45:06 ----D---- C:\WINDOWS
2015-03-10 23:29:00 ----A---- C:\WINDOWS\CSTBox.INI
2015-03-07 09:10:32 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-03-07 09:10:32 ----D---- C:\Program Files
2015-02-22 22:56:07 ----SHD---- C:\WINDOWS\Installer
2015-02-22 22:56:07 ----D---- C:\Config.Msi
2015-02-19 19:44:55 ----D---- C:\PDFToExcelConverter
2015-02-19 10:55:48 ----A---- C:\DelFix.txt
2015-02-19 10:52:41 ----D---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-03-18 49904]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-03-18 206976]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2015-03-18 55200]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2015-03-18 788272]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2015-03-18 427480]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2015-03-18 57888]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-03-18 24144]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-03-18 73440]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 tap0901;TAP-Windows Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2013-08-22 35288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2007-05-04 105984]
S3 ipw_bus;IPWireless; C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-19 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-24 50344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-05 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE []

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 19 bře 2015 01:12

Zdravim

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu aswMBR - http://files.avast.com/files/rootkit-scanner/aswmbr.exe

spustte jako spravce (v pripade XP obycejne dvojklikem)
souhlaste s aktualizaci virove databaze Yes - bude se stahovat cca 160 MB
vse ponechte, jak je a kliknete na Scan - vezme cca 10 min
kliknete na Save log a ulozte vysledek skenu - obsah tohoto logu vlozte do sve pristi odpovedi

nereide · #3 Příspěvek od **nereide** » 21 bře 2015 22:18

Dobrý den, moc se omlouvám za nezvykle pozdní odpověď - neplánovaná nepřítomnost.

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-03-21 22:11:51
-----------------------------
22:11:51.406 OS Version: Windows 5.1.2600 Service Pack 3
22:11:51.406 Number of processors: 1 586 0x170A
22:11:51.406 ComputerName: NTBACER UserName:
22:11:52.515 Initialize success
22:11:52.531 VM: initialized successfully
22:11:52.531 VM: Intel CPU virtualization not supported
22:11:55.515 AVAST engine defs: 15032101
22:12:06.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:12:06.687 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
22:12:06.843 Disk 0 MBR read successfully
22:12:06.843 Disk 0 MBR scan
22:12:06.843 Disk 0 Windows XP default MBR code
22:12:06.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
22:12:06.843 Disk 0 Boot: NTFS code=1
22:12:06.859 Disk 0 scanning sectors +312560640
22:12:06.906 Disk 0 scanning C:\WINDOWS\system32\drivers
22:12:16.687 Service scanning
22:12:29.531 Modules scanning
22:12:29.546 Disk 0 trace - called modules:
22:12:29.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:12:29.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85755ab8]
22:12:29.593 3 CLASSPNP.SYS[f74e6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85771d98]
22:12:30.093 AVAST engine scan C:\WINDOWS
22:12:34.765 AVAST engine scan C:\WINDOWS\system32
22:14:52.187 AVAST engine scan C:\WINDOWS\system32\drivers
22:15:08.187 AVAST engine scan C:\Documents and Settings\uzivatel
22:19:56.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\uzivatel\Dokumenty\MBR.dat"
22:19:56.718 The log file has been saved successfully to "C:\Documents and Settings\uzivatel\Dokumenty\aswMBR.txt"

#4 Příspěvek od **altrok** » 22 bře 2015 02:20

Nic se nedeje, taky mam neodkladne zalezitosti

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

spustte jako spravce
do velkeho okna zkopirujte script uvedeny nize
kliknete na Run script
po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
```
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
```

nereide · #5 Příspěvek od **nereide** » 22 bře 2015 13:14

Dobrý den:

ZOEK

Zoek.exe v5.0.0.0 Updated 21-March-2015
Tool run by uzivatel on ne 22.03.2015 at 12:14:17,53.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: c:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.3.2015 12:16:42 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\DOCUME~1\ALLUSE~1\DATAAP~1\ICQ deleted successfully
C:\Documents and Settings\Default User\Data aplikací\Složka odesílání Share-to-Web deleted successfully
C:\Documents and Settings\uzivatel\Data aplikací\Media Player Classic deleted successfully
C:\Documents and Settings\uzivatel\Data aplikací\Složka odesílání Share-to-Web deleted successfully
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234\prefs.js:

Added to C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Documents and Settings\uzivatel\Data aplikací\Thunderbird\Profiles\wnty5alf.default\prefs.js:

Added to C:\Documents and Settings\uzivatel\Data aplikací\Thunderbird\Profiles\wnty5alf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Documents and Settings\uzivatel\Data aplikací\HPCOM_48BitScanUpdate.log deleted
C:\Documents and Settings\uzivatel\Data aplikací\GetRightToGo deleted
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\adawarebp deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
C:\WINDOWS\System32\REN16B.tmp deleted
C:\WINDOWS\System32\REN16C.tmp deleted
C:\WINDOWS\System32\REN16E.tmp deleted
C:\WINDOWS\System32\REN16F.tmp deleted
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\MSGBOX.EXE deleted
"C:\Documents and Settings\uzivatel\Data aplikací\Sounds" deleted
"C:\Documents and Settings\uzivatel\Data aplikací\Space Choir" deleted
"C:\Program Files\movie maker" not deleted
"C:\Program Files\netmeeting" not deleted
"C:\Program Files\outlook express" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Documents and Settings\uzivatel\Data aplikací\Thunderbird\Profiles\wnty5alf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [18.03.2015 19:45]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\uzivatel\Data aplikací\Thunderbird\Profiles\wnty5alf.default
- Undetermined - C:\Documents and Settings\uzivatel\Data aplikacĂ\Thunderbird\Profiles\wnty5alf.default\extensions\{506d044e-41fa-4cc8-9dc6-9ff70e96eebf}
- StartupMaster - %ProfilePath%\extensions\{506d044e-41fa-4cc8-9dc6-9ff70e96eebf}
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234
C62322C77D1AAB77B1CF1130FCC3673A - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
C77C6354C374299B8A17FF7E66C2A078 - C:\Program Files\XStandard\Bin\NPXStandard.dll - XStandard
7E54D1EC87CE306CB1A26CE59AFE6E37 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
D33D39A318AEA70691CED7530E2D9DF9 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
CFBC726A1712BD8DC9914EA06DBCE20B - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[18.03.2015 19:44]

Comodo Drag&Drop Service - uzivatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - uzivatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - uzivatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.centrum.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.centrum.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... 1I7SKPB_cs"

==== Reset Google Chrome ======================

C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4KPK974G will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BMJXHK3E will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U1RURP3T will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VP3AQFDZ will be deleted at reboot
C:\Documents and Settings\uzivatel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1306 folders=15 78913250 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\uzivatel\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\uzivatel\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\uzivatel\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\movie maker" not deleted
"C:\Program Files\netmeeting" not deleted
"C:\Program Files\outlook express" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4KPK974G" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BMJXHK3E" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U1RURP3T" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VP3AQFDZ" not found

==== EOF on ne 22.03.2015 at 13:12:36,57 ======================

ADWcleaner

# AdwCleaner v4.112 - Logfile created 22/03/2015 at 12:00:05
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : uzivatel - NTBACER
# Running from : C:\Documents and Settings\uzivatel\Plocha\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v36.0.4 (x86 cs)

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [789 bytes] - [22/03/2015 11:42:52]
AdwCleaner[S0].txt - [717 bytes] - [22/03/2015 12:00:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [775 bytes] ##########

Děkuji

#6 Příspěvek od **altrok** » 22 bře 2015 19:26

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

nereide · #7 Příspěvek od **nereide** » 22 bře 2015 23:41

Dobrý večer, velmi děkuji. Byly v předchozích zprávách nějaké breberky?

hlavní log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by uzivatel (administrator) on NTBACER on 22-03-2015 23:39:58
Running from c:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory
Loaded Profiles: uzivatel (Available profiles: uzivatel)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
URLSearchHook: [S-1-5-21-343818398-1547161642-1801674531-1003] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-343818398-1547161642-1801674531-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-18] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-08] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-08] (Oracle Corporation)
FF Plugin: @xstandard.com/XStandard -> C:\Program Files\XStandard\Bin\NPXStandard.dll [2010-11-16] (Belus Technology Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-08]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-18] (Avast Software s.r.o.)
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S4 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1585728 2009-09-30] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-03-18] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-03-18] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-03-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-03-18] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-03-18] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427480 2015-03-18] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-03-18] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206976 2015-03-18] ()
R2 Ethpdrv; C:\WINDOWS\System32\DRIVERS\ethpdrv.sys [9728 2005-09-08] (Gemfor s.r.o.) [File not signed]
S3 IntcHdmiAddService; C:\WINDOWS\System32\drivers\IntcHdmi.sys [105984 2007-05-04] (Intel(R) Corporation) [File not signed]
S3 ipw_bus; C:\WINDOWS\System32\DRIVERS\ipw_bus.sys [58320 2005-09-27] (MCCI)
S3 ipw_mdfl; C:\WINDOWS\System32\DRIVERS\ipw_mdfl.sys [8272 2005-09-27] (MCCI)
S3 ipw_mdm; C:\WINDOWS\System32\DRIVERS\ipw_mdm.sys [95440 2005-09-27] (MCCI)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 23:37 - 2015-03-22 23:40 - 00000000 ____D () C:\FRST
2015-03-22 13:18 - 2015-03-22 13:18 - 00000000 ____D () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\GHISLER
2015-03-22 13:12 - 2015-03-22 13:12 - 00000000 ____D () C:\Program Files\outlook express
2015-03-22 13:12 - 2015-03-22 13:12 - 00000000 ____D () C:\Program Files\netmeeting
2015-03-22 13:12 - 2015-03-22 13:12 - 00000000 ____D () C:\Program Files\movie maker
2015-03-22 12:53 - 2015-03-22 23:40 - 00000000 ____D () C:\Documents and Settings\uzivatel\Local Settings\Temp
2015-03-22 12:53 - 2015-03-22 12:53 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-03-22 12:53 - 2015-03-22 12:53 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-03-22 12:53 - 2015-03-22 12:53 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2015-03-22 12:53 - 2015-03-22 12:14 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-03-22 12:43 - 2015-03-22 13:12 - 00000000 ____D () C:\zoek
2015-03-22 12:16 - 2015-03-22 13:12 - 00011114 _____ () C:\zoek-results.log
2015-03-22 12:14 - 2015-03-22 12:45 - 00000000 ____D () C:\zoek_backup
2015-03-22 12:12 - 2015-03-22 12:12 - 00000854 _____ () C:\Documents and Settings\uzivatel\Dokumenty\AdwCleaner[S0].txt
2015-03-22 11:42 - 2015-03-22 12:00 - 00000000 ____D () C:\AdwCleaner
2015-03-22 11:40 - 2015-03-22 11:40 - 02171392 _____ () C:\Documents and Settings\uzivatel\Plocha\adwcleaner_4.112.exe
2015-03-21 22:27 - 2015-03-21 22:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-21 22:19 - 2015-03-21 22:19 - 00001891 _____ () C:\Documents and Settings\uzivatel\Dokumenty\aswMBR.txt
2015-03-21 22:19 - 2015-03-21 22:19 - 00000512 _____ () C:\Documents and Settings\uzivatel\Dokumenty\MBR.dat
2015-03-21 22:14 - 2015-03-21 22:19 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\na fb
2015-03-18 22:43 - 2015-03-18 22:50 - 00000000 ____D () C:\rsit
2015-03-18 19:45 - 2015-03-18 19:45 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-03-18 19:45 - 2015-03-18 19:45 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 23:39 - 2010-03-14 13:26 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory
2015-03-22 13:18 - 2010-05-23 19:11 - 00150751 ____H () C:\treeinfo.wc
2015-03-22 13:18 - 2009-12-23 00:59 - 00000000 ___HD () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací
2015-03-22 13:13 - 2009-12-23 00:54 - 01054648 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-22 13:12 - 2009-12-23 01:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-22 13:12 - 2009-12-23 01:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-22 13:11 - 2009-12-23 00:59 - 00000272 ___SH () C:\Documents and Settings\uzivatel\ntuser.ini
2015-03-22 13:11 - 2009-12-23 00:59 - 00000000 ____D () C:\Documents and Settings\uzivatel
2015-03-22 12:45 - 2010-12-03 23:07 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-22 12:45 - 2009-12-23 00:59 - 00000000 __RHD () C:\Documents and Settings\uzivatel\Data aplikací
2015-03-22 12:19 - 2009-12-23 01:44 - 00000000 __RHD () C:\Documents and Settings\Default User\Data aplikací
2015-03-22 12:19 - 2009-12-23 01:44 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-03-22 12:16 - 2009-12-23 00:59 - 00000000 ____D () C:\Documents and Settings\uzivatel\Plocha
2015-03-22 12:12 - 2009-12-23 00:59 - 00000000 ___RD () C:\Documents and Settings\uzivatel\Dokumenty
2015-03-22 12:01 - 2014-09-18 19:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 10:13 - 2013-06-22 17:43 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\recepty
2015-03-21 22:23 - 2014-09-18 20:36 - 00002563 _____ () C:\Documents and Settings\uzivatel\Plocha\Microsoft Office Word 2007.lnk
2015-03-21 21:59 - 2001-10-25 17:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-19 22:39 - 2014-09-18 20:36 - 00002477 _____ () C:\Documents and Settings\uzivatel\Plocha\Microsoft Office Excel 2007.lnk
2015-03-18 22:43 - 2015-02-18 08:14 - 00000000 ____D () C:\Program Files\trend micro
2015-03-18 19:45 - 2014-08-01 20:32 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-18 19:45 - 2013-03-17 13:50 - 00206976 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-18 19:45 - 2013-03-17 13:50 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-03-18 19:45 - 2013-03-17 13:50 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-18 19:45 - 2012-07-09 07:06 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-03-18 19:45 - 2011-05-08 07:45 - 00427480 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-03-18 19:45 - 2011-05-08 07:45 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-03-18 19:45 - 2011-05-08 07:45 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-03-18 19:44 - 2011-05-08 07:45 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-03-10 23:29 - 2014-05-07 18:38 - 00036363 _____ () C:\WINDOWS\CSTBox.INI
2015-03-10 22:50 - 2010-01-15 17:35 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\ROCENKY
2015-03-09 23:29 - 2014-03-05 22:37 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\PRIVYDELKY
2015-03-09 23:27 - 2009-12-23 00:59 - 00000000 ___RD () C:\Documents and Settings\uzivatel\Dokumenty\Obrázky
2015-02-22 22:56 - 2009-12-23 01:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-22 22:56 - 2009-12-23 01:44 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-20 02:00 - 2014-09-18 20:36 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt

==================== Files in the root of some directories =======

2010-01-09 17:35 - 2013-09-28 00:21 - 0123392 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-16 22:03 - 2012-05-28 22:17 - 0002568 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader(1).err
2011-10-16 20:28 - 2012-11-03 14:07 - 0001080 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader(1).nast
2010-10-01 21:52 - 2012-08-10 17:48 - 0001064 ____C () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader.err
2010-10-01 21:59 - 2012-08-10 20:39 - 0001120 ____C () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader.nast

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

ADDITION.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by uzivatel at 2015-03-22 23:41:18
Running from c:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aktualizace systému Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Aktualizace systému Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816) (HKLM\...\KB968816_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version: - Microsoft Corporation)
Aktualizace zabezpečení produktu Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325) (HKLM\...\KB976325-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB951066) (HKLM\...\KB951066) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB951748) (HKLM\...\KB951748) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB954459) (HKLM\...\KB954459) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB955069) (HKLM\...\KB955069) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956803) (HKLM\...\KB956803) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB957097) (HKLM\...\KB957097) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB958644) (HKLM\...\KB958644) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB958687) (HKLM\...\KB958687) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB958869) (HKLM\...\KB958869) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960225) (HKLM\...\KB960225) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB961371-v2) (HKLM\...\KB961371-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB961501) (HKLM\...\KB961501) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB969947) (HKLM\...\KB969947) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB970238) (HKLM\...\KB970238) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971486) (HKLM\...\KB971486) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971557) (HKLM\...\KB971557) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971633) (HKLM\...\KB971633) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971961) (HKLM\...\KB971961) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973354) (HKLM\...\KB973354) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973525) (HKLM\...\KB973525) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
A-PDF Split 2.7 (HKLM\...\A-PDF Split_is1) (Version: - A-PDF.com)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2214 - AVAST Software)
Canon CanoScan Toolbox 4.9 (HKLM\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
Canon ScanGear Starter (HKLM\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version: - )
CanoScan 8600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
DawinciKlientM21 (HKLM\...\DawinciKlientM21) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
KooBits 4.0 (HKLM\...\koobits.koobits4.com) (Version: 4.0.1.9 - UNKNOWN)
Lexicon 2002 (HKLM\...\Lexicon 4.0) (Version: - )
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10111.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 cs) (HKLM\...\Mozilla Firefox 36.0.4 (x86 cs)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
OpenVPN 32-bit (HKLM\...\{5335DFC5-4488-47A4-B255-64371C27517B}) (Version: 1.2.0 - ÚVT MU)
Oprava hotfix aplikace Windows Media Player 11 (KB939683) (HKLM\...\KB939683) (Version: - Microsoft Corporation)
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864) (Version: 1 - Microsoft Corporation) Hidden
Oprava Hotfix systému Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB976098-v2) (HKLM\...\KB976098-v2) (Version: 2 - Microsoft Corporation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
PDF To Excel Converter V3.0 (HKLM\...\PDF To Excel Converter_is1) (Version: - http://www.PDFExcelConverter.com)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
TreePad Lite 4.3 (HKLM\...\TreePadLite4) (Version: - )
Vit Registry Fix 9.5.9 (remove only) (HKLM\...\Vit Registry Fix) (Version: - VITSOFT)
Vysledky (HKLM\...\Vysledky) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR 5.11 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
XStandard (HKLM\...\XStandard) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343818398-1547161642-1801674531-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points =========================

05-10-2014 16:03:38 Installed Java 7 Update 67
05-10-2014 16:20:09 Removed Java 7 Update 17
05-10-2014 16:20:27 Removed Java(TM) 6 Update 18
05-10-2014 16:20:37 Removed Java(TM) 6 Update 18
05-10-2014 16:21:22 Removed Java(TM) 6 Update 18
05-10-2014 16:22:21 Removed Ask Toolbar.
05-10-2014 16:23:33 Removed Ask Toolbar.
08-10-2014 17:38:30 Configured Microsoft Office Enterprise 2007
08-10-2014 20:43:24 Removed Java(TM) 6 Update 18
08-10-2014 20:53:39 Removed Java(TM) 6 Update 18
08-10-2014 20:53:56 Removed Ask Toolbar.
08-10-2014 20:57:40 Installed Java 7 Update 67
17-10-2014 21:57:43 Nainstalováno: Microsoft Office Professional Edition 2003
18-10-2014 18:57:00 Configured Microsoft Office Enterprise 2007
24-10-2014 10:40:51 Configured Microsoft Office Enterprise 2007
24-11-2014 18:33:14 avast! antivirus system restore point
26-12-2014 18:23:05 Installed PDF Split And Merge Basic
08-02-2015 10:09:58 Removed Adobe Download Assistant
18-02-2015 21:04:36 Restore Point Created by FRST
19-02-2015 13:11:37 Bez viru a cistounkej
19-02-2015 21:23:19 Removed OpenVPN 32-bit
19-02-2015 21:23:26 Installed OpenVPN 32-bit
18-03-2015 19:43:10 avast! antivirus system restore point
22-03-2015 12:16:42 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-10-25 17:00 - 2015-03-22 12:17 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-18 19:44 - 2015-03-18 19:44 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-18 19:44 - 2015-03-18 19:44 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-22 11:19 - 2015-03-22 11:19 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032200\algo.dll
2015-03-22 21:15 - 2015-03-22 21:15 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032201\algo.dll
2013-12-02 21:16 - 2015-03-18 19:45 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-08 10:20 - 2015-02-08 10:20 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 213.46.172.36 - 213.46.172.37

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe

==================== Accounts: =============================

Administrator (S-1-5-21-343818398-1547161642-1801674531-500 - Administrator - Enabled)
Guest (S-1-5-21-343818398-1547161642-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-343818398-1547161642-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-343818398-1547161642-1801674531-1002 - Limited - Disabled)
uzivatel (S-1-5-21-343818398-1547161642-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\uzivatel

==================== Faulty Device Manager Devices =============

Name: Intel(R) High Definition Audio HDMI Service
Description: Intel(R) High Definition Audio HDMI Service
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel(R) Corporation
Service: IntcHdmiAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR5B93 Wireless Network Adapter
Description: Atheros AR5B93 Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5416
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 11:37:49 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error: (03/22/2015 11:37:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error: (03/22/2015 11:37:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error: (03/22/2015 11:37:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error: (03/22/2015 11:37:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error: (03/22/2015 11:37:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error: (03/22/2015 11:37:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error: (03/22/2015 11:37:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Načtení automatické aktualizace pořadového čísla kořenového seznamu jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt> se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error: (03/09/2015 08:10:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace plugin-container.exe, verze 36.0.1.5542, chybující modul mozalloc.dll, verze 36.0.1.5542, adresa chyby 0x00001e02.
Zpracování události, specifické pro médium ([plugin-container.exe!ws!])

Error: (03/05/2015 10:01:20 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office PowerPoint.

System errors:
=============
Error: (03/19/2015 09:36:27 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není aktuálně k dispozici.
Po dobu 29 minut nebude proveden žádný pokus o kontaktování zdroje.
Klient NTP nemá k dispozici žádný zdroj času.

Error: (03/19/2015 09:36:27 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně nakonfigurovaného partnera
time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí o vyhledání pomocí služby DNS
znovu za 30 minut.
Chyba: Došlo k pokusu o operaci se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error: (03/19/2015 09:21:26 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není aktuálně k dispozici.
Po dobu 14 minut nebude proveden žádný pokus o kontaktování zdroje.
Klient NTP nemá k dispozici žádný zdroj času.

Error: (03/19/2015 09:21:26 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně nakonfigurovaného partnera
time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí o vyhledání pomocí služby DNS
znovu za 15 minut.
Chyba: Došlo k pokusu o operaci se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error: (03/19/2015 09:21:10 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není aktuálně k dispozici.
Po dobu 14 minut nebude proveden žádný pokus o kontaktování zdroje.
Klient NTP nemá k dispozici žádný zdroj času.

Error: (03/19/2015 09:21:10 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně nakonfigurovaného partnera
time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí o vyhledání pomocí služby DNS
znovu za 15 minut.
Chyba: Došlo k pokusu o operaci se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error: (03/18/2015 08:45:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Vypršel časový limit (30000 milisekund) čekání na odezvu transakce služby avast! Antivirus.

Error: (03/15/2015 10:37:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP 192.168.1.101 pro síťovou kartu s adresou 001F16C2175C byla
serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (03/12/2015 04:12:03 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není aktuálně k dispozici.
Po dobu 14 minut nebude proveden žádný pokus o kontaktování zdroje.
Klient NTP nemá k dispozici žádný zdroj času.

Error: (03/12/2015 04:12:03 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně nakonfigurovaného partnera
time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí o vyhledání pomocí služby DNS
znovu za 15 minut.
Chyba: Došlo k pokusu o operaci se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Microsoft Office Sessions:
=========================
Error: (02/20/2015 01:50:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16662 seconds with 7620 seconds of active time. This session ended with a crash.

Error: (02/15/2015 04:31:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 101 seconds with 60 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
Percentage of memory in use: 88%
Total physical RAM: 952.8 MB
Available physical RAM: 109.57 MB
Total Pagefile: 2297.8 MB
Available Pagefile: 1100.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:37.58 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 21742173)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#8 Příspěvek od **altrok** » 23 bře 2015 00:02

Zepar broucku jsme smazali

Odinstalujte stare a zranitelne verze javy Java(TM) 6 Update 29 a Java 7 Update 67. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.

Pokud jeste nemate, presunte FRST.exe na plochu
Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: [S-1-5-21-343818398-1547161642-1801674531-1003] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S4 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

2015-03-22 12:53 - 2015-03-22 12:14 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-03-22 12:43 - 2015-03-22 13:12 - 00000000 ____D () C:\zoek
2015-03-22 12:16 - 2015-03-22 13:12 - 00011114 _____ () C:\zoek-results.log
2015-03-22 12:14 - 2015-03-22 12:45 - 00000000 ____D () C:\zoek_backup
2015-03-22 12:12 - 2015-03-22 12:12 - 00000854 _____ () C:\Documents and Settings\uzivatel\Dokumenty\AdwCleaner[S0].txt
2015-03-22 11:42 - 2015-03-22 12:00 - 00000000 ____D () C:\AdwCleaner
2015-03-22 11:40 - 2015-03-22 11:40 - 02171392 _____ () C:\Documents and Settings\uzivatel\Plocha\adwcleaner_4.112.exe
2015-03-21 22:19 - 2015-03-21 22:19 - 00001891 _____ () C:\Documents and Settings\uzivatel\Dokumenty\aswMBR.txt
2015-03-21 22:19 - 2015-03-21 22:19 - 00000512 _____ () C:\Documents and Settings\uzivatel\Dokumenty\MBR.dat
2015-03-18 22:43 - 2015-03-18 22:50 - 00000000 ____D () C:\rsit
2015-03-18 22:43 - 2015-02-18 08:14 - 00000000 ____D () C:\Program Files\trend micro
EmptyTemp:
End

nereide · #9 Příspěvek od **nereide** » 24 bře 2015 17:29

Dobrý den, fixlog po provedení fixlist

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by uzivatel at 2015-03-24 17:25:53 Run:1
Running from C:\Documents and Settings\uzivatel\Plocha
Loaded Profiles: uzivatel (Available profiles: uzivatel)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-343818398-1547161642-1801674531-1003] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S4 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

2015-03-22 12:53 - 2015-03-22 12:14 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-03-22 12:43 - 2015-03-22 13:12 - 00000000 ____D () C:\zoek
2015-03-22 12:16 - 2015-03-22 13:12 - 00011114 _____ () C:\zoek-results.log
2015-03-22 12:14 - 2015-03-22 12:45 - 00000000 ____D () C:\zoek_backup
2015-03-22 12:12 - 2015-03-22 12:12 - 00000854 _____ () C:\Documents and Settings\uzivatel\Dokumenty\AdwCleaner[S0].txt
2015-03-22 11:42 - 2015-03-22 12:00 - 00000000 ____D () C:\AdwCleaner
2015-03-22 11:40 - 2015-03-22 11:40 - 02171392 _____ () C:\Documents and Settings\uzivatel\Plocha\adwcleaner_4.112.exe
2015-03-21 22:19 - 2015-03-21 22:19 - 00001891 _____ () C:\Documents and Settings\uzivatel\Dokumenty\aswMBR.txt
2015-03-21 22:19 - 2015-03-21 22:19 - 00000512 _____ () C:\Documents and Settings\uzivatel\Dokumenty\MBR.dat
2015-03-18 22:43 - 2015-03-18 22:50 - 00000000 ____D () C:\rsit
2015-03-18 22:43 - 2015-02-18 08:14 - 00000000 ____D () C:\Program Files\trend micro
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
Error setting Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CiSvc => Service deleted successfully.
MDM => Service deleted successfully.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\uzivatel\Dokumenty\AdwCleaner[S0].txt => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\uzivatel\Plocha\adwcleaner_4.112.exe => Moved successfully.
C:\Documents and Settings\uzivatel\Dokumenty\aswMBR.txt => Moved successfully.
C:\Documents and Settings\uzivatel\Dokumenty\MBR.dat => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
EmptyTemp: => Removed 16.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:25:59 ====

#10 Příspěvek od **altrok** » 24 bře 2015 23:57

Vyborne, dle logu vypada cisto. Jak se chova pocitac? Kapneme mu jeste dalsi medicinu nebo zacneme uklizet?

nereide · #11 Příspěvek od **nereide** » 26 bře 2015 19:33

PC je hodný a spokojený

můžeme začít uklízet, děkuji a samozřejmě zase pošlu peníze (podle toho jak mi přijdou)

#12 Příspěvek od **altrok** » 26 bře 2015 19:57

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

nereide · #13 Příspěvek od **nereide** » 28 bře 2015 00:36

Dobrý večer! Velmi děkuji, dle delfix proveden úklid a téma se již může zamknout.

Příspěvek jako vždy posílám, ale asi až po výplatě, ale určitě.

Přeji Vám pěkný víkend a ještě jednou moc děkuji!

#14 Příspěvek od **altrok** » 29 bře 2015 01:32

Nemate zac, rad jsem pomohl

Za prispevek na chod fora Vam jmenem celeho tymu dekuji.

Mejte se krasne a treba zase nekdy

VIRY.CZ

preventivka při zvláštním chování

preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování

Re: preventivka při zvláštním chování