Každou minutu vyskočí okno IE - Navigace byla zrušena

Zpráva

jirkasl · #1 Příspěvek od **jirkasl** » 20 říj 2012 08:54

Po připojení na internet (spuštění IE, nebo Firefox) začnou cca každou minutu, nebo při zobrazení nové stránky, vyskakovat okna IE s hláškou "Navigace na webovou stránku byla zrušena". Někdy se zobrazí též něco jako "Java testing......" (dál jsem to nezachytil). V řádce URL se objeví místo adresy "about:/_Incapsula_Resource?CWUDNSAI=9_E94AF52E&incident_id=104001570024192903-230035746846149087&edet=12&cinfo=4e18082ac753863f68000000".

Můžete mi prosím poradit?
Projel jsem PC několika antiviry (každý něco málo odstranil), potom CCleanerem a nakonec AVPToolem. Přikládám log:

Status: Quarantined (events: 1)
20.10.2012 5:25:51 Quarantined unknown threat UDS:DangerousObject.Multi.Generic F:\Jirka\Programy\Okino\Crack\XF-Polytrans4-KG.exe High

jirkasl · #2 Příspěvek od **jirkasl** » 20 říj 2012 10:47

Zde přikládám ještě log z RSITU:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2012-10-20 11:45:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 43 GB (57%) free of 76 GB
Total RAM: 1983 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:32, on 20.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Fighters\SPAMfighter\sfagent.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fighters\Tray\FightersTray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MyBrowserCash Addon\MyBrowserCash.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Fighters\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Dokumenty\Stažené soubory\setup_11.0.0.1245.x01_2012_10_20_01_14.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\5880485.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\0621139\5880485.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ClixSense.com Toolbar - {70df8d13-bdd3-448e-944c-efde21b77161} - C:\Program Files\ClixSense.com\prxtbCli2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ClixSense.com - {70df8d13-bdd3-448e-944c-efde21b77161} - C:\Program Files\ClixSense.com\prxtbCli2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ClixSense.com Toolbar - {70df8d13-bdd3-448e-944c-efde21b77161} - C:\Program Files\ClixSense.com\prxtbCli2.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: _uninst_03715569.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\_uninst_03715569.bat
O4 - Startup: _uninst_44849069.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\_uninst_44849069.bat
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15FC1207-C485-4D89-A397-898DE2752F51}: NameServer = 10.89.1.2,193.85.214.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA741DF1-E45D-4D3A-9F95-799632394C91}: NameServer = 10.89.1.2,193.85.214.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{15FC1207-C485-4D89-A397-898DE2752F51}: NameServer = 10.89.1.2,193.85.214.17
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

--
End of file - 12192 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\98ufrpyo.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512W, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, bkmrksync@nokia.com:1.0.0.746, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, multisearchbox@multisearchbox.com:1.6, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{3112ca9c-de6d-4884-a869-9855de68056c}"=C:\Documents and Settings\All Users\Data aplikací\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin]
"Description"=Fun Web Products Plugin
"Path"=C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\98ufrpyo.default\extensions\
plugin@videofiledownload.com
{3112ca9c-de6d-4884-a869-9855de68056c}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70df8d13-bdd3-448e-944c-efde21b77161}]
ClixSense.com Toolbar - C:\Program Files\ClixSense.com\prxtbCli2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-24 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-26 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-13 4120256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-14 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-24 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-09-24 79856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{70df8d13-bdd3-448e-944c-efde21b77161} - ClixSense.com Toolbar - C:\Program Files\ClixSense.com\prxtbCli2.dll [2011-05-09 176936]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-26 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TWCU"=C:\Program Files\TP-LINK\TWCU\TWCU.exe [2006-03-29 364544]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2007-02-06 176128]
"sfagent"=C:\Program Files\Fighters\SPAMfighter\sfagent.exe [2012-04-24 1197704]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-19 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-08-19 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-08-19 13925480]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]
"CommonToolkitTray"=C:\Program Files\Fighters\Tray\FightersTray.exe [2012-02-02 1453704]
"PMBVolumeWatcher"=C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [2010-11-27 648032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-04-18 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
""= []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
_uninst_03715569.lnk - C:\Documents and Settings\Owner\Local Settings\Temp\_uninst_03715569.bat
_uninst_44849069.lnk - C:\Documents and Settings\Owner\Local Settings\Temp\_uninst_44849069.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Program Files\ASUS\ASUSUpdate\Update.exe"="C:\Program Files\ASUS\ASUSUpdate\Update.exe:*:Enabled:ASUS Windows Platform Flash Program"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.lameacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.divx"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.dv25"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.xvid"=xvidvfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-10-20 11:45:19 ----D---- C:\Program Files\trend micro
2012-10-20 11:45:18 ----D---- C:\rsit
2012-10-20 00:46:47 ----D---- C:\WINDOWS\LastGood
2012-10-20 00:46:39 ----A---- C:\WINDOWS\system32\drivers\03715569.sys
2012-10-20 00:10:36 ----D---- C:\Program Files\CCleaner
2012-10-19 20:28:23 ----D---- C:\Program Files\Common Files\Java
2012-10-19 20:28:06 ----A---- C:\WINDOWS\system32\javaws.exe
2012-10-19 20:28:05 ----A---- C:\WINDOWS\system32\javaw.exe
2012-10-19 20:28:05 ----A---- C:\WINDOWS\system32\java.exe
2012-10-15 20:50:59 ----D---- C:\Program Files\Mozilla Firefox
2012-10-14 22:21:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avery
2012-10-14 22:21:00 ----D---- C:\Program Files\Avery Dennison
2012-10-13 23:53:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-09 23:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-10-09 22:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-10-09 22:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-10-09 22:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-09-28 12:10:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2012-09-27 21:02:45 ----D---- C:\Program Files\Zrychleni Pocitace
2012-09-26 21:10:23 ----D---- C:\Program Files\Microsoft Silverlight

======List of files/folders modified in the last 1 month======

2012-10-20 11:45:32 ----D---- C:\WINDOWS\Prefetch
2012-10-20 11:45:19 ----RD---- C:\Program Files
2012-10-20 11:44:33 ----D---- C:\WINDOWS\Temp
2012-10-20 11:43:48 ----D---- C:\Documents and Settings\Owner\Data aplikací\PriceGong
2012-10-20 02:01:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-20 00:49:21 ----SHD---- C:\System Volume Information
2012-10-20 00:47:12 ----D---- C:\WINDOWS\system32\drivers
2012-10-20 00:47:11 ----HD---- C:\WINDOWS\inf
2012-10-20 00:46:48 ----D---- C:\WINDOWS
2012-10-20 00:16:58 ----D---- C:\WINDOWS\Logs
2012-10-20 00:16:58 ----D---- C:\WINDOWS\Debug
2012-10-20 00:16:56 ----D---- C:\WINDOWS\Minidump
2012-10-20 00:02:00 ----D---- C:\Program Files\MyBrowserCash Addon
2012-10-19 20:31:02 ----SD---- C:\WINDOWS\Tasks
2012-10-19 20:28:26 ----SHD---- C:\WINDOWS\Installer
2012-10-19 20:28:25 ----SHD---- C:\Config.Msi
2012-10-19 20:28:23 ----D---- C:\Program Files\Common Files
2012-10-19 20:28:06 ----D---- C:\WINDOWS\system32
2012-10-19 20:27:58 ----D---- C:\Program Files\Java
2012-10-19 20:22:33 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-16 22:28:32 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-10-14 22:21:53 ----HD---- C:\Program Files\InstallShield Installation Information
2012-10-14 22:21:48 ----D---- C:\WINDOWS\WinSxS
2012-10-14 22:21:09 ----RSD---- C:\WINDOWS\Fonts
2012-10-13 23:54:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-10-13 23:43:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-10-09 23:08:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-10-09 23:07:55 ----DC---- C:\WINDOWS\system32\dllcache
2012-10-09 22:53:05 ----A---- C:\WINDOWS\system32\MRT.exe
2012-10-09 20:21:13 ----HD---- C:\WINDOWS\$hf_mig$
2012-10-05 23:03:04 ----D---- C:\Documents and Settings\Owner\Data aplikací\Skype
2012-10-02 22:17:12 ----D---- C:\Program Files\Super Internet TV
2012-10-01 21:07:30 ----D---- C:\WINDOWS\network diagnostic
2012-09-28 18:50:39 ----A---- C:\WINDOWS\NeroDigital.ini
2012-09-28 12:12:24 ----D---- C:\Program Files\QuickTime
2012-09-26 22:50:44 ----D---- C:\Program Files\Microsoft Security Client
2012-09-26 21:11:40 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-09-24 23:30:12 ----D---- C:\WINDOWS\system32\CatRoot
2012-09-24 22:25:51 ----HD---- C:\WINDOWS\msdownld.tmp
2012-09-24 22:25:45 ----D---- C:\Program Files\Internet Explorer
2012-09-24 22:23:36 ----D---- C:\WINDOWS\system32\cs-CZ
2012-09-24 21:42:43 ----D---- C:\WINDOWS\ie8updates
2012-09-24 15:32:24 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-09-24 15:32:20 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-09-23 12:56:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 03715569;03715569; C:\WINDOWS\system32\DRIVERS\03715569.sys [2012-10-20 133208]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpKsl5fe19aa4;MpKsl5fe19aa4; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9820CC83-4367-4AAF-95DD-39BE8DC7A87C}\MpKsl5fe19aa4.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-03-19 21275]
R2 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-02-24 6340200]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2011-10-08 47360]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2007-03-22 281856]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470048]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HcPvrUSB;HcPvrUSB.sys Mascom PVR USB driver 2.0.3; C:\WINDOWS\System32\Drivers\HcPvrUSB.sys [2007-06-04 17664]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-08-19 9902112]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2005-12-30 36864]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-09-24 153584]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [2012-04-24 215688]
R2 Suite Service;Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [2012-01-23 1324680]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-20 136176]
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-08-19 155752]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-03-22 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-04-04 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-20 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 20 říj 2012 11:02

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

jirkasl · #4 Příspěvek od **jirkasl** » 20 říj 2012 11:32

Tady je:

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 12:30:13
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - DOMA-363AC646CA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\Owner\Data aplikací\pdfforge
Folder Found : C:\Documents and Settings\Owner\Data aplikací\PriceGong
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\ClixSense.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FunWebProducts
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\ClixSense.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C660AF3-CCAA-4074-BBE0-C60F5124AA07}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0C660AF3-CCAA-4074-BBE0-C60F5124AA07}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start
Key Found : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2192277
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\ClixSense.com
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FunWebProducts
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48BC2815-6508-42A9-BC7B-439871601319}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{842265D5-14F1-401C-BB4A-09AA9732AD96}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClixSense.com Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0C660AF3-CCAA-4074-BBE0-C60F5124AA07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClixSense.com Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-343818398-1637723038-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-343818398-1637723038-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{70DF8D13-BDD3-448E-944C-EFDE21B77161}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{70DF8D13-BDD3-448E-944C-EFDE21B77161}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{70DF8D13-BDD3-448E-944C-EFDE21B77161}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6819 octets] - [20/10/2012 12:30:13]

########## EOF - C:\AdwCleaner[R1].txt - [6879 octets] ##########

jirkasl · #5 Příspěvek od **jirkasl** » 20 říj 2012 12:01

Teď to vypadá, že to přestalo, zatím nic nevyskakuje.

#6 Příspěvek od **vyosek** » 20 říj 2012 12:08

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

jirkasl · #7 Příspěvek od **jirkasl** » 20 říj 2012 12:25

Tady je:

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 13:18:24
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - DOMA-363AC646CA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\PriceGong
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\ClixSense.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\ClixSense.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C660AF3-CCAA-4074-BBE0-C60F5124AA07}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C660AF3-CCAA-4074-BBE0-C60F5124AA07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2192277
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\ClixSense.com
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48BC2815-6508-42A9-BC7B-439871601319}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{842265D5-14F1-401C-BB4A-09AA9732AD96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClixSense.com Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70DF8D13-BDD3-448E-944C-EFDE21B77161}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0C660AF3-CCAA-4074-BBE0-C60F5124AA07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClixSense.com Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{70DF8D13-BDD3-448E-944C-EFDE21B77161}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{70DF8D13-BDD3-448E-944C-EFDE21B77161}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{70DF8D13-BDD3-448E-944C-EFDE21B77161}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6948 octets] - [20/10/2012 12:30:13]
AdwCleaner[S1].txt - [6723 octets] - [20/10/2012 13:18:24]

########## EOF - C:\AdwCleaner[S1].txt - [6783 octets] ##########

#8 Příspěvek od **vyosek** » 20 říj 2012 13:48

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

jirkasl · #9 Příspěvek od **jirkasl** » 20 říj 2012 14:14

Rkill:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/20/2012 03:10:13 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\acs.exe (PID: 1956) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* Služba obnovení systému (srservice) is not Running.
Startup Type set to: Automatic

* Ovladač filtru Obnovy systému (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\atapi.sys [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys : 95 360 : 03/02/2006 01:00 PM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\atapi.sys : 96 512 : 04/14/2008 00:10 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\ae4ac74864a34bda5a1d4d2ed27ee4c8\backup\atapi.sys : 95 360 : 03/02/2006 01:00 PM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/20/2012 03:11:19 PM
Execution time: 0 hours(s), 1 minute(s), and 6 seconds(s)

#10 Příspěvek od **vyosek** » 20 říj 2012 14:15

Fajn, pokracujtre ComboFixem

jirkasl · #11 Příspěvek od **jirkasl** » 20 říj 2012 14:46

Právě to doběhlo:

ComboFix 12-10-19.01 - Owner 20.10.2012 15:23:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1983.1451 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Cashfiesta
c:\program files\Cashfiesta\FiestaBar\base_m.swf
c:\program files\Cashfiesta\FiestaBar\CFFilter.dll
c:\program files\Cashfiesta\FiestaBar\default.cfx
c:\program files\Cashfiesta\FiestaBar\Diag.log
c:\program files\Cashfiesta\FiestaBar\cherry.cfx
c:\program files\Cashfiesta\FiestaBar\silver.cfx
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\TZLog.log
F:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_nvsvc
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-20 do 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-20 11:32 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2B37BE43-29DF-47BA-B35C-47E591C484A8}\mpengine.dll
2012-10-20 09:45 . 2012-10-20 09:45 -------- d-----w- c:\program files\trend micro
2012-10-20 09:45 . 2012-10-20 09:45 -------- d-----w- C:\rsit
2012-10-19 22:10 . 2012-10-19 22:10 -------- d-----w- c:\program files\CCleaner
2012-10-19 18:28 . 2012-10-19 18:28 -------- d-----w- c:\program files\Common Files\Java
2012-10-19 09:09 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-14 20:21 . 2012-10-14 20:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avery
2012-10-14 20:21 . 2012-10-14 20:21 -------- d-----w- c:\program files\Avery Dennison
2012-10-13 21:53 . 2012-10-14 10:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 21:53 . 2012-10-14 10:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-28 10:12 . 2012-09-28 10:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-09-28 10:12 . 2012-09-28 10:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-09-28 10:12 . 2012-09-28 10:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-09-28 10:12 . 2012-09-28 10:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-09-28 10:12 . 2012-09-28 10:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-09-28 10:12 . 2012-09-28 10:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-09-28 10:12 . 2012-09-28 10:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-09-28 10:10 . 2012-09-28 10:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-09-27 19:02 . 2012-10-18 18:25 -------- d-----w- c:\program files\Zrychleni Pocitace
2012-09-26 19:10 . 2012-09-27 21:08 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 13:32 . 2012-05-13 07:32 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2011-04-04 18:39 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51 . 2012-05-13 07:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 20:03 . 2010-10-24 20:25 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2006-03-02 12:00 2195072 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2071808 ------w- c:\windows\system32\ntkrnlpa.exe
2012-10-15 18:55 . 2012-10-15 18:50 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\ae4ac74864a34bda5a1d4d2ed27ee4c8\backup\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" [2007-02-06 176128]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-04-24 1197704]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-18 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-08-19 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-19 13925480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\
_uninst_44849069.lnk - c:\documents and settings\Owner\Local Settings\Temp\_uninst_44849069.bat [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [27.11.2010 0:55 398176]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [24.4.2012 12:53 215688]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [23.1.2012 13:40 1324680]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8.10.2011 17:09 47360]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.3.2011 22:52 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [27.4.2011 21:40 2214504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.10.2012 23:53 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20.3.2011 22:32 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.3.2011 22:52 136176]
S3 HcPvrUSB;HcPvrUSB.sys Mascom PVR USB driver 2.0.3;c:\windows\system32\drivers\HcPvrUSB.sys [6.1.2012 18:33 17664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11.5.2012 23:01 115168]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - xcpip
*Deregistered* - xpsec
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 10:37]
.
2012-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 20:52]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 20:52]
.
2012-10-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{15FC1207-C485-4D89-A397-898DE2752F51}: NameServer = 10.89.1.2,193.85.214.17
TCP: Interfaces\{DA741DF1-E45D-4D3A-9F95-799632394C91}: NameServer = 10.89.1.2,193.85.214.17
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\98ufrpyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-02 09:20; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-19 20:28; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-03-20 21:53; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\documents and settings\All Users\Data aplikacĂÂ\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2011-03-29 17:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-20 15:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Celkový čas: 2012-10-20 15:41:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-20 13:41
.
Před spuštěním: Volných bajtů: 45 519 384 576
Po spuštění: Volných bajtů: 45 993 439 232
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 809AB3EE6908C8735B500FCD9EC07E6A

#12 Příspěvek od **vyosek** » 20 říj 2012 15:03

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

jirkasl · #13 Příspěvek od **jirkasl** » 20 říj 2012 15:59

Tak tady:

############################## | UsbFix 7.059 | [Deletion]

User: Owner (Administrator) # DOMA-363AC646CA [ ]
Updated 16/09/2011 by El Desaparecido
Started at 16:39:02 | 20/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Intel(R) Celeron(R) CPU 2.66GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: Microsoft Security Essentials 4.1.0522.0 [(!) Disabled | Updated]
RAM -> 1983 Mb
C:\ (%systemdrive%) -> Fixed drive # 75 Gb (43 Mb free - 58%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Fixed drive # 92 Gb (2 Mb free - 2%) [Data] # NTFS
G:\ -> Fixed drive # 1 Gb (348 Mb free - 34%) [Swap] # NTFS
H:\ -> Fixed drive # 49 Gb (5 Mb free - 10%) [] # NTFS
I:\ -> Fixed drive # 7 Gb (7 Mb free - 99%) [Nový svazek] # NTFS
J:\ -> Removable drive # 4 Gb (240 Mb free - 6%) [KINGSTON] # FAT32
K:\ -> Removable drive # 4 Gb (2 Mb free - 45%) [] # FAT32
L:\ -> Removable drive # 978 Mb (41 Mb free - 4%) [] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Documents and Settings\Owner\Data aplikací\ezpinst.exe
Deleted ! F:\Recycler\S-1-5-21-1229272821-1060284298-854245398-1004
Deleted ! F:\Recycler\S-1-5-21-1343024091-1383384898-1060284298-1004
Deleted ! F:\Recycler\S-1-5-21-1614895754-764733703-839522115-1003
Deleted ! F:\Recycler\S-1-5-21-1644491937-492894223-1957994488-1004
Deleted ! F:\Recycler\S-1-5-21-299502267-1580436667-854245398-1003
Deleted ! F:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! F:\Recycler\S-1-5-21-343818398-1957994488-854245398-1004
Deleted ! F:\Recycler\S-1-5-21-484763869-1614895754-682003330-1005
Deleted ! G:\Recycler\S-1-5-21-1229272821-1060284298-854245398-1004
Deleted ! G:\Recycler\S-1-5-21-1343024091-1383384898-1060284298-1004
Deleted ! G:\Recycler\S-1-5-21-1614895754-764733703-839522115-1003
Deleted ! G:\Recycler\S-1-5-21-1644491937-492894223-1957994488-1004
Deleted ! G:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! G:\Recycler\S-1-5-21-343818398-1957994488-854245398-1004
Deleted ! G:\Recycler\S-1-5-21-484763869-1614895754-682003330-1005
Deleted ! H:\Recycler\S-1-5-21-1614895754-764733703-839522115-1003
Deleted ! H:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! H:\Recycler\S-1-5-21-343818398-1957994488-854245398-1004
Deleted ! H:\Recycler\S-1-5-21-484763869-1614895754-682003330-1005
Deleted ! I:\Recycler\S-1-5-21-1614895754-764733703-839522115-1003
Deleted ! I:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! I:\Recycler\S-1-5-21-343818398-1957994488-854245398-1004
Deleted ! I:\Recycler\S-1-5-21-484763869-1614895754-682003330-1005

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Listing |

[20/03/2011 - 17:56:18 | D ] C:\015c4004f00a6c9e7617
[25/03/2011 - 23:43:21 | D ] C:\4526bc173036752cac1818ec2866
[20/10/2012 - 12:30:26 | N | 6948] C:\AdwCleaner[R1].txt
[20/10/2012 - 13:18:37 | N | 6852] C:\AdwCleaner[S1].txt
[19/03/2011 - 00:05:04 | N | 0] C:\AUTOEXEC.BAT
[19/03/2011 - 00:00:06 | N | 211] C:\Boot.bak
[20/10/2012 - 15:19:40 | N | 327] C:\boot.ini
[02/03/2006 - 14:00:00 | N | 4952] C:\Bootfont.bin
[20/10/2012 - 15:19:40 | D ] C:\cmdcons
[03/08/2004 - 23:00:04 | N | 261312] C:\cmldr
[20/10/2012 - 15:41:17 | N | 16802] C:\ComboFix.txt
[19/10/2012 - 20:28:25 | D ] C:\Config.Msi
[19/03/2011 - 00:05:04 | N | 0] C:\CONFIG.SYS
[27/04/2011 - 21:40:32 | D ] C:\Documents and Settings
[19/03/2011 - 00:05:04 | N | 0] C:\IO.SYS
[19/03/2011 - 00:05:04 | N | 0] C:\MSDOS.SYS
[20/03/2011 - 18:03:10 | RD ] C:\MSOCache
[20/03/2011 - 17:55:53 | D ] C:\MSOCache(2)
[02/03/2006 - 14:00:00 | N | 47564] C:\NTDETECT.COM
[02/04/2011 - 20:03:05 | N | 250576] C:\ntldr
[27/04/2011 - 21:38:14 | D ] C:\NVIDIA
[20/10/2012 - 15:32:45 | ASH | 704643072] C:\pagefile.sys
[20/07/2012 - 21:20:39 | D ] C:\pracovní
[20/10/2012 - 15:30:21 | D ] C:\Program Files
[20/10/2012 - 15:41:21 | D ] C:\Qoobox
[20/10/2012 - 16:44:05 | SHD ] C:\RECYCLER
[31/12/2011 - 14:31:54 | D ] C:\Rossmann FOTOSHOP
[20/10/2012 - 11:45:42 | D ] C:\rsit
[20/10/2012 - 15:33:14 | SHD ] C:\System Volume Information
[19/03/2011 - 00:12:24 | D ] C:\temp
[20/10/2012 - 16:44:06 | D ] C:\UsbFix
[20/10/2012 - 16:46:50 | A | 3153] C:\UsbFix.txt
[20/10/2012 - 15:34:24 | D ] C:\WINDOWS
[26/09/2012 - 20:24:11 | D ] F:\Adámek
[03/07/2010 - 15:13:39 | D ] F:\aeccf17203542a3da2b781fcdd57b8
[04/12/2007 - 22:16:15 | N | 0] F:\asoutput.log
[29/04/2007 - 21:05:46 | D ] F:\Config.Msi
[12/07/2011 - 21:57:59 | D ] F:\Domácnost
[10/09/2006 - 20:06:36 | D ] F:\Fotky
[25/02/2011 - 01:13:31 | D ] F:\found.000
[13/06/2012 - 18:00:25 | D ] F:\Hudba
[26/12/2011 - 12:14:17 | D ] F:\Jirka
[09/09/2012 - 21:11:03 | D ] F:\Lenka
[28/01/2011 - 23:35:50 | D ] F:\msdownld.tmp
[25/02/2011 - 01:04:25 | D ] F:\Obrázky
[27/04/2011 - 22:14:21 | D ] F:\PC
[20/10/2012 - 16:44:05 | SHD ] F:\RECYCLER
[12/02/2009 - 20:24:07 | D ] F:\Rodina
[24/02/2008 - 10:40:56 | D ] F:\scratch
[17/08/2004 - 15:49:28 | N | 28672] F:\setupSNK.exe
[08/07/2012 - 18:09:44 | D ] F:\SMRTNTKY
[20/10/2012 - 15:33:59 | SHD ] F:\System Volume Information
[07/04/2011 - 20:54:27 | D ] F:\ZVÁNOVICE
[20/10/2012 - 15:32:45 | ASH | 703602688] G:\pagefile.sys
[20/10/2012 - 16:44:06 | SHD ] G:\RECYCLER
[20/10/2012 - 15:34:11 | SHD ] G:\System Volume Information
[17/07/2010 - 23:53:11 | D ] H:\042dae2720c873399496e6f541
[18/07/2010 - 00:02:00 | D ] H:\276eb012eb24223c793d6fb19f487983
[17/07/2010 - 23:53:17 | D ] H:\4544dbe0c9d04b9da73592c19cca
[18/07/2010 - 09:12:39 | D ] H:\a5932b8c851af2af7e1a02f6208a
[14/08/2010 - 21:25:52 | N | 95] H:\AUTOEXEC.BAT
[09/07/2010 - 19:21:04 | N | 211] H:\boot.ini
[02/03/2006 - 14:00:00 | N | 4952] H:\Bootfont.bin
[05/03/2012 - 00:12:44 | D ] H:\C-docasna_data
[11/07/2010 - 22:45:30 | D ] H:\C-Identities
[04/04/2011 - 23:09:57 | D ] H:\Config.Msi
[09/07/2010 - 19:26:39 | N | 0] H:\CONFIG.SYS
[31/12/2010 - 17:13:06 | D ] H:\Documents and Settings
[30/12/2010 - 14:29:43 | N | 893] H:\fftrlog.txt
[23/09/2010 - 20:48:52 | N | 244] H:\INSTALL.LOG
[09/07/2010 - 19:26:39 | N | 0] H:\IO.SYS
[29/01/2011 - 23:33:31 | N | 12151] H:\LU4.log
[09/07/2010 - 19:26:39 | N | 0] H:\MSDOS.SYS
[02/03/2006 - 14:00:00 | N | 47564] H:\NTDETECT.COM
[11/07/2010 - 12:26:28 | N | 250576] H:\ntldr
[14/08/2010 - 23:00:16 | D ] H:\NVIDIA
[04/04/2011 - 23:43:09 | N | 805306368] H:\pagefile.sys
[10/04/2011 - 21:03:31 | D ] H:\Program Files
[20/10/2012 - 16:44:06 | SHD ] H:\RECYCLER
[20/10/2012 - 15:34:11 | SHD ] H:\System Volume Information
[17/03/2011 - 22:39:25 | D ] H:\temp
[31/12/2010 - 23:41:55 | D ] H:\test
[12/12/2010 - 10:07:57 | D ] H:\videooutput
[04/04/2011 - 23:14:29 | D ] H:\WINDOWS
[20/10/2012 - 16:44:06 | SHD ] I:\RECYCLER
[20/10/2012 - 15:34:15 | SHD ] I:\System Volume Information
[23/03/2011 - 19:49:08 | N | 8183357] J:\Cenik_praci_na_PS_61-98.pdf
[23/03/2011 - 19:45:42 | N | 14154767] J:\Cenik_praci_na_PS_01-30.pdf
[07/06/2012 - 14:56:48 | D ] J:\příruby ocel (komap)
[08/12/2011 - 14:58:12 | N | 33351168] J:\PEPP_2011.xls
[10/08/2012 - 16:06:32 | D ] J:\2012_071R Oprava 3 ks filtrů na CHÚV - výtopny Juliska
[10/08/2012 - 16:10:46 | D ] J:\2012_091R Výměna filtru TF6
[16/08/2012 - 21:19:34 | D ] J:\foto
[18/08/2012 - 15:30:56 | N | 9] J:\HDINFO.CFG
[24/02/2012 - 20:54:06 | D ] J:\vše
[02/03/2012 - 12:40:38 | N | 780092809] J:\Cerna-labut.mkv
[30/04/2012 - 13:41:00 | N | 540128] J:\Hefaistos 1142-P6V-900_rev0_SMP pracovní.xlsx
[30/04/2012 - 14:26:22 | N | 438914] J:\plasty 1142-P6V-900_rev0_SMP.xlsx
[02/05/2012 - 14:50:56 | D ] J:\Trmice
[03/05/2012 - 21:53:38 | N | 6005500] J:\práce004.jpg
[03/05/2012 - 21:57:12 | N | 4061474] J:\práce005.jpg
[03/05/2012 - 21:42:52 | N | 5795759] J:\práce001.jpg
[03/05/2012 - 21:49:04 | N | 5254932] J:\práce002.jpg
[03/05/2012 - 21:51:32 | N | 5434502] J:\práce003.jpg
[31/05/2012 - 11:16:00 | N | 757500722] J:\Ta-treti.AVI
[23/03/2011 - 19:47:22 | N | 7922887] J:\Cenik_praci_na_PS_31-60.pdf
[24/09/2012 - 13:10:36 | N | 673092994] K:\Snatky-z-rozumu-2.AVI
[27/09/2012 - 07:56:56 | D ] K:\semafor
[21/12/2011 - 14:40:44 | D ] K:\Vše
[19/12/2011 - 16:54:30 | D ] K:\PS 02-E_MaR
[19/12/2011 - 16:54:28 | D ] K:\PS 01-Strojní část
[24/09/2012 - 13:49:24 | N | 669618338] K:\Snatky-z-rozumu-3.AVI
[06/04/2012 - 20:56:00 | D ] L:\vše
[07/08/2012 - 08:39:20 | N | 100834120] L:\301.42-desktop-winxp-32bit-english-whql.exe
[08/08/2012 - 08:02:36 | N | 1248048] L:\Pohadky_o_Masinkach _.pdf
[09/08/2012 - 15:01:16 | D ] L:\Trmice
[22/06/2012 - 12:49:04 | D ] L:\Certifikáty na pitnou vodu
[09/08/2012 - 19:25:30 | N | 300627] L:\Schránka02.jpg
[09/08/2012 - 19:28:30 | N | 771] L:\masinky_02.txt
[09/08/2012 - 19:29:30 | N | 703920] L:\Schránka03.jpg
[09/08/2012 - 19:29:54 | N | 1032] L:\masinky_03.txt
[09/08/2012 - 19:32:18 | N | 896215] L:\Schránka04.jpg
[09/08/2012 - 19:32:40 | N | 1587] L:\masinky_04.txt
[09/08/2012 - 19:23:08 | N | 517477] L:\Schránka01.jpg
[09/08/2012 - 19:25:00 | N | 1170] L:\masinky_01.txt
[09/08/2012 - 19:42:50 | N | 603334] L:\Schránka05.jpg
[09/08/2012 - 19:47:46 | N | 1062] L:\masinky_05.txt
[09/08/2012 - 19:48:38 | N | 1044641] L:\Schránka06.jpg
[09/08/2012 - 19:49:00 | N | 1893] L:\masinky_06.txt
[05/10/2012 - 18:08:30 | D ] L:\pracovní

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
F:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
H:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
I:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
J:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
K:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
L:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_DOMA-363AC646CA.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.

################## | E.O.F |

a druhý

############################## | UsbFix 7.059 | [Deletion]

User: Owner (Administrator) # DOMA-363AC646CA [ ]
Updated 16/09/2011 by El Desaparecido
Started at 16:50:32 | 20/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Intel(R) Celeron(R) CPU 2.66GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: Microsoft Security Essentials 4.1.0522.0 [(!) Disabled | Updated]
RAM -> 1983 Mb
C:\ (%systemdrive%) -> Fixed drive # 75 Gb (43 Mb free - 58%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Fixed drive # 92 Gb (2 Mb free - 2%) [Data] # NTFS
G:\ -> Fixed drive # 1 Gb (348 Mb free - 34%) [Swap] # NTFS
H:\ -> Fixed drive # 49 Gb (5 Mb free - 10%) [] # NTFS
I:\ -> Fixed drive # 7 Gb (7 Mb free - 99%) [Nový svazek] # NTFS
J:\ -> Removable drive # 2 Gb (2 Mb free - 0%) [] # FAT

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! F:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! G:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! H:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003
Deleted ! I:\Recycler\S-1-5-21-343818398-1637723038-682003330-1003

(!) Temporary files deleted.

################## | Registry |

################## | Mountpoints2 |

################## | Listing |

[20/03/2011 - 17:56:18 | D ] C:\015c4004f00a6c9e7617
[25/03/2011 - 23:43:21 | D ] C:\4526bc173036752cac1818ec2866
[20/10/2012 - 12:30:26 | N | 6948] C:\AdwCleaner[R1].txt
[20/10/2012 - 13:18:37 | N | 6852] C:\AdwCleaner[S1].txt
[19/03/2011 - 00:05:04 | N | 0] C:\AUTOEXEC.BAT
[20/10/2012 - 16:46:55 | RASHD ] C:\Autorun.inf
[19/03/2011 - 00:00:06 | N | 211] C:\Boot.bak
[20/10/2012 - 15:19:40 | N | 327] C:\boot.ini
[02/03/2006 - 14:00:00 | N | 4952] C:\Bootfont.bin
[20/10/2012 - 15:19:40 | D ] C:\cmdcons
[03/08/2004 - 23:00:04 | N | 261312] C:\cmldr
[20/10/2012 - 15:41:17 | N | 16802] C:\ComboFix.txt
[19/10/2012 - 20:28:25 | D ] C:\Config.Msi
[19/03/2011 - 00:05:04 | N | 0] C:\CONFIG.SYS
[27/04/2011 - 21:40:32 | D ] C:\Documents and Settings
[19/03/2011 - 00:05:04 | N | 0] C:\IO.SYS
[19/03/2011 - 00:05:04 | N | 0] C:\MSDOS.SYS
[20/03/2011 - 18:03:10 | RD ] C:\MSOCache
[20/03/2011 - 17:55:53 | D ] C:\MSOCache(2)
[02/03/2006 - 14:00:00 | N | 47564] C:\NTDETECT.COM
[02/04/2011 - 20:03:05 | N | 250576] C:\ntldr
[27/04/2011 - 21:38:14 | D ] C:\NVIDIA
[20/10/2012 - 15:32:45 | ASH | 704643072] C:\pagefile.sys
[20/07/2012 - 21:20:39 | D ] C:\pracovní
[20/10/2012 - 15:30:21 | D ] C:\Program Files
[20/10/2012 - 15:41:21 | D ] C:\Qoobox
[20/10/2012 - 16:51:21 | SHD ] C:\RECYCLER
[31/12/2011 - 14:31:54 | D ] C:\Rossmann FOTOSHOP
[20/10/2012 - 11:45:42 | D ] C:\rsit
[20/10/2012 - 15:33:14 | SHD ] C:\System Volume Information
[19/03/2011 - 00:12:24 | D ] C:\temp
[20/10/2012 - 16:51:21 | D ] C:\UsbFix
[20/10/2012 - 16:51:22 | A | 1453] C:\UsbFix.txt
[20/10/2012 - 16:47:13 | N | 10685] C:\UsbFix1.txt
[20/10/2012 - 16:47:02 | N | 41328] C:\UsbFix_Upload_Me_DOMA-363AC646CA.zip
[20/10/2012 - 15:34:24 | D ] C:\WINDOWS
[26/09/2012 - 20:24:11 | D ] F:\Adámek
[03/07/2010 - 15:13:39 | D ] F:\aeccf17203542a3da2b781fcdd57b8
[04/12/2007 - 22:16:15 | N | 0] F:\asoutput.log
[20/10/2012 - 16:46:55 | RASHD ] F:\Autorun.inf
[29/04/2007 - 21:05:46 | D ] F:\Config.Msi
[12/07/2011 - 21:57:59 | D ] F:\Domácnost
[10/09/2006 - 20:06:36 | D ] F:\Fotky
[25/02/2011 - 01:13:31 | D ] F:\found.000
[13/06/2012 - 18:00:25 | D ] F:\Hudba
[26/12/2011 - 12:14:17 | D ] F:\Jirka
[09/09/2012 - 21:11:03 | D ] F:\Lenka
[28/01/2011 - 23:35:50 | D ] F:\msdownld.tmp
[25/02/2011 - 01:04:25 | D ] F:\Obrázky
[27/04/2011 - 22:14:21 | D ] F:\PC
[20/10/2012 - 16:51:21 | SHD ] F:\RECYCLER
[12/02/2009 - 20:24:07 | D ] F:\Rodina
[24/02/2008 - 10:40:56 | D ] F:\scratch
[17/08/2004 - 15:49:28 | N | 28672] F:\setupSNK.exe
[08/07/2012 - 18:09:44 | D ] F:\SMRTNTKY
[20/10/2012 - 15:33:59 | SHD ] F:\System Volume Information
[07/04/2011 - 20:54:27 | D ] F:\ZVÁNOVICE
[20/10/2012 - 16:46:55 | RASHD ] G:\Autorun.inf
[20/10/2012 - 15:32:45 | ASH | 703602688] G:\pagefile.sys
[20/10/2012 - 16:51:21 | SHD ] G:\RECYCLER
[20/10/2012 - 15:34:11 | SHD ] G:\System Volume Information
[17/07/2010 - 23:53:11 | D ] H:\042dae2720c873399496e6f541
[18/07/2010 - 00:02:00 | D ] H:\276eb012eb24223c793d6fb19f487983
[17/07/2010 - 23:53:17 | D ] H:\4544dbe0c9d04b9da73592c19cca
[18/07/2010 - 09:12:39 | D ] H:\a5932b8c851af2af7e1a02f6208a
[14/08/2010 - 21:25:52 | N | 95] H:\AUTOEXEC.BAT
[20/10/2012 - 16:46:55 | RASHD ] H:\Autorun.inf
[09/07/2010 - 19:21:04 | N | 211] H:\boot.ini
[02/03/2006 - 14:00:00 | N | 4952] H:\Bootfont.bin
[05/03/2012 - 00:12:44 | D ] H:\C-docasna_data
[11/07/2010 - 22:45:30 | D ] H:\C-Identities
[04/04/2011 - 23:09:57 | D ] H:\Config.Msi
[09/07/2010 - 19:26:39 | N | 0] H:\CONFIG.SYS
[31/12/2010 - 17:13:06 | D ] H:\Documents and Settings
[30/12/2010 - 14:29:43 | N | 893] H:\fftrlog.txt
[23/09/2010 - 20:48:52 | N | 244] H:\INSTALL.LOG
[09/07/2010 - 19:26:39 | N | 0] H:\IO.SYS
[29/01/2011 - 23:33:31 | N | 12151] H:\LU4.log
[09/07/2010 - 19:26:39 | N | 0] H:\MSDOS.SYS
[02/03/2006 - 14:00:00 | N | 47564] H:\NTDETECT.COM
[11/07/2010 - 12:26:28 | N | 250576] H:\ntldr
[14/08/2010 - 23:00:16 | D ] H:\NVIDIA
[04/04/2011 - 23:43:09 | N | 805306368] H:\pagefile.sys
[10/04/2011 - 21:03:31 | D ] H:\Program Files
[20/10/2012 - 16:51:21 | SHD ] H:\RECYCLER
[20/10/2012 - 15:34:11 | SHD ] H:\System Volume Information
[17/03/2011 - 22:39:25 | D ] H:\temp
[31/12/2010 - 23:41:55 | D ] H:\test
[12/12/2010 - 10:07:57 | D ] H:\videooutput
[04/04/2011 - 23:14:29 | D ] H:\WINDOWS
[20/10/2012 - 16:46:55 | RASHD ] I:\Autorun.inf
[20/10/2012 - 16:51:21 | SHD ] I:\RECYCLER
[20/10/2012 - 15:34:15 | SHD ] I:\System Volume Information
[01/03/2012 - 12:14:40 | D ] J:\DCIM
[14/09/2011 - 12:55:52 | N | 135168] J:\352682043543502WMLicense.dat

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
F:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
H:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
I:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
J:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_DOMA-363AC646CA.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.

################## | E.O.F |

#14 Příspěvek od **vyosek** » 20 říj 2012 16:35

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

jirkasl · #15 Příspěvek od **jirkasl** » 20 říj 2012 16:41

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 4 Stepping 9, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/10/20 (ISO 8601) at 17:39:56
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD800BB-00FJA0 (13.03G13)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __ST3160812A (3.AAJ)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	74.53 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : E84012046E9358B294CA7C8C8D398B63
MBR_SHA1  : BDEC1A313E5CF120BDE1C8C14B12644F2C936FF5

Device\Harddisk0\Partition1	74.52 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk1\DR1	149.1 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 330C3558633844AC56CA4292B813679A
MBR_SHA1  : BF0819466C30308098DFC5FA11ABC544D9394BA3

Device\Harddisk1\Partition1	48.83 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk1\Partition2	1.00 Go  	0x07 NTFS / HPFS
Device\Harddisk1\Partition3	6.70 Go  	0x07 NTFS / HPFS
Device\Harddisk1\Partition4	92.42 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xB5B4C000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF79BD000
SIZE    : 8.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xpsec.sys => Invisible on the disk
ADDRESS : 0xB14FA000
SIZE    : 76.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xcpip.sys => Invisible on the disk
ADDRESS : 0xB1451000
SIZE    : 356.0 Ko

DRIVER  : C:\ComboFix\catchme.sys => Invisible on the disk
ADDRESS : 0xB0220000
SIZE    : 32.0 Ko

DRIVER  : C:\WINDOWS\system32\Drivers\PROCEXP113.SYS => Invisible on the disk
ADDRESS : 0xF7A05000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D8 8E C0 8E D0 BC 00 7C BE 1A 7C BF 00   3À.Ø.À.Ð¼.|¾.|¿.
0x00000010   06 B9 E6 01 50 57 FC F3 A4 CB BE A4 07 B1 04 90   .¹æ.PWüó¤Ë¾¤.±..
0x00000020   80 3C 80 74 0D 38 2C 0F 85 C0 00 83 C6 10 E2 F0   .<.t.8,..À..Æ.âð
0x00000030   CD 18 66 8B 44 08 8B 14 89 E3 B9 01 00 E8 64 00   Í.f.D....ã¹..èd.
0x00000040   73 0C 8B 4C 02 B8 01 02 CD 13 0F 82 B8 00 B9 55   s..L.¸..Í...¸.¹U
0x00000050   AA 2B 0E FE 7D 0F 85 CF 00 66 B8 00 00 00 00 66   ª+.þ}..Ï.f¸....f
0x00000060   39 44 08 72 08 66 8B 44 08 66 03 44 0C 83 C6 10   9D.r.f.D.f.D..Æ.
0x00000070   81 FE E4 07 72 E9 66 09 C0 74 1E B9 09 00 81 C3   .þä.réf.Àt.¹...Ã
0x00000080   00 02 E8 1F 00 72 12 89 DE 81 C6 0C 02 8D 54 F4   ..è..r..Þ.Æ...Tô
0x00000090   66 81 3C 75 2F F3 A4 74 05 EA 00 7C 00 00 89 DE   f.<u/ó¤t.ê.|...Þ
0x000000A0   FF D2 EB F5 66 60 B2 80 BB AA 55 B4 41 CD 13 73   .Òëõf`².»ªU´AÍ.s
0x000000B0   04 F9 66 61 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1   .ùfaÃ.ûUªuööÁ.tñ
0x000000C0   66 61 66 60 6A 00 6A 00 66 50 06 53 51 6A 10 B4   faf`j.j.fP.SQj.´
0x000000D0   42 89 E6 CD 13 61 66 61 C3 5E AC 08 C0 74 FC 56   B.æÍ.afaÃ^¬.ÀtüV
0x000000E0   1E BB 07 00 B4 0E CD 10 1F EB EE E8 EB FF 49 6E   .»..´.Í..ëîèë.In
0x000000F0   76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20   valid partition 
0x00000100   74 61 62 6C 65 00 E8 D0 FF 45 72 72 6F 72 20 6C   table.èÐ.Error l
0x00000110   6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67   oading operating
0x00000120   20 73 79 73 74 65 6D 00 E8 AE FF 4D 69 73 73 69    system.è®.Missi
0x00000130   6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73   ng operating sys
0x00000140   74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00   tem.............
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A A7 00 A7 00 00 00 80 01   .....,Dj§.§.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 A5 50 09 00 00   ...þ..?...Á¥P...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A A7 00 A7 00 00 00 80 01   .....,Dj§.§.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 A5 50 09 00 00   ...þ..?...Á¥P...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_____FAKED   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D8 8E C0 8E D0 BC 00 7C BE 1A 7C BF 00   3À.Ø.À.Ð¼.|¾.|¿.
0x00000010   06 B9 E6 01 50 57 FC F3 A4 CB BE A4 07 B1 04 90   .¹æ.PWüó¤Ë¾¤.±..
0x00000020   80 3C 80 74 0D 38 2C 0F 85 C0 00 83 C6 10 E2 F0   .<.t.8,..À..Æ.âð
0x00000030   CD 18 66 8B 44 08 8B 14 89 E3 B9 01 00 E8 64 00   Í.f.D....ã¹..èd.
0x00000040   73 0C 8B 4C 02 B8 01 02 CD 13 0F 82 B8 00 B9 55   s..L.¸..Í...¸.¹U
0x00000050   AA 2B 0E FE 7D 0F 85 CF 00 66 B8 00 00 00 00 66   ª+.þ}..Ï.f¸....f
0x00000060   39 44 08 72 08 66 8B 44 08 66 03 44 0C 83 C6 10   9D.r.f.D.f.D..Æ.
0x00000070   81 FE E4 07 72 E9 66 09 C0 74 1E B9 09 00 81 C3   .þä.réf.Àt.¹...Ã
0x00000080   00 02 E8 1F 00 72 12 89 DE 81 C6 0C 02 8D 54 F4   ..è..r..Þ.Æ...Tô
0x00000090   66 81 3C 75 2F F3 A4 74 05 EA 00 7C 00 00 89 DE   f.<u/ó¤t.ê.|...Þ
0x000000A0   FF D2 EB F5 66 60 B2 80 BB AA 55 B4 41 CD 13 73   .Òëõf`².»ªU´AÍ.s
0x000000B0   04 F9 66 61 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1   .ùfaÃ.ûUªuööÁ.tñ
0x000000C0   66 61 66 60 6A 00 6A 00 66 50 06 53 51 6A 10 B4   faf`j.j.fP.SQj.´
0x000000D0   42 89 E6 CD 13 61 66 61 C3 5E AC 08 C0 74 FC 56   B.æÍ.afaÃ^¬.ÀtüV
0x000000E0   1E BB 07 00 B4 0E CD 10 1F EB EE E8 EB FF 49 6E   .»..´.Í..ëîèë.In
0x000000F0   76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20   valid partition 
0x00000100   74 61 62 6C 65 00 E8 D0 FF 45 72 72 6F 72 20 6C   table.èÐ.Error l
0x00000110   6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67   oading operating
0x00000120   20 73 79 73 74 65 6D 00 E8 AE FF 4D 69 73 73 69    system.è®.Missi
0x00000130   6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73   ng operating sys
0x00000140   74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00   tem.............
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 7A D6 7A D6 00 00 80 01   .....,DjzÖzÖ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 27 79 1A 06 00 00   ...þ..?...'y....
0x000001D0   C1 FF 07 FE FF FF 66 79 1A 06 C3 1C 20 00 00 00   Á..þ..fy..Ã. ...
0x000001E0   C1 FF 05 FE FF FF F6 C5 3D 06 CB C4 63 0C 00 00   Á..þ..öÅ=.ËÄc...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 7A D6 7A D6 00 00 80 01   .....,DjzÖzÖ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 27 79 1A 06 00 00   ...þ..?...'y....
0x000001D0   C1 FF 07 FE FF FF 66 79 1A 06 C3 1C 20 00 00 00   Á..þ..fy..Ã. ...
0x000001E0   C1 FF 05 FE FF FF F6 C5 3D 06 CB C4 63 0C 00 00   Á..þ..öÅ=.ËÄc...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

VIRY.CZ

Každou minutu vyskočí okno IE - Navigace byla zrušena

Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena

Re: Každou minutu vyskočí okno IE - Navigace byla zrušena