Prosím o pročištění

[f24]

Dobrý den. Posílám log z nouzového režimu - v normálním mi nejde nic otevřít, žádný soubor, prohlížeč internetu... tisk, nic. A OTM mi nejde nikdy otevřít.

Logfile of random's system information tool 1.09 (written by random/random)
Run by jana at 2013-06-21 13:43:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (12%) free of 116 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:43:21, on 21.6.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\jana\Plocha\RSIT.exe
C:\Program Files\trend micro\jana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1195 ... 1558255F33
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SonyAgent] C:\WINDOWS\Temp\temp63.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [095991843C7416DC0000095988301C44] C:\Documents and Settings\All Users\Data aplikací\095991843C7416DC0000095988301C44\095991843C7416DC0000095988301C44.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Filter hijack: text/html - {31560f7b-b3b0-41de-b4cf-e8c104e5bb27} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipameti kategorií soucástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9b52ecaa98480) (gupdate1c9b52ecaa98480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SEcnStatutsDatabase (SENADB) - Unknown owner - C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

--
End of file - 6493 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\RegCure Pro.job
C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\ParetoLogic Update Version3.job
C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
C:\WINDOWS\tasks\ParetoLogic Registration3.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_jana.job
C:\WINDOWS\tasks\ReclaimerUpdateXML_jana.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ReclaimerUpdateFiles_jana.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-05-10 68680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2013-04-05 295512]
"SonyAgent"=C:\WINDOWS\Temp\temp63.exe [2013-06-18 794624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"095991843C7416DC0000095988301C44"=C:\Documents and Settings\All Users\Data aplikací\095991843C7416DC0000095988301C44\095991843C7416DC0000095988301C44 [2013-06-21 6048]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ProgSense.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE"="C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE:*:Enabled:SMLMProxy Module - HP1005MC.EXE"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.MPG4"=mpg4c32.dll
"vidc.MP42"=mpg4c32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.MP43"=mpg4c32.dll
"VIDC.VDOM"=vdowave.drv
"MSACM.LHACM"=lhacm.acm
"VIDC.TR20"=tr2032.dll
"vidc.vivo"=ivvideo.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"VIDC.DIVX"=DivX.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit -
.js - open - ""

======List of files/folders created in the last 1 month======

2013-06-21 13:15:58 ----SHD---- C:\FOUND.012
2013-06-18 23:16:43 ----A---- C:\AdwCleaner[S3].txt
2013-06-18 23:15:28 ----A---- C:\AdwCleaner[R5].txt
2013-06-18 21:04:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\095991843C7416DC0000095988301C44
2013-06-18 21:03:58 ----A---- C:\WINDOWS\system32\wpcap.dll
2013-06-18 21:03:58 ----A---- C:\WINDOWS\system32\Packet.dll
2013-06-18 21:03:58 ----A---- C:\WINDOWS\system32\drivers\npf.sys
2013-06-12 22:47:34 ----HD---- C:\WINDOWS\$NtUninstallKB2839229$
2013-06-12 21:41:06 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2013-06-21 13:34:58 ----A---- C:\WINDOWS\ntbtlog.txt
2013-06-21 13:33:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-06-12 22:45:08 ----A---- C:\WINDOWS\system32\MRT.exe
2013-06-12 22:44:56 ----A---- C:\WINDOWS\imsins.BAK
2013-06-12 21:41:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-05-23 17:42:58 ----A---- C:\Documents and Settings\jana\Data aplikací\AutoGK.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-26 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
S1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
S2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2013-06-18 50704]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060807.097\symidsco.sys []
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]
S2 SENADB;SEcnStatutsDatabase; C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [2011-05-12 85976]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-11-02 1699168]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-30 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim

Poprosim o log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=130781

[f24]

Nemám tady žádné další PC (spolubydlící jsou pryč), tak jsem to udělala normálně (uložila na externí disk) a nevím, jestli to má nějaký význam tedy. Kdyžtak pak až v neděli večer.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013 02
Ran by Administrator (administrator) on 21-06-2013 15:43:39
Running from K:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [295512 2013-04-05] (RealNetworks, Inc.)
HKLM\...\Run: [SonyAgent] C:\WINDOWS\Temp\temp63.exe [794624 2013-06-18] ()
HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] ()
HKCU\...\Runonce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [x]
HKCU\...\RunOnce: [Report] C:\AdwCleaner[S3].txt [2865 2013-06-18] ()
HKU\Default User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\jana\...\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide [ 2006-05-24] ()
HKU\jana\...\RunOnce: [095991843C7416DC0000095988301C44] C:\Documents and Settings\All Users\Data aplikací\095991843C7416DC0000095988301C44\095991843C7416DC0000095988301C44.exe [ 2013-06-18] ()
BootExecute: autocheck autochk * stera

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKLM - {D5D47440-0750-463D-BAEF-A47D02414806} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll (Xi)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

S2 Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [438272 2005-09-21] (Acer Inc.)
S2 gupdate1c9b52ecaa98480; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-04] (Google Inc.)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()
S2 SENADB; C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [85976 2011-05-12] ()
S2 StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [372736 2006-05-24] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-11-02] (TuneUp Software)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [3727680 2005-09-22] (Realtek Semiconductor Corp.)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [50704 2013-06-18] (CACE Technologies, Inc.)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S1 StyleXPHelper; C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe [10880 2005-10-31] (Windows (R) 2000 DDK provider)
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [103952 2004-08-10] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 sptd; System32\Drivers\sptd.sys [x]
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060807.097\symidsco.sys [x]
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
U3 TlntSvr;
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\ACPI.sys 4FE34F1F3126B61FCC6B2043AA8112C9
C:\Windows\System32\Drivers\ACPIEC.sys AFDFF022A01F0B11C776F0860C3B282F
C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\Windows\System32\drivers\Afc.sys A7B8A3A79D35215D798A300DF49ED23F
C:\Windows\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\Windows\System32\drivers\ALCXWDM.SYS 93F93A8E3E14CBBF1CE9A5AF1A70C095
C:\Windows\System32\DRIVERS\AmdK8.sys 99BD5596B5D06C2EAD3CECC6F11999F5
C:\Windows\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F
C:\Windows\System32\Drivers\ASPI32.sys B979979AB8027F7F53FB16EC4229B7DB
C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\Windows\System32\drivers\dmboot.sys DB5FD2BF5B07DC54BFCB3664FF05BD7C
C:\Windows\System32\drivers\dmio.sys FFF1720AF51171F32F1EAD5CF71F2810
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\Windows\System32\Drivers\Fips.sys AC366695A0796560AA37215AD5762AAF
C:\Windows\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\Windows\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\FsUsbExDisk.SYS CBE5F69A5E5B918225F420BA748F3742
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys 4E664D8541DB4A66B73A24257E322E1F
C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\Windows\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\Windows\System32\DRIVERS\i8042prt.sys C528E27945367191E7BAE364930B6932
C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\Windows\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\Windows\System32\DRIVERS\irda.sys ACA5E7B54409F9CB5EED97ED0C81120E
C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\Windows\System32\DRIVERS\irsir.sys 0501F0B9AB08425F8C0EACBDCC04AA32
C:\Windows\System32\DRIVERS\isapnp.sys CC9F8A2D60AED1A51A3AC34C59B987AE
C:\Windows\System32\DRIVERS\kbdclass.sys 1B6162FE7F66B1A71A4B70F941C4AA9B
C:\Windows\System32\DRIVERS\kbdhid.sys 86C8F23616C6C6E5B2776901C17B945B
C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\Windows\System32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys 44032B0C6D9954D3FD26438330B99EE7
C:\Windows\System32\DRIVERS\mouclass.sys 4CB582831DBDE63CE43B45D771218374
C:\Windows\System32\DRIVERS\mouhid.sys BB269EBA740737AB749B214D568B6812
C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\Windows\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\Windows\System32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\Windows\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\Windows\System32\Drivers\NDProxy.sys 9282BD12DFB069D3889EB3FCC1000A9B
C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\Windows\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA
C:\Windows\System32\drivers\NPF.sys B9730495E0CF674680121E34BD95A73B
C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\Windows\System32\DRIVERS\NTIDrvr.sys 7F1C1F78D709C4A54CBB46EDE7E0B48D
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nv4_mini.sys 7C56F3FD65B2BDB315CA3605A5392D7B
C:\Windows\System32\DRIVERS\NVENETFD.sys 2A7A2C6AB9631028B6E3A4159AA65705
C:\Windows\System32\DRIVERS\nvnetbus.sys 20526A8827DC0956B5526AEBCB6751A0
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F
C:\Windows\System32\DRIVERS\parport.sys 46F8DB73B4A53E543F8E371DC7C75BAE
C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\Windows\System32\Drivers\ParVdm.sys 1FAE19D0457176318BBA4A8795656EBC
C:\Windows\System32\DRIVERS\pci.sys 6CE351D149CB4BEFC702951E471E1730
C:\Windows\System32\DRIVERS\pciide.sys 2DA4EC85E0EA7A45C6B2A05820492D5A
C:\Windows\System32\Drivers\Pcmcia.sys 4FC31E6C19A5CE5198B1ABFF94CAE758
C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Windows\System32\DRIVERS\processr.sys 7EB15DCE4EC3A0220BD796A15C18186E
C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasirda.sys 0207D26DDF796A193CCD9F83047BB5FC
C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\Windows\System32\DRIVERS\redbook.sys 611BFD220305BE3A85AE876EA47D4AA5
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\Windows\System32\DRIVERS\serial.sys B842729337C9B921615C40D3C1A1AF96
C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\Windows\System32\DRIVERS\sr.sys 94610C8653635E4459316A0050D55CE7
C:\Windows\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\Windows\System32\Drivers\StarOpen.sys 306521935042FC0A6988D528643619B3
C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe 7E40B43922B2896F40A5930AF7489C60
C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\Program Files\Symantec\SYMEVENT.SYS 9F69E39B58377BE1D085A66F3580E58E
C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\Windows\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 94C4CD2D19B8C4137A46261F229FEC24
C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8
C:\Windows\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\Windows\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B
C:\Windows\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\Windows\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4
C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\Windows\System32\Drivers\VolSnap.sys 28A4B296B47782173C346E376CB374D1
C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\Windows\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104
C:\Windows\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\Windows\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-21 15:41 - 2013-06-21 15:41 - 00000000 ____D C:\FRST
2013-06-21 13:15 - 2013-06-21 13:15 - 00000000 __SHD C:\FOUND.012
2013-06-18 23:16 - 2013-06-18 23:17 - 00002865 ____A C:\AdwCleaner[S3].txt
2013-06-18 23:15 - 2013-06-18 23:15 - 00002807 ____A C:\AdwCleaner[R5].txt
2013-06-18 21:03 - 2013-06-18 21:04 - 00281104 ____A (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll
2013-06-18 21:03 - 2013-06-18 21:04 - 00100880 ____A (CACE Technologies, Inc.) C:\Windows\System32\Packet.dll
2013-06-18 21:03 - 2013-06-18 21:04 - 00050704 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2013-06-18 21:03 - 2013-06-18 21:03 - 00050688 ____A (TrueCrypt Foundation) C:\Documents and Settings\jana\a0wf15cqe0yvd.exe
2013-06-15 20:15 - 2013-06-21 13:16 - 00000402 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_jana.job
2013-06-15 20:15 - 2013-06-18 20:18 - 00000392 ____A C:\Windows\Tasks\ReclaimerUpdateXML_jana.job
2013-06-15 20:15 - 2013-06-17 19:16 - 00000396 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_jana.job
2013-06-12 22:47 - 2013-06-12 22:47 - 00000000 ___HD C:\Windows\$NtUninstallKB2839229$
2013-06-12 22:44 - 2013-06-12 22:44 - 00011826 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 22:25 - 2013-06-12 22:47 - 00015067 ____A C:\Windows\KB2839229.log
2013-06-12 21:41 - 2013-06-12 21:41 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders ========

2013-06-21 15:41 - 2013-06-21 15:41 - 00000000 ____D C:\FRST
2013-06-21 15:41 - 2007-06-09 11:13 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-21 15:41 - 2005-02-02 12:48 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-21 15:39 - 2012-01-13 21:57 - 01641304 ____A C:\Windows\WindowsUpdate.log
2013-06-21 15:39 - 2007-06-09 11:13 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-21 15:34 - 2005-02-02 12:48 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-21 15:27 - 2006-08-09 16:36 - 00000272 __ASH C:\Documents and Settings\jana\ntuser.ini
2013-06-21 13:34 - 2006-08-09 16:36 - 00000062 __ASH C:\Documents and Settings\jana\Local Settings\desktop.ini
2013-06-21 13:33 - 2010-01-28 12:04 - 00000214 ____A C:\Windows\wiadebug.log
2013-06-21 13:33 - 2010-01-28 12:04 - 00000050 ____A C:\Windows\wiaservc.log
2013-06-21 13:33 - 2005-02-02 12:49 - 00032464 ____A C:\Windows\SchedLgU.Txt
2013-06-21 13:33 - 2005-02-02 12:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 13:16 - 2013-06-15 20:15 - 00000402 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_jana.job
2013-06-21 13:16 - 2013-05-14 00:06 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-21 13:16 - 2013-04-05 12:41 - 00000276 ____A C:\Windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
2013-06-21 13:16 - 2012-12-03 00:27 - 00000468 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-06-21 13:16 - 2012-09-11 12:25 - 00000298 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
2013-06-21 13:16 - 2012-04-15 13:39 - 00000045 ____A C:\TEST.XML
2013-06-21 13:16 - 2011-10-27 13:46 - 00000276 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
2013-06-21 13:16 - 2005-02-02 12:49 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-06-21 13:15 - 2013-06-21 13:15 - 00000000 __SHD C:\FOUND.012
2013-06-18 23:17 - 2013-06-18 23:16 - 00002865 ____A C:\AdwCleaner[S3].txt
2013-06-18 23:15 - 2013-06-18 23:15 - 00002807 ____A C:\AdwCleaner[R5].txt
2013-06-18 23:03 - 2013-05-07 00:31 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
2013-06-18 21:11 - 2013-05-14 00:06 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 21:04 - 2013-06-18 21:03 - 00281104 ____A (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll
2013-06-18 21:04 - 2013-06-18 21:03 - 00100880 ____A (CACE Technologies, Inc.) C:\Windows\System32\Packet.dll
2013-06-18 21:04 - 2013-06-18 21:03 - 00050704 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2013-06-18 21:03 - 2013-06-18 21:03 - 00050688 ____A (TrueCrypt Foundation) C:\Documents and Settings\jana\a0wf15cqe0yvd.exe
2013-06-18 20:41 - 2012-11-16 03:04 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 20:18 - 2013-06-15 20:15 - 00000392 ____A C:\Windows\Tasks\ReclaimerUpdateXML_jana.job
2013-06-18 18:00 - 2012-12-03 00:27 - 00000442 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-06-18 14:05 - 2013-04-05 12:41 - 00000284 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
2013-06-17 19:16 - 2013-06-15 20:15 - 00000396 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_jana.job
2013-06-16 03:12 - 2012-12-03 00:27 - 00000384 ____A C:\Windows\Tasks\RegCure Pro.job
2013-06-14 21:19 - 2012-04-17 08:30 - 00000000 ____A C:\sparkraw.log
2013-06-12 22:47 - 2013-06-12 22:47 - 00000000 ___HD C:\Windows\$NtUninstallKB2839229$
2013-06-12 22:47 - 2013-06-12 22:25 - 00015067 ____A C:\Windows\KB2839229.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00646447 ____A C:\Windows\FaxSetup.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00333833 ____A C:\Windows\ocgen.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00249706 ____A C:\Windows\tsoc.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00211851 ____A C:\Windows\comsetup.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00131137 ____A C:\Windows\ntdtcsetup.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00098673 ____A C:\Windows\iis6.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00040043 ____A C:\Windows\ocmsn.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00032673 ____A C:\Windows\msgsocm.log
2013-06-12 22:47 - 2012-01-26 03:01 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 22:47 - 2012-01-12 22:01 - 00272837 ____A C:\Windows\setupapi.log
2013-06-12 22:45 - 2006-10-25 14:08 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 22:44 - 2013-06-12 22:44 - 00011826 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 22:44 - 2012-01-26 03:01 - 00191277 ____A C:\Windows\updspapi.log
2013-06-12 22:44 - 2012-01-26 03:01 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 21:41 - 2013-06-12 21:41 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-12 21:41 - 2012-11-16 03:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 21:41 - 2011-12-05 01:29 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-07 18:37 - 2006-08-09 21:01 - 00060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2013-05-25 19:29 - 2011-12-06 14:18 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-05-23 11:27 - 2010-10-28 21:27 - 00000284 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job

Files to move or delete:
====================
C:\Documents and Settings\jana\a0wf15cqe0yvd.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-18 20:00] - [2008-04-14 05:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2004-08-18 20:00] - [2008-04-14 05:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2004-08-18 20:00] - [2008-04-14 05:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2004-08-18 20:00] - [2009-02-09 13:25] - 0111104 ____N (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2005-03-02 19:18] - [2008-04-14 05:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2004-08-18 20:00] - [2008-04-14 05:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-18 20:00] - [2008-04-14 04:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

[vyosek]

OK, udelala jste to dobre

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
  C:\WINDOWS\tasks\Adobe Flash Player Updater.job
  C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
  C:\WINDOWS\tasks\RegCure Pro.job
  C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
  C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
  C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
  C:\WINDOWS\tasks\ParetoLogic Update Version3.job
  C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
  C:\WINDOWS\tasks\ParetoLogic Registration3.job
  C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
  C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_jana.job
  C:\WINDOWS\tasks\ReclaimerUpdateXML_jana.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\ReclaimerUpdateFiles_jana.job
  C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-868582862-3265150132-3194725917-1006.job
  C:\Documents and Settings\All Users\Data aplikací\095991843C7416DC0000095988301C44
  HKLM\...\Run: [SonyAgent] C:\WINDOWS\Temp\temp63.exe [794624 2013-06-18] ()
  HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] ()
  HKCU\...\RunOnce: [Report] C:\AdwCleaner[S3].txt [2865 2013-06-18] ()
  HKU\Default User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
  HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [295512 2013-04-05] (RealNetworks, Inc.)
  HKCU\...\Runonce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [x]
  HKU\jana\...\RunOnce: [095991843C7416DC0000095988301C44] C:\Documents and Settings\All Users\Data aplikací\095991843C7416DC0000095988301C44\095991843C7416DC0000095988301C44.exe [ 2013-06-18] ()
  SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
  SearchScopes: HKLM - {D5D47440-0750-463D-BAEF-A47D02414806} URL = http://search.centrum.cz/index.php?q={searchTerms}&toolbar=centrum-1.0.0
  Handler: ipp - No CLSID Value - 
  Handler: msdaipp - No CLSID Value -
  S4 Abiosdsk; No ImagePath
  S4 abp480n5; No ImagePath
  S4 adpu160m; No ImagePath
  S4 Aha154x; No ImagePath
  S4 aic78u2; No ImagePath
  S4 aic78xx; No ImagePath
  S4 AliIde; No ImagePath
  S4 amsint; No ImagePath
  S4 asc; No ImagePath
  S4 asc3350p; No ImagePath
  S4 asc3550; No ImagePath
  S4 Atdisk; No ImagePath
  S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [x]
  S4 cd20xrnt; No ImagePath
  S1 Changer; No ImagePath
  S4 CmdIde; No ImagePath
  S4 Cpqarray; No ImagePath
  U4 dac2w2k; No ImagePath
  S4 dac960nt; No ImagePath
  S4 dpti2o; No ImagePath
  S4 hpn; No ImagePath
  S1 i2omgmt; No ImagePath
  S4 i2omp; No ImagePath
  S4 ini910u; No ImagePath
  S4 IntelIde; No ImagePath
  S1 lbrtfdc; No ImagePath
  S4 mraid35x; No ImagePath
  S1 PCIDump; No ImagePath
  S3 PDCOMP; No ImagePath
  S3 PDFRAME; No ImagePath
  S3 PDRELI; No ImagePath
  S3 PDRFRAME; No ImagePath
  S4 perc2; No ImagePath
  S4 perc2hib; No ImagePath
  S4 ql1080; No ImagePath
  S4 Ql10wnt; No ImagePath
  S4 ql12160; No ImagePath
  S4 ql1240; No ImagePath
  S4 ql1280; No ImagePath
  S4 Simbad; No ImagePath
  S4 Sparrow; No ImagePath
  S4 symc810; No ImagePath
  S4 symc8xx; No ImagePath
  S4 sym_hi; No ImagePath
  S4 sym_u3; No ImagePath
  U3 TlntSvr; 
  S4 TosIde; No ImagePath
  S4 ultra; No ImagePath
  S4 ViaIde; No ImagePath
  S3 WDICA; No ImagePath
  2013-06-18 21:03 - 2013-06-18 21:03 - 00050688 ____A (TrueCrypt Foundation) C:\Documents and Settings\jana\a0wf15cqe0yvd.exe
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

[f24]

Funguje. Jupí. Děkuji moc!

[vyosek]

Fajn, nyni poprosim o log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

A udelejte ten MBAM - navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

[f24]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.06.21.06

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
jana :: ACER-048883C16A [administrátor]

Ochrana: Povolena

21.6.2013 20:14:11
MBAM-log-2013-06-21 (20-29-22).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 271036
Uplynulý čas: 8 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} (Adware.Alexa) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Documents and Settings\All Users\Data aplikací\PageshotsPro\pageshots_x86.dll (Adware.ADON) -> Nebyla provedena žádná instrukce.
C:\Program Files\U95.exe (PUP.UltraSurf) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\jana\Local Settings\temp\905d86e4b7db2b0b.exe (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\temp\temp63.exe (Trojan.Agent.rf) -> Nebyla provedena žádná instrukce.

(konec)

[f24]

Logfile of random's system information tool 1.09 (written by random/random)
Run by jana at 2013-06-21 20:36:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (11%) free of 116 GB
Total RAM: 1022 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:29, on 21.6.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\jana\Plocha\RSIT.exe
C:\Program Files\trend micro\jana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1195 ... 1558255F33
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Filter hijack: text/html - {31560f7b-b3b0-41de-b4cf-e8c104e5bb27} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipameti kategorií soucástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9b52ecaa98480) (gupdate1c9b52ecaa98480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SEcnStatutsDatabase (SENADB) - Unknown owner - C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

--
End of file - 7418 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-05-10 68680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ProgSense.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE"="C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE:*:Enabled:SMLMProxy Module - HP1005MC.EXE"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.MPG4"=mpg4c32.dll
"vidc.MP42"=mpg4c32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.MP43"=mpg4c32.dll
"VIDC.VDOM"=vdowave.drv
"MSACM.LHACM"=lhacm.acm
"VIDC.TR20"=tr2032.dll
"vidc.vivo"=ivvideo.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"VIDC.DIVX"=DivX.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit -
.js - open - ""

======List of files/folders created in the last 1 month======

2013-06-21 16:36:30 ----ASH---- C:\hiberfil.sys
2013-06-21 15:41:50 ----D---- C:\FRST
2013-06-21 13:15:58 ----SHD---- C:\FOUND.012
2013-06-18 23:16:43 ----A---- C:\AdwCleaner[S3].txt
2013-06-18 23:15:28 ----A---- C:\AdwCleaner[R5].txt
2013-06-18 21:03:58 ----A---- C:\WINDOWS\system32\wpcap.dll
2013-06-18 21:03:58 ----A---- C:\WINDOWS\system32\Packet.dll
2013-06-18 21:03:58 ----A---- C:\WINDOWS\system32\drivers\npf.sys
2013-06-12 22:47:34 ----HD---- C:\WINDOWS\$NtUninstallKB2839229$
2013-06-12 21:41:06 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2013-06-21 16:52:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-06-21 15:46:24 ----A---- C:\WINDOWS\ntbtlog.txt
2013-06-12 22:45:08 ----A---- C:\WINDOWS\system32\MRT.exe
2013-06-12 22:44:56 ----A---- C:\WINDOWS\imsins.BAK
2013-06-12 21:41:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-05-23 17:42:58 ----A---- C:\Documents and Settings\jana\Data aplikací\AutoGK.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-26 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2013-06-18 50704]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060807.097\symidsco.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]
R2 SENADB;SEcnStatutsDatabase; C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [2011-05-12 85976]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-11-02 1699168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-30 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

[f24]

RogueKiller V8.6.1 [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : jana [Práva správce]
Mód : Kontrola -- Datum : 06/21/2013 23:05:49
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FF][PROXY] ncuw3bki.default : user_pref("network.proxy.hxxp", "127.0.0.1"); -> NALEZENO
[FF][PROXY] ncuw3bki.default : user_pref("network.proxy.hxxp_port", 8080); -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: HDT722525DLA380 +++++
--- User ---
[MBR] 481367b9a9022ee4adab9b5ce6cc3f61
[BSP] 115f5cb7bd1141e872924e5736d587e5 : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 10233405 | Size: 116486 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 248798655 | Size: 116988 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_06212013_230549.txt >>

[vyosek]

Mrcha se nam nejak rozlezla

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

[f24]

A neměla jsem to mazat? V tom MBAMu a RogueKiller?
OTL mi nejde spustit. Zkusím to pak ještě v nouzovém režimu, ale asi to nepůjde, stejně jako OTM.

[vyosek]

Ja to chtel smazat vse naraz treba prave pres OTL

Nalezy MBAMu tedy smazte, log rad uvidim

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[f24]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.06.22.06

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
jana :: ACER-048883C16A [administrátor]

Ochrana: Povolena

22.6.2013 21:27:46
mbam-log-2013-06-22 (21-27-46).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 271698
Uplynulý čas: 8 minut, 20 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} (Adware.Alexa) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Documents and Settings\All Users\Data aplikací\PageshotsPro\pageshots_x86.dll (Adware.ADON) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\U95.exe (PUP.UltraSurf) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\jana\Local Settings\temp\905d86e4b7db2b0b.exe (Trojan.Downloader) -> Přesun do karantény a smazání se zdařilo.
C:\WINDOWS\temp\temp63.exe (Trojan.Agent.rf) -> Přesun do karantény a smazání se zdařilo.

(konec)

[f24]

Přes RogueKiller jsem mazala už předtím, tak jenom ten druhý log:

RogueKiller V8.6.1 [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : jana [Práva správce]
Mód : Oprava HOSTS -- Datum : 06/22/2013 21:57:32
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_06222013_215732.txt >>
RKreport[0]_S_06212013_230549.txt;RKreport[0]_D_06222013_050514.txt;RKreport[0]_S_06222013_215031.txt
RKreport[0]_D_06222013_215308.txt;RKreport[0]_S_06222013_215532.txt