Dobrý den, prosím o kontrolu logu

Zpráva

bobjara · #1 Příspěvek od **bobjara** » 03 zář 2013 10:01

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jaroslav Sedlák at 2013-09-03 10:53:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive G: has 100 GB (65%) free of 153 GB
Total RAM: 2047 MB (55% free)

HijackThis download failed

======Scheduled tasks folder======

G:\WINDOWS\tasks\Adobe Flash Player Updater.job
G:\WINDOWS\tasks\AppleSoftwareUpdate.job
G:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
G:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
G:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
G:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
G:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
G:\WINDOWS\tasks\SmartDefragUpdate.job
G:\WINDOWS\tasks\Wise Care 365.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - G:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - G:\Program Files\Java\jre7\bin\ssv.dll [2013-06-20 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - G:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - G:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL [2013-04-24 659264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
OnRPG Toolbar - G:\Program Files\OnRPG\prxtbOnR0.dll [2013-06-18 231712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - G:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-20 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - OnRPG Toolbar - G:\Program Files\OnRPG\prxtbOnR0.dll [2013-06-18 231712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=g:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"SunJavaUpdateSched"=G:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"QuickTime Task"=G:\Program Files\QuickTime\qttask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
g:\program files\intuwave\shared\mrouterruntime\mrouterconfig.exe [2006-03-02 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
g:\program files\rainlendar2\rainlendar2.exe [2012-07-24 2498048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
g:\program files\spybot - search & destroy 2\sdtray.exe [2012-11-13 3825176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedFan]
g:\program files\speedfan\speedfan.exe [2011-07-13 4615064]

G:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
G:\WINDOWS\system32\Ati2evxx.dll [2012-03-09 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
G:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - G:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoResolveTrack"=
"NoFileAssociate"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Program Files\Zoner\Photo Studio 13\Program32\Zps.exe"="G:\Program Files\Zoner\Photo Studio 13\Program32\Zps.exe:*:Enabled:Zoner Photo Studio 13"
"G:\Program Files\Opera\opera.exe"="G:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"H:\TmNationsForever\TmForever.exe"="H:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"G:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="G:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"G:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="G:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Disabled:Microsoft OneNote"
"H:\World_of_Tanks\WorldOfTanks.exe"="H:\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"H:\World_of_Tanks\WOTLauncher.exe"="H:\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"G:\WINDOWS\system32\mmc.exe"="G:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"G:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe"="G:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="G:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="G:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="G:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="G:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"G:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="G:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"G:\Program Files\HP\HP Software Update\HPWUCli.exe"="G:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"G:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="G:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"G:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="G:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"G:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="G:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"G:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="G:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"G:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="G:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"G:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="G:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
"G:\Program Files\Maxthon\Bin\MxUp.exe"="G:\Program Files\Maxthon\Bin\MxUp.exe:*:Enabled:MxUp"
"G:\Program Files\Maxthon\Bin\Maxthon.exe"="G:\Program Files\Maxthon\Bin\Maxthon.exe:*:Enabled:Maxthon"
"G:\Documents and Settings\All Users\Data aplikací\eSafe\eGdpSvc.exe"="G:\Documents and Settings\All Users\Data aplikací\eSafe\eGdpSvc.exe:*:Enabled:WsysSvc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="G:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="G:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="G:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="G:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"G:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="G:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"G:\Program Files\HP\HP Software Update\HPWUCli.exe"="G:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"G:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="G:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"

======List of files/folders created in the last 1 months======

2013-09-03 10:53:02 ----D---- G:\rsit
2013-09-03 10:53:02 ----D---- G:\Program Files\trend micro
2013-09-03 10:34:35 ----A---- G:\ComboFix.txt
2013-09-03 10:17:47 ----A---- G:\WINDOWS\zip.exe
2013-09-03 10:17:47 ----A---- G:\WINDOWS\SWREG.exe
2013-09-03 10:17:47 ----A---- G:\WINDOWS\PEV.exe
2013-09-03 10:17:47 ----A---- G:\WINDOWS\NIRCMD.exe
2013-09-03 10:17:47 ----A---- G:\WINDOWS\MBR.exe
2013-09-03 10:17:47 ----A---- G:\WINDOWS\grep.exe
2013-09-03 10:17:46 ----A---- G:\WINDOWS\SWXCACLS.exe
2013-09-03 10:17:46 ----A---- G:\WINDOWS\SWSC.exe
2013-09-03 10:17:46 ----A---- G:\WINDOWS\sed.exe
2013-09-03 10:14:22 ----AD---- G:\Qoobox
2013-08-29 09:48:34 ----HDC---- G:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-27 10:17:01 ----D---- G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\ZipGenius
2013-08-27 10:16:02 ----D---- G:\Program Files\ZipGenius 6
2013-08-14 16:46:13 ----D---- G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\Opera Software

======List of files/folders modified in the last 1 months======

2013-09-03 10:53:02 ----RD---- G:\Program Files
2013-09-03 10:39:30 ----D---- G:\WINDOWS\Temp
2013-09-03 10:38:12 ----SD---- G:\WINDOWS\Tasks
2013-09-03 10:34:39 ----D---- G:\WINDOWS\system32\drivers
2013-09-03 10:30:01 ----D---- G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\Wise Care 365
2013-09-03 10:29:38 ----D---- G:\WINDOWS
2013-09-03 10:29:38 ----A---- G:\WINDOWS\system.ini
2013-09-03 10:29:05 ----D---- G:\WINDOWS\system32\CatRoot2
2013-09-03 10:26:43 ----D---- G:\WINDOWS\system32\config
2013-09-03 10:26:33 ----D---- G:\WINDOWS\erdnt
2013-09-03 10:25:45 ----D---- G:\WINDOWS\system32
2013-09-03 10:25:39 ----D---- G:\Full-size Mouse
2013-09-03 10:23:45 ----D---- G:\WINDOWS\AppPatch
2013-09-03 10:23:42 ----RD---- G:\Program Files\Common Files
2013-09-03 10:17:55 ----A---- G:\WINDOWS\SchedLgU.Txt
2013-09-03 09:43:21 ----D---- G:\Program Files\SpeedFan
2013-09-03 09:42:09 ----D---- G:\WINDOWS\SoftwareDistribution
2013-09-03 09:39:14 ----D---- G:\WINDOWS\Debug
2013-09-02 10:26:25 ----D---- G:\Documents and Settings\All Users\Data aplikací\eSafe
2013-08-31 13:08:12 ----D---- G:\Program Files\Opera
2013-08-30 11:53:33 ----D---- G:\WINDOWS\Prefetch
2013-08-29 15:28:29 ----D---- G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\Apple Computer
2013-08-29 15:15:16 ----D---- G:\Program Files\WinRAR
2013-08-29 09:48:49 ----HD---- G:\WINDOWS\inf
2013-08-18 07:22:13 ----D---- G:\Moto assistant
2013-08-15 11:44:34 ----A---- G:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-15 06:46:52 ----D---- G:\WINDOWS\system32\MRT
2013-08-15 06:35:28 ----A---- G:\WINDOWS\system32\MRT.exe
2013-08-15 06:35:20 ----RSHDC---- G:\WINDOWS\system32\dllcache
2013-08-15 06:34:34 ----D---- G:\Program Files\Internet Explorer
2013-08-15 06:34:24 ----D---- G:\WINDOWS\system32\cs-cz
2013-08-12 12:03:59 ----AC---- G:\WINDOWS\MyHeritage.INI
2013-08-11 07:46:30 ----D---- G:\Program Files\Serial Key Generator 5.0
2013-08-10 07:20:10 ----D---- G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\HPAppData
2013-08-04 10:47:34 ----D---- G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\Device Doctor

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgtp;avgtp; \??\G:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; G:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; G:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 BT848;KWorld TV878 Video Capture; G:\WINDOWS\system32\drivers\cxvcap.sys [2000-01-01 63232]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; G:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; G:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; G:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; G:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-08 135168]
R3 AEAudioService;AEAudio Service; G:\WINDOWS\system32\drivers\AEAudio.sys [2005-07-08 127872]
R3 ati2mtag;ati2mtag; G:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-03-09 7586304]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; G:\WINDOWS\system32\drivers\AtihdXP3.sys [2011-12-20 100368]
R3 catchme;catchme; \??\G:\ComboFix\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; G:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; G:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; G:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; G:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; G:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
R3 mouhid;Ovladač myši standardu HID; G:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; G:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NWRDR;NetWare Rdr; G:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; G:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; G:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 SenFiltService;SenFilt Service; G:\WINDOWS\system32\drivers\Senfilt.sys [2005-07-08 393088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\G:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; G:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; G:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; G:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; G:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; G:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; G:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); G:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-01-15 63360]
S1 MoboroboAssDriver;MoboroboAssDriver; G:\WINDOWS\system32\drivers\MoboroboAssDriver.sys []
S3 CCDECODE;Dekodér Closed Caption; G:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; G:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 FileMonitor;FileMonitor; \??\G:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys []
S3 mbr;mbr; \??\G:\DOCUME~1\JAROSL~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; G:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; G:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; G:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; G:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; G:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; G:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RegFilter;RegFilter; \??\G:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys []
S3 SLIP;BDA Slip De-Framer; G:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; G:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SWDUMon;SWDUMon; G:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2013-04-01 13464]
S3 upperdev;upperdev; G:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 UrlFilter;UrlFilter; \??\G:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys []
S3 usbser;USB Modem Driver; G:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; G:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 WDC_SAM;WD SCSI Pass Thru driver; G:\WINDOWS\system32\DRIVERS\wdcsam.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; G:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 whfltr2k;WheelMouse USB Lower Filter Driver; G:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2000-01-01 6784]
S3 WpdUsb;WpdUsb; G:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; G:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; G:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; G:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 zebrbus;Sony Ericsson Composite Device driver; G:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-01-15 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; G:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-01-15 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); G:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-01-15 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); G:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-01-15 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; G:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-01-15 91264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; G:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
R2 Ati HotKey Poller;Ati HotKey Poller; G:\WINDOWS\system32\Ati2evxx.exe [2012-03-09 643072]
R2 Browser Manager;Browser Manager; G:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2013-07-26 2847696]
R2 hpqcxs08;hpqcxs08; G:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; G:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IMFservice;IMF Service; G:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2013-04-25 335168]
R2 JavaQuickStarterService;Java Quick Starter; G:\Program Files\Java\jre7\bin\jqs.exe [2013-06-20 182184]
R2 MsMpSvc;Microsoft Antimalware Service; g:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 NMSAccess;NMSAccess; G:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-05 71096]
R2 NWCWorkstation;Klient systému NetWare; G:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); G:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; G:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; G:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; G:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2013-01-31 1724192]
R2 UxTuneUp;TuneUp Theme Extension; G:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; G:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-15 257416]
S2 gupdate;Služba Google Update (gupdate); G:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-08 116648]
S2 SDWSCService;Spybot-S&D 2 Security Center Service; G:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 WiseBootAssistant;Wise Boot Assistant; G:\Program Files\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
S3 gupdatem;Služba Google Update (gupdatem); G:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-08 116648]
S3 gusvc;Google Updater Service; G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 npggsvc;nProtect GameGuard Service; G:\WINDOWS\system32\GameMon.des [2011-08-08 4865496]
S3 ose;Office Source Engine; G:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; G:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; G:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 WinRM;Windows Remote Management (WS-Management); G:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; G:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; G:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 03 zář 2013 11:04

Zdravím.

Co se týče ComboFixu, tak na základě licence a pravidel fóra se ptám - umíš s ním pracovat (spuštění, rozluštění logu, sestavení opravného scriptu, případně vrácení nechtěných výmazů a oprav)?!

bobjara · #3 Příspěvek od **bobjara** » 03 zář 2013 14:21

Ahoj, bohužel ne, ale podle návodu to snad zvládnu dík

#4 Příspěvek od **Mc_Murphy** » 03 zář 2013 15:23

bobjara píše:Ahoj, bohužel ne, ale podle návodu to snad zvládnu dík

Tak ale příště si laskavě přečti pravidla fóra a také Licenční podmínky používání ComboFixu! Při dalším jeho svévolném použití Ti bude pomoc odmítnuta.

Kdybys byl tak laskav a přečetl si pravidla fóra - http://forum.viry.cz/viewtopic.php?f=12&t=5601 - dočetl by ses mimo jiné, že:

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je! Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád či nějaký rádoby odborný web. Naše fórum je jediné z CZ\SK antivirových fór, které má právo luštit logy z ComboFixu a máme též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

A také licenční podmínky hovoří jasně: "Nikdy by neměl být použit v prostředí bez dozoru zkušené osoby".
Obrázek

Nebezpečí CFka:

Tento program je určen primárně pro rádce - jeho svévolným použitím ztrácíš nárok na podporu!
Maže stopy po havěti, takže v logu ze RSITu není potom nic vidět a my nemáme jak havěť vypátrat!
Jeho log je třeba doluštit, jelikož neumí smazat vše - to ovšem těžko zvládneš, pokud k tomu nejsi vyškolen!
CF může mít bug - sundá Ti systém tím, že smaže legální soubory a pokud nevíš, kam co ukládá a jak co obnovit, máš systém v kytkách a čeká Tě reinstall!
CF taky bohužel prozatím nekontroluje některé důležité knihovny (např. hal.dll) - ty mažou kupříkladu některé typy havěti (Angela a další) - smaže Ti po restartu hal.dll = nenajede Ti systém a jsi o řádek výše = reinstall!

Vlož mi sem jeho log aspoň, je v G:\ComboFix.txt.

bobjara · #5 Příspěvek od **bobjara** » 03 zář 2013 15:43

Omlouvám se, špatně jsem to pochopil

ComboFix 13-09-02.02 - Jaroslav Sedlák 03.09.2013 10:20:14.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1270 [GMT 2:00]
Spuštěný z: g:\documents and settings\Jaroslav Sedlák\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\docume~1\JAROSL~1\LOCALS~1\Temp\sfamcc00001.dll
g:\docume~1\JAROSL~1\LOCALS~1\Temp\sfareca00001.dll
g:\documents and settings\Jaroslav Sedlák\Local Settings\Temp\sfamcc00001.dll
g:\documents and settings\Jaroslav Sedlák\Local Settings\Temp\sfareca00001.dll
g:\full-s~1\wh_exec.exe
g:\windows\system32\Cache
g:\windows\system32\Cache\272512937d9e61a4.fb
g:\windows\system32\Cache\287204568329e189.fb
g:\windows\system32\Cache\28bc8f716fd76a47.fb
g:\windows\system32\Cache\2c53092c95605355.fb
g:\windows\system32\Cache\31a0997e9a5b5eb3.fb
g:\windows\system32\Cache\32c84fe32bb74d60.fb
g:\windows\system32\Cache\3917078cb68ec657.fb
g:\windows\system32\Cache\408f74c9a7d605db.fb
g:\windows\system32\Cache\590ba23ce359fd0c.fb
g:\windows\system32\Cache\610289e025a3ee9a.fb
g:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
g:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
g:\windows\system32\Cache\6d03dad1035885d3.fb
g:\windows\system32\Cache\99f9c399fd43a1a8.fb
g:\windows\system32\Cache\a8556537add6dfc5.fb
g:\windows\system32\Cache\ad10a52aff5e038d.fb
g:\windows\system32\Cache\c1fa887b03019701.fb
g:\windows\system32\Cache\c4d28dca2e7648be.fb
g:\windows\system32\Cache\d201ef9910cd39de.fb
g:\windows\system32\Cache\d2e94710a5708128.fb
g:\windows\system32\Cache\d79b9dfe81484ec4.fb
g:\windows\system32\Cache\f998975c9cc711ee.fb
g:\windows\system32\TZLog.log
H:\setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSYSSVC
-------\Service_WsysSvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-03 do 2013-09-03 )))))))))))))))))))))))))))))))
.
.
2013-09-03 08:29 . 2013-09-03 08:29 29904 ----a-w- g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16F301F4-FC87-4A2B-AD1B-84EACC790DDF}\MpKsl4a8f53d7.sys
2013-09-03 08:14 . 2013-09-03 08:14 -------- d-----w- g:\documents and settings\All Users\Oblíbené položky
2013-09-02 08:35 . 2013-08-06 07:28 7166848 ----a-w- g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16F301F4-FC87-4A2B-AD1B-84EACC790DDF}\mpengine.dll
2013-09-01 08:04 . 2013-08-06 07:28 7166848 ----a-w- g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-27 08:17 . 2013-08-27 08:35 -------- d-----w- g:\documents and settings\Jaroslav Sedlák\Data aplikací\ZipGenius
2013-08-27 08:16 . 2013-08-27 08:33 -------- d-----w- g:\program files\ZipGenius 6
2013-08-14 14:46 . 2013-08-14 14:46 -------- d-----w- g:\documents and settings\Jaroslav Sedlák\Local Settings\Data aplikací\Opera Software
2013-08-14 14:46 . 2013-08-14 14:46 -------- d-----w- g:\documents and settings\Jaroslav Sedlák\Data aplikací\Opera Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 09:44 . 2012-04-11 17:52 692104 ----a-w- g:\windows\system32\FlashPlayerApp.exe
2013-08-15 09:44 . 2011-11-04 08:58 71048 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- g:\windows\system32\wmvdecod.dll
2013-07-25 18:11 . 2008-04-14 12:00 841216 ----a-w- g:\windows\system32\wininet.dll
2013-07-25 18:11 . 2008-04-14 12:00 1830912 ------w- g:\windows\system32\inetcpl.cpl
2013-07-25 18:11 . 2008-04-14 12:00 78336 ----a-w- g:\windows\system32\ieencode.dll
2013-07-25 18:11 . 2008-04-14 12:00 17408 ----a-w- g:\windows\system32\corpol.dll
2013-07-10 10:37 . 2008-04-14 12:00 406016 ----a-w- g:\windows\system32\usp10.dll
2013-07-07 17:59 . 2011-06-10 23:58 773800 ----a-w- g:\windows\system32\msvcr100.dll
2013-07-07 17:59 . 2011-06-10 23:58 421032 ----a-w- g:\windows\system32\msvcp100.dll
2013-07-04 07:34 . 2008-04-14 12:00 2151936 ----a-w- g:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2008-04-14 08:06 2030592 ----a-w- g:\windows\system32\ntkrnlpa.exe
2013-06-20 14:22 . 2013-06-20 14:22 94632 ----a-w- g:\windows\system32\WindowsAccessBridge.dll
2013-06-20 14:22 . 2011-12-02 07:56 144896 ----a-w- g:\windows\system32\javacpl.cpl
2013-06-20 14:22 . 2012-08-29 09:51 867240 ----a-w- g:\windows\system32\npDeployJava1.dll
2013-06-20 14:22 . 2011-12-02 07:56 789416 ----a-w- g:\windows\system32\deployJava1.dll
2013-06-18 19:50 . 2012-03-20 18:44 211560 ----a-w- g:\windows\system32\drivers\MpFilter.sys
2013-06-11 16:51 . 2013-06-11 16:51 170752 ----a-w- g:\windows\system32\drivers\snapman.sys
2013-06-11 16:51 . 2013-06-11 16:51 76768 ----a-w- g:\windows\system32\drivers\fltsrv.sys
2013-06-05 09:08 . 2008-04-14 12:00 1876736 ----a-w- g:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"= "g:\program files\OnRPG\prxtbOnR0.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
2013-06-18 11:54 231712 ----a-w- g:\program files\OnRPG\prxtbOnR0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"= "g:\program files\OnRPG\prxtbOnR0.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D22F6F66-2F47-4184-8625-FBFA4CBDB7CE}"= "g:\program files\OnRPG\prxtbOnR0.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="g:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
g:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - g:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(7b4):
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck turegopt
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
2006-03-02 09:54 290816 ------w- g:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2012-07-24 08:05 2498048 ------w- g:\program files\Rainlendar2\Rainlendar2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 13:08 3825176 ------w- g:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedFan]
2011-07-13 06:33 4615064 ------w- g:\program files\SpeedFan\speedfan.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 6"="g:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
"ctfmon.exe"=g:\windows\system32\ctfmon.exe
"Google Update"="g:\documents and settings\Jaroslav Sedlák\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="g:\program files\QuickTime\qttask.exe" -atboottime
"APSDaemon"="g:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"StartCCC"="g:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"IObit Malware Fighter"="g:\program files\IObit\IObit Malware Fighter\IMF.exe" /autostart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Zoner\\Photo Studio 13\\Program32\\Zps.exe"=
"g:\\Program Files\\Opera\\opera.exe"=
"h:\\TmNationsForever\\TmForever.exe"=
"g:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"g:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"h:\\World_of_Tanks\\WorldOfTanks.exe"=
"h:\\World_of_Tanks\\WOTLauncher.exe"=
"g:\\WINDOWS\\system32\\mmc.exe"=
"g:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"g:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"g:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"g:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"g:\\Program Files\\Maxthon\\Bin\\MxUp.exe"=
"g:\\Program Files\\Maxthon\\Bin\\Maxthon.exe"=
"g:\\Documents and Settings\\All Users\\Data aplikací\\eSafe\\eGdpSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4:TCP"= 4:TCP:Advanced SystemCare 4
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 fltsrv;Acronis Storage Filter Management;g:\windows\system32\drivers\fltsrv.sys [11.6.2013 18:51 76768]
R0 SmartDefragDriver;SmartDefragDriver;g:\windows\system32\drivers\SmartDefragDriver.sys [7.3.2013 18:50 14776]
R0 SMR310;Symantec SMR Utility Service 3.1.0;g:\windows\system32\drivers\SMR310.SYS [28.8.2012 16:29 97440]
R1 avgtp;avgtp;g:\windows\system32\drivers\avgtpx86.sys [11.10.2012 18:11 26984]
R1 MpKsl4a8f53d7;MpKsl4a8f53d7;g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16F301F4-FC87-4A2B-AD1B-84EACC790DDF}\MpKsl4a8f53d7.sys [3.9.2013 10:29 29904]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;g:\program files\IObit\Advanced SystemCare 6\ASCService.exe [24.2.2013 18:43 574272]
R2 Browser Manager;Browser Manager;g:\documents and settings\All Users\Data aplikací\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [1.8.2013 17:59 2847696]
R2 BT848;KWorld TV878 Video Capture;g:\windows\system32\drivers\cxvcap.sys [11.10.2012 18:14 63232]
R2 IMFservice;IMF Service;g:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [24.3.2012 17:12 335168]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;g:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2.12.2012 20:13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;g:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2.12.2012 20:13 1369624]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;g:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [31.1.2013 10:35 1724192]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;g:\windows\system32\drivers\AtihdXP3.sys [15.4.2012 11:14 100368]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;g:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [16.11.2012 16:51 10088]
S0 reparse;Reparse;g:\windows\system32\DRIVERS\cbreparse.sys --> g:\windows\system32\DRIVERS\cbreparse.sys [?]
S1 MoboroboAssDriver;MoboroboAssDrive;g:\windows\system32\drivers\MoboroboAssDriver.sys --> g:\windows\system32\drivers\MoboroboAssDriver.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;g:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2.12.2012 20:13 168384]
S2 WiseBootAssistant;Wise Boot Assistant;g:\program files\Wise\Wise Care 365\BootTime.exe [23.10.2012 20:47 580648]
S3 FileMonitor;FileMonitor;g:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [17.7.2013 19:40 247968]
S3 npggsvc;nProtect GameGuard Service;g:\windows\system32\GameMon.des -service --> g:\windows\system32\GameMon.des -service [?]
S3 RegFilter;RegFilter;g:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [17.7.2013 19:40 31520]
S3 SWDUMon;SWDUMon;g:\windows\system32\drivers\SWDUMon.sys [16.2.2013 10:37 13464]
S3 UrlFilter;UrlFilter;g:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [17.7.2013 19:40 17360]
S3 WDC_SAM;WD SCSI Pass Thru driver;g:\windows\system32\DRIVERS\wdcsam.sys --> g:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;g:\windows\system32\drivers\whfltr2k.sys [1.4.2013 8:39 6784]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL4A8F53D7
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-03 g:\windows\Tasks\Adobe Flash Player Updater.job
- g:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 09:44]
.
2013-07-31 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-09-03 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 06:58]
.
2013-09-03 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 06:58]
.
2013-09-03 g:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- g:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 16:05]
.
2013-07-17 g:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- g:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-02 13:07]
.
2013-08-01 g:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- g:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-02 13:07]
.
2013-09-03 g:\windows\Tasks\SmartDefragUpdate.job
- g:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-03-07 15:33]
.
2013-09-03 g:\windows\Tasks\Wise Care 365.job
- g:\program files\Wise\Wise Care 365\WiseTray.exe [2012-10-23 15:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntr ... l&tsp=4933
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=m ... 1372964299
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{3268FFAC-39F2-4058-BE09-7396DB121F4A} - (no file)
HKLM-Run-WheelMouse - g:\full-s~1\wh_exec.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-03 10:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="g:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
g:\windows\system32\Ati2evxx.dll
g:\windows\system32\atiadlxx.dll
g:\windows\system32\vorbis.dll
g:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(796)
g:\windows\system32\vorbis.dll
g:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(3396)
g:\windows\system32\vorbis.dll
g:\windows\system32\ogg.dll
g:\progra~1\WINDOW~2\wmpband.dll
g:\documents and settings\All Users\Data aplikací\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
g:\windows\system32\msi.dll
g:\windows\system32\WPDShServiceObj.dll
g:\windows\system32\PortableDeviceTypes.dll
g:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
g:\windows\system32\Ati2evxx.exe
g:\program files\Microsoft Security Client\MsMpEng.exe
g:\windows\system32\Ati2evxx.exe
g:\program files\Java\jre7\bin\jqs.exe
g:\program files\CDBurnerXP\NMSAccessU.exe
g:\program files\CyberLink\Shared files\RichVideo.exe
g:\windows\system32\wbem\wmiapsrv.exe
g:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
g:\program files\HP\Digital Imaging\bin\hpqbam08.exe
g:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2013-09-03 10:34:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-03 08:34
.
Před spuštěním: Volných bajtů: 104 596 647 936
Po spuštění: Volných bajtů: 104 815 218 688
.
- - End Of File - - 287648BD1D9F981252378CB222B73594
413FC2A0C716421B3158746D63736515

#6 Příspěvek od **Mc_Murphy** » 04 zář 2013 10:52

Doporučuji svižně odinstalovat Advanced SystemCare 6 a následně i vše od IObit (IObit Malware Fighter). Jsou to čínské šmejdy, které hledají nesmyslné a neexistující problémy. Tvůrci software ukradli databázi havěti jiné renomované společnosti a účinek na PC je spíše nulový až negativní.

Odinstaluj Spybot - Search & Destroy. Program má svá nejlepší léta již dávno za sebou a není schopen čelit aktuálním hrozbám.

Program TuneUp Utilities doporučuji také svižně odinstalovat. Pokud budeš jeho prostřednictvím něco v systému měnit, jsi na nejlepší cestě poškodit systém. Takové jsou naše zkušenosti.

Pokud jsi tak ještě neučinil, přesuň ComboFix do kořenového adresáře G:\.

Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> stiskni [Enter]).
Zkopíruj do něj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"=-
[-HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D22F6F66-2F47-4184-8625-FBFA4CBDB7CE}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedFan]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 6"=-
"Google Update"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"StartCCC"=-
"IObit Malware Fighter"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=-
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=-
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=-
"g:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4:TCP"=-

Driver::
avgtp
AdvancedSystemCareService6
SDScannerService
SDUpdateService
TuneUp.UtilitiesSvc
TuneUpUtilitiesDrv

File::
g:\windows\system32\drivers\avgtpx86.sys
g:\windows\Tasks\Adobe Flash Player Updater.job
g:\windows\Tasks\AppleSoftwareUpdate.job
g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
g:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
g:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
g:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
g:\windows\Tasks\SmartDefragUpdate.job
g:\windows\Tasks\Wise Care 365.job

DDS::
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ ... l&tsp=4933
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_m ... 1372964299
IE: Crawler Search - tbr:iemenu

Folder::
g:\program files\OnRPG

ClearJavaCache::

AtJob::

Reboot::

Ulož vytvořený TXT jako G:\CFScript.txt
Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

bobjara · #7 Příspěvek od **bobjara** » 04 zář 2013 15:24

Zdravím, díky za nápovědu, doufám že jsem nic nezkazil. Zde je log.

ComboFix 13-09-02.02 - Jaroslav Sedlák 04.09.2013 16:07:16.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1455 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
Použité ovládací přepínače :: G:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"g:\windows\system32\drivers\avgtpx86.sys"
"g:\windows\Tasks\Adobe Flash Player Updater.job"
"g:\windows\Tasks\AppleSoftwareUpdate.job"
"g:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"g:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"g:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job"
"g:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job"
"g:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job"
"g:\windows\Tasks\SmartDefragUpdate.job"
"g:\windows\Tasks\Wise Care 365.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\program files\OnRPG
g:\program files\OnRPG\GottenAppsContextMenu.xml
g:\program files\OnRPG\hk64tbOnR0.dll
g:\program files\OnRPG\hktbOnR0.dll
g:\program files\OnRPG\ldrtbOnR0.dll
g:\program files\OnRPG\ldrtbOnRP.dll
g:\program files\OnRPG\OnRPGToolbarHelper.exe
g:\program files\OnRPG\OnRPGToolbarHelper1.exe
g:\program files\OnRPG\OtherAppsContextMenu.xml
g:\program files\OnRPG\prxtbOnR0.dll
g:\program files\OnRPG\prxtbOnRP.dll
g:\program files\OnRPG\SharedAppsContextMenu.xml
g:\program files\OnRPG\tbOnR0.dll
g:\program files\OnRPG\tbOnRP.dll
g:\program files\OnRPG\toolbar.cfg
g:\program files\OnRPG\ToolbarContextMenu.xml
g:\program files\OnRPG\uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Legacy_TUNEUPUTILITIESDRV
-------\Service_avgtp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-04 do 2013-09-04 )))))))))))))))))))))))))))))))
.
.
2013-09-04 14:03 . 2013-09-04 14:03 29904 ----a-w- g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4E07EE53-33DF-46DB-A77C-CB864F69A352}\MpKsl61951570.sys
2013-09-04 14:00 . 2013-08-06 07:28 7166848 ----a-w- g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4E07EE53-33DF-46DB-A77C-CB864F69A352}\mpengine.dll
2013-09-03 08:53 . 2013-09-03 08:53 -------- d-----w- G:\rsit
2013-09-03 08:53 . 2013-09-03 08:53 -------- d-----w- g:\program files\trend micro
2013-09-03 08:39 . 2013-08-06 07:28 7166848 ----a-w- g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-03 08:14 . 2013-09-03 08:14 -------- d-----w- g:\documents and settings\All Users\Oblíbené položky
2013-08-27 08:17 . 2013-08-27 08:35 -------- d-----w- g:\documents and settings\Jaroslav Sedlák\Data aplikací\ZipGenius
2013-08-27 08:16 . 2013-08-27 08:33 -------- d-----w- g:\program files\ZipGenius 6
2013-08-14 14:46 . 2013-08-14 14:46 -------- d-----w- g:\documents and settings\Jaroslav Sedlák\Local Settings\Data aplikací\Opera Software
2013-08-14 14:46 . 2013-08-14 14:46 -------- d-----w- g:\documents and settings\Jaroslav Sedlák\Data aplikací\Opera Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 09:44 . 2012-04-11 17:52 692104 ----a-w- g:\windows\system32\FlashPlayerApp.exe
2013-08-15 09:44 . 2011-11-04 08:58 71048 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- g:\windows\system32\wmvdecod.dll
2013-07-25 18:11 . 2008-04-14 12:00 841216 ----a-w- g:\windows\system32\wininet.dll
2013-07-25 18:11 . 2008-04-14 12:00 1830912 ------w- g:\windows\system32\inetcpl.cpl
2013-07-25 18:11 . 2008-04-14 12:00 78336 ----a-w- g:\windows\system32\ieencode.dll
2013-07-25 18:11 . 2008-04-14 12:00 17408 ----a-w- g:\windows\system32\corpol.dll
2013-07-10 10:37 . 2008-04-14 12:00 406016 ----a-w- g:\windows\system32\usp10.dll
2013-07-07 17:59 . 2011-06-10 23:58 773800 ----a-w- g:\windows\system32\msvcr100.dll
2013-07-07 17:59 . 2011-06-10 23:58 421032 ----a-w- g:\windows\system32\msvcp100.dll
2013-07-04 07:34 . 2008-04-14 12:00 2151936 ----a-w- g:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2008-04-14 08:06 2030592 ----a-w- g:\windows\system32\ntkrnlpa.exe
2013-06-20 14:22 . 2013-06-20 14:22 94632 ----a-w- g:\windows\system32\WindowsAccessBridge.dll
2013-06-20 14:22 . 2011-12-02 07:56 144896 ----a-w- g:\windows\system32\javacpl.cpl
2013-06-20 14:22 . 2012-08-29 09:51 867240 ----a-w- g:\windows\system32\npDeployJava1.dll
2013-06-20 14:22 . 2011-12-02 07:56 789416 ----a-w- g:\windows\system32\deployJava1.dll
2013-06-18 19:50 . 2012-03-20 18:44 211560 ----a-w- g:\windows\system32\drivers\MpFilter.sys
2013-06-11 16:51 . 2013-06-11 16:51 170752 ----a-w- g:\windows\system32\drivers\snapman.sys
2013-06-11 16:51 . 2013-06-11 16:51 76768 ----a-w- g:\windows\system32\drivers\fltsrv.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="g:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
g:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - g:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(7ac):
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=g:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"APSDaemon"="g:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Zoner\\Photo Studio 13\\Program32\\Zps.exe"=
"g:\\Program Files\\Opera\\opera.exe"=
"h:\\TmNationsForever\\TmForever.exe"=
"g:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"g:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"h:\\World_of_Tanks\\WorldOfTanks.exe"=
"h:\\World_of_Tanks\\WOTLauncher.exe"=
"g:\\WINDOWS\\system32\\mmc.exe"=
"g:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"g:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"g:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"g:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"g:\\Program Files\\Maxthon\\Bin\\MxUp.exe"=
"g:\\Program Files\\Maxthon\\Bin\\Maxthon.exe"=
"g:\\Documents and Settings\\All Users\\Data aplikací\\eSafe\\eGdpSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 fltsrv;Acronis Storage Filter Management;g:\windows\system32\drivers\fltsrv.sys [11.6.2013 18:51 76768]
R0 SMR310;Symantec SMR Utility Service 3.1.0;g:\windows\system32\drivers\SMR310.SYS [28.8.2012 16:29 97440]
R1 MpKsl61951570;MpKsl61951570;g:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4E07EE53-33DF-46DB-A77C-CB864F69A352}\MpKsl61951570.sys [4.9.2013 16:03 29904]
R2 Browser Manager;Browser Manager;g:\documents and settings\All Users\Data aplikací\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [1.8.2013 17:59 2847696]
R2 BT848;KWorld TV878 Video Capture;g:\windows\system32\drivers\cxvcap.sys [11.10.2012 18:14 63232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;g:\windows\system32\drivers\AtihdXP3.sys [15.4.2012 11:14 100368]
S0 reparse;Reparse;g:\windows\system32\DRIVERS\cbreparse.sys --> g:\windows\system32\DRIVERS\cbreparse.sys [?]
S1 MoboroboAssDriver;MoboroboAssDrive;g:\windows\system32\drivers\MoboroboAssDriver.sys --> g:\windows\system32\drivers\MoboroboAssDriver.sys [?]
S2 WiseBootAssistant;Wise Boot Assistant;g:\program files\Wise\Wise Care 365\BootTime.exe [23.10.2012 20:47 580648]
S3 npggsvc;nProtect GameGuard Service;g:\windows\system32\GameMon.des -service --> g:\windows\system32\GameMon.des -service [?]
S3 SWDUMon;SWDUMon;g:\windows\system32\drivers\SWDUMon.sys [16.2.2013 10:37 13464]
S3 WDC_SAM;WD SCSI Pass Thru driver;g:\windows\system32\DRIVERS\wdcsam.sys --> g:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;g:\windows\system32\drivers\whfltr2k.sys [1.4.2013 8:39 6784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-04 g:\windows\Tasks\Adobe Flash Player Updater.job
- g:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 09:44]
.
2013-09-04 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-09-04 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 06:58]
.
2013-09-04 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 06:58]
.
2013-09-04 g:\windows\Tasks\Wise Care 365.job
- g:\program files\Wise\Wise Care 365\WiseTray.exe [2012-10-23 15:24]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-OnRPG Toolbar - g:\program files\OnRPG\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-04 16:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="g:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
g:\windows\system32\Ati2evxx.dll
g:\windows\system32\atiadlxx.dll
g:\windows\system32\vorbis.dll
g:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(812)
g:\windows\system32\vorbis.dll
g:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(2904)
g:\windows\system32\vorbis.dll
g:\windows\system32\ogg.dll
g:\progra~1\WINDOW~2\wmpband.dll
g:\documents and settings\All Users\Data aplikací\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
g:\windows\system32\msi.dll
g:\windows\system32\WPDShServiceObj.dll
g:\windows\system32\PortableDeviceTypes.dll
g:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
g:\windows\system32\Ati2evxx.exe
g:\program files\Microsoft Security Client\MsMpEng.exe
g:\windows\system32\Ati2evxx.exe
g:\program files\Java\jre7\bin\jqs.exe
g:\program files\CDBurnerXP\NMSAccessU.exe
g:\program files\CyberLink\Shared files\RichVideo.exe
g:\windows\system32\wbem\wmiapsrv.exe
g:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
g:\program files\HP\Digital Imaging\bin\hpqbam08.exe
g:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2013-09-04 16:17:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-04 14:17
ComboFix2.txt 2013-09-03 08:34
.
Před spuštěním: Volných bajtů: 104 209 358 848
Po spuštění: Volných bajtů: 104 244 006 912
.
- - End Of File - - 9072A8C628241A5180963BB756378A39
413FC2A0C716421B3158746D63736515

#8 Příspěvek od **Mc_Murphy** » 05 zář 2013 08:19

Odinstaluj ComboFix.

Klikni na Start >> Spustit... (nebo stiskni klávesy Win+R) a do okna napiš ComboFix /Uninstall
Mezi ComboFix a /Uninstall je mezera!
Příkaz potvrď klávesou [Enter].

Stáhni Junkware Removal Tool - http://thisisudax.org/downloads/JRT.exe

Ulož jej nejlépe na Plochu.
Po spuštění se zobrazí licenční podmínky, stiskni libovolnou klávesu.
Proběhne vytvoření zálohy a následně prohledávání.
Proběhne scanováni a pak se objeví log, který bude případně uložen v C:\JRT jako JRT.txt, ten mi sem vlož.

bobjara · #9 Příspěvek od **bobjara** » 05 zář 2013 15:19

Zdravím, snad jsem to udělal dobře.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Microsoft Windows XP x86
Ran by Jaroslav Sedl k on źt 05.09.2013 at 16:07:40,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] browser manager
Failed to delete: [Service] browser manager

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protocols\handler\tbr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\smbarbroker.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15d2d75c-9cb2-4efd-bad7-b9b4cb4bc693}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}

~~~ Files

Successfully deleted: [File] "G:\WINDOWS\Tasks\wise care 365.job"
Successfully deleted: [File] "G:\WINDOWS\system32\roboot.exe"
Successfully disinfected: [Shortcut] G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

~~~ Folders

Successfully deleted: [Folder] "G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\babylon"
Successfully deleted: [Folder] "G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\desk 365"
Successfully deleted: [Folder] "G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\fighters"
Successfully deleted: [Folder] "G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\file scout"
Successfully deleted: [Folder] "G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\opencandy"
Successfully deleted: [Folder] "G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\pricegong"
Successfully deleted: [Folder] "G:\Documents and Settings\Jaroslav Sedl k\Data aplikacˇ\systweak"
Successfully deleted: [Folder] "G:\Program Files\conduit"
Successfully deleted: [Folder] "G:\Program Files\crawler"
Successfully deleted: [Folder] "G:\Program Files\Common Files\software update utility"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 05.09.2013 at 16:13:25,45
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~

#10 Příspěvek od **Mc_Murphy** » 05 zář 2013 18:41

Stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulož jej nejlépe na Plochu.
Ukonči všechny programy!!
Spusť AdwCleaner.
Pokud používáš operační systém Windows Vista či Windows 7, klikni na AdwCleaner pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Klikni na tlačítko [Scan].
Proběhne scan.
Po kliknutí na tlačítko [Report] na Tebe vyskočí log - jeho obsah mi sem vlož.
Log bude případně uložen na systémovém disku jako C:\AdwCleaner\AdwCleaner[R?].txt.

bobjara · #11 Příspěvek od **bobjara** » 05 zář 2013 19:13

# AdwCleaner v3.002 - Report created 05/09/2013 at 20:03:54
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jaroslav Sedlák - JAROSLAV-82EA64
# Running from : G:\Documents and Settings\Jaroslav Sedlák\Plocha\adwcleaner (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\bProtector Web Data
File Found : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Found G:\Documents and Settings\All Users\Data aplikací\Ask
Folder Found G:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found G:\Documents and Settings\All Users\Data aplikací\Browser Manager
Folder Found G:\Documents and Settings\All Users\Data aplikací\eSafe
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\337
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\eIntaller
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\Omiga Plus
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\WinZipper
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\apn
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Conduit
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\cre
Folder Found G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\OnRPG
Folder Found G:\Documents and Settings\NetworkService\Local Settings\Data aplikací\OnRPG
Folder Found G:\Program Files\Common Files\DVDVideoSoft\TB
Folder Found G:\Program Files\Omiga Plus

***** [ Shortcuts ] *****

Shortcut Found : G:\Documents and Settings\Jaroslav Sedlák\Plocha\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=m ... 1372964299 )
Shortcut Found : G:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=m ... 1372964299 )
Shortcut Found : G:\Documents and Settings\Jaroslav Sedlák\Nabídka Start\Programy\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=m ... 1372964299 )
Shortcut Found : G:\Documents and Settings\Jaroslav Sedlák\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=m ... 1372964299 )
Shortcut Found : G:\Documents and Settings\Jaroslav Sedlák\Nabídka Start\Programy\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=m ... 1372964299 )

***** [ Registry ] *****

Key Found : HKCU\Software\d558f8fe13cbe49
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\OnRPG
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C769B88-6438-4A74-B9AE-FAAA044F7097}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EA31D52B-8164-4BF4-B6B7-31DF4C33C014}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\d558f8fe13cbe49
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD8A8AF-2FD8-4EE1-8865-0CF6C1E606BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F80A2EE7-4195-4DCE-BA01-576397ECED76}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C769B88-6438-4A74-B9AE-FAAA044F7097}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\Software\omigaplusSvc
Key Found : HKLM\Software\OnRPG
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : HKLM\Software\V9
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Product Found : Google Update Helper
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [G:\Documents and Settings\All Users\Data aplikací\eSafe\eGdpSvc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21348

-\\ Google Chrome v

[ File : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7491 octets] - [05/09/2013 20:03:54]

########## EOF - G:\AdwCleaner\AdwCleaner[R0].txt - [7551 octets] ##########

#12 Příspěvek od **Mc_Murphy** » 05 zář 2013 19:58

Provedeme opravy.

Ukonči všechny programy!!
Spusť AdwCleaner znovu.
Pokud používáš operační systém Windows Vista či Windows 7, klikni na AdwCleaner pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Klikni na tlačítko [Clean].
Proběhne vyčištění.
Po restartu PC\NTB na Tebe vyskočí log - jeho obsah mi sem vlož.
Log může být zobrazen také kliknutím na tlačítko [Report] nebo bude případně uložen na systémovém disku jako C:\AdwCleaner\AdwCleaner[S?].txt.

bobjara · #13 Příspěvek od **bobjara** » 06 zář 2013 14:42

Zdravím, hezký den, ze je log.

# AdwCleaner v3.002 - Report created 06/09/2013 at 15:31:41
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jaroslav Sedlák - JAROSLAV-82EA64
# Running from : G:\Documents and Settings\Jaroslav Sedlák\Plocha\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : G:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : G:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : G:\Documents and Settings\All Users\Data aplikací\Browser Manager
Folder Deleted : G:\Documents and Settings\All Users\Data aplikací\eSafe
Folder Deleted : G:\Program Files\Omiga Plus
Folder Deleted : G:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : G:\Documents and Settings\NetworkService\Local Settings\Data aplikací\OnRPG
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\apn
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Conduit
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\cre
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\OnRPG
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\337
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\eIntaller
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\Omiga Plus
Folder Deleted : G:\Documents and Settings\Jaroslav Sedlák\Data aplikací\WinZipper
File Deleted : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\bprotectorpreferences

***** [ Shortcuts ] *****

Shortcut Disinfected : G:\Documents and Settings\Jaroslav Sedlák\Plocha\Google Chrome.lnk
Shortcut Disinfected : G:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
Shortcut Disinfected : G:\Documents and Settings\Jaroslav Sedlák\Nabídka Start\Programy\Internet Explorer.lnk
Shortcut Disinfected : G:\Documents and Settings\Jaroslav Sedlák\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk
Shortcut Disinfected : G:\Documents and Settings\Jaroslav Sedlák\Nabídka Start\Programy\Google Chrome\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\d558f8fe13cbe49
Key Deleted : HKLM\SOFTWARE\d558f8fe13cbe49
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA31D52B-8164-4BF4-B6B7-31DF4C33C014}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C769B88-6438-4A74-B9AE-FAAA044F7097}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C769B88-6438-4A74-B9AE-FAAA044F7097}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F80A2EE7-4195-4DCE-BA01-576397ECED76}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD8A8AF-2FD8-4EE1-8865-0CF6C1E606BB}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [G:\Documents and Settings\All Users\Data aplikací\eSafe\eGdpSvc.exe]
Key Deleted : HKCU\Software\OnRPG
Key Deleted : HKLM\Software\omigaplusSvc
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\OnRPG
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Product Deleted : Google Update Helper

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21348

-\\ Google Chrome v

[ File : G:\Documents and Settings\Jaroslav Sedlák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7631 octets] - [05/09/2013 20:03:54]
AdwCleaner[S0].txt - [7183 octets] - [06/09/2013 15:31:41]

########## EOF - G:\AdwCleaner\AdwCleaner[S0].txt - [7243 octets] ##########

#14 Příspěvek od **Mc_Murphy** » 06 zář 2013 14:53

Hezký den i Tobě. Pokračujeme.

Stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ulož jej nejlépe na Plochu.
Ukonči všechny programy!
Spusť RogueKiller. Pokud používáš operační systém Windows Vista či Windows 7, klikni na jeho ikonu pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Počkej, než program dokončí Prescan.
Potom klikni na tlačítko [Prohledat] a počkej, až prohlídka proběhne.
Klikni na tlačítko [Zpráva] - otevře se log, ten mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://forum.viry.cz/viewtopic.php?f=24&t=120452

bobjara · #15 Příspěvek od **bobjara** » 06 zář 2013 15:21

Tady je

RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Jaroslav Sedlák [Práva správce]
Mód : Kontrola -- Datum : 09/06/2013 16:16:49
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 1 ¤¤¤
[All Users][SUSP UNIC] HP Digital Imaging Monitor.lnk : G:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk @G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3160811AS +++++
--- User ---
[MBR] 4e8b4d473a48c365675bdb5e02d77672
[BSP] 1c234b473ec4a467b9b75fafa0a4ba15 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160811AS +++++
--- User ---
[MBR] a47975708a83793d810c278c1d20138b
[BSP] 891bfa9c2a846096fe35991cdac09ed3 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20496 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 41977845 | Size: 55811 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3160811AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_S_09062013_161649.txt >>

VIRY.CZ

Dobrý den, prosím o kontrolu logu

Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu

Re: Dobrý den, prosím o kontrolu logu