Nějaký vir

Zpráva

Jirka26 · #1 Příspěvek od **Jirka26** » 24 říj 2013 08:44

Ahoj, prosím mohli by jste mi pomoci s pravděpodobně zavirovaným PC?

Snažil jsem se nainstalovat driver na tiskárnu a asi se s ním stáhlo i něco nedobrého. Zkoušel jsem různé antiviry/antispywary a částečně jsem už něco odstranil, ale pořád v něm asi něco je, protože pokud se pokusím stáhnout cokoliv z netu, tak se to téměř vždy zablokuje a nic se nestáhne.

Zde je log z RSITu. Děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Martina at 2013-10-24 09:27:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 196 GB (82%) free of 238 GB
Total RAM: 2037 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:28:58, on 24.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DiVapton\updateDiVapton.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\AppsHat\WebPlayer.exe
C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\FLV Player\WebPlayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\DOCUME~1\Martina\LOCALS~1\Temp\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Z:\Magic940\mgrntw.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
c:\docume~1\martina\locals~1\temp\teamviewer\version5\TeamViewer_Desktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe
C:\Documents and Settings\Martina\Dokumenty\RSIT.exe
C:\Program Files\trend micro\Martina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60446
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll
O2 - BHO: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~1\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll
O2 - BHO: DiVapton - {3bf42771-1b8a-4910-b3dc-eb330e40020a} - C:\Program Files\DiVapton\DiVaptonbho.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Minibar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~1\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S147.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\???\???\???\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\GoogleUpdate.exe" >
O4 - HKCU\..\Run: [AppsHat] C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\AppsHat\WebPlayer.exe
O4 - HKCU\..\Run: [FLV Player] C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\FLV Player\WebPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\Minibar.dll
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mojebanka.cz
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3030243404
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe
O23 - Service: SafetyNut Manager (SafetyNutManager) - SafetyNut Inc. - C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe
O23 - Service: Samsung UPD Service2 - Samsung Electronics - C:\WINDOWS\system32\SUPDSvc2.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: Update DiVapton - DiVapton - C:\Program Files\DiVapton\updateDiVapton.exe

--
End of file - 9705 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{356F6231-122B-4D75-991D-E9777A26F13F}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C12AB4B9-0A18-4946-A9B1-E12482487CD3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}]
Movies Toolbar (Dist. by Somoto Ltd.) - C:\PROGRA~1\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll [2013-08-19 92560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3bf42771-1b8a-4910-b3dc-eb330e40020a}]
DiVapton - C:\Program Files\DiVapton\DiVaptonbho.dll [2013-10-01 249624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-06-17 651968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-10-23 873664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-20 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]
MinibarBHO - C:\Program Files\Minibar\Minibar.dll [2013-09-19 331264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-20 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2013-06-17 781504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - Movies Toolbar (Dist. by Somoto Ltd.) - C:\PROGRA~1\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll [2013-08-19 92560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-03-26 19522592]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-08-15 614400]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2010-12-03 141368]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 995176]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus DX7400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]
"Google Update"= []
"AppsHat"=C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\AppsHat\WebPlayer.exe [2012-10-26 202752]
"FLV Player"=C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\FLV Player\WebPlayer.exe [2012-10-26 202752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2012-09-07 2777296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2012-09-07 2777296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-09-07 3673808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-09-07 3673808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\DOCUME~1\ALLUSE~1\DATAAP~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2013-06-17 200384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-10-24 09:27:11 ----D---- C:\Program Files\trend micro
2013-10-24 09:27:04 ----D---- C:\rsit
2013-10-23 19:18:23 ----D---- C:\Program Files\Kaspersky Lab
2013-10-23 19:18:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2013-10-23 19:18:13 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2013-10-23 19:18:13 ----A---- C:\WINDOWS\system32\drivers\klflt.sys
2013-10-23 19:15:11 ----D---- C:\Program Files\Microsoft.NET
2013-10-23 12:08:29 ----D---- C:\Documents and Settings\Martina\Data aplikací\Minibar
2013-10-23 12:08:01 ----D---- C:\Program Files\Minibar
2013-10-23 12:07:51 ----D---- C:\Program Files\DiVapton
2013-10-23 12:07:42 ----D---- C:\Documents and Settings\Martina\Data aplikací\searchresultstb
2013-10-23 12:07:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Wincert
2013-10-23 12:07:22 ----D---- C:\Documents and Settings\Martina\Data aplikací\somotomoviestoolbar1
2013-10-23 12:07:04 ----D---- C:\Program Files\Movies Toolbar
2013-10-23 12:07:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\SafetyNut
2013-10-23 12:03:01 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2013-10-11 12:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 12:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 12:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 12:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 12:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$

======List of files/folders modified in the last 1 month======

2013-10-24 09:27:38 ----D---- C:\WINDOWS\Temp
2013-10-24 09:27:11 ----RD---- C:\Program Files
2013-10-24 09:26:05 ----D---- C:\WINDOWS\Prefetch
2013-10-24 07:14:47 ----D---- C:\WINDOWS\system32
2013-10-24 07:04:38 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-24 07:04:16 ----HD---- C:\WINDOWS\inf
2013-10-24 07:03:58 ----D---- C:\WINDOWS
2013-10-24 07:03:10 ----D---- C:\Program Files\Google
2013-10-24 07:02:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-24 06:55:36 ----D---- C:\WINDOWS\system32\config
2013-10-23 22:53:21 ----RSD---- C:\WINDOWS\assembly
2013-10-23 22:53:21 ----D---- C:\WINDOWS\Microsoft.NET
2013-10-23 19:29:35 ----SHD---- C:\WINDOWS\Installer
2013-10-23 19:29:01 ----D---- C:\WINDOWS\system32\drivers
2013-10-23 19:19:47 ----SHD---- C:\System Volume Information
2013-10-23 19:17:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-23 19:15:45 ----D---- C:\WINDOWS\WinSxS
2013-10-23 19:15:21 ----D---- C:\WINDOWS\system32\en-US
2013-10-23 18:36:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2013-10-17 12:00:57 ----D---- C:\Program Files\Microsoft Security Client
2013-10-11 13:17:53 ----D---- C:\Program Files\Internet Explorer
2013-10-11 12:12:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-10-11 12:09:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-10-11 12:08:47 ----A---- C:\WINDOWS\imsins.BAK
2013-10-11 12:08:38 ----D---- C:\WINDOWS\system32\MRT
2013-10-11 12:04:04 ----A---- C:\WINDOWS\system32\MRT.exe
2013-10-09 08:01:42 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-25 13:57:44 ----D---- C:\epv32-csu

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fltsrv;Acronis Storage Filter Management; C:\WINDOWS\system32\DRIVERS\fltsrv.sys [2013-08-31 76768]
R0 kl1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2013-10-23 135776]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2013-10-23 573024]
R1 klpd;klpd; C:\WINDOWS\system32\DRIVERS\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi; C:\WINDOWS\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
R1 kneps;kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [2013-06-06 145120]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aksfridge;Sentinel HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2010-09-27 356864]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-03-26 5883936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2013-04-19 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [2013-10-23 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2013-10-23 24672]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-07-27 44032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 akshasp;SafeNet Inc. HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2010-09-27 238208]
S3 akshhl;SafeNet Inc. Sentinel HASP Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2010-09-27 46336]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2010-12-23 19968]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 GenericMount;Generic Mount Driver; C:\WINDOWS\system32\DRIVERS\GenericMount.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2009-03-19 50432]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2011-01-12 25088]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2013-10-23 214512]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2010-09-27 4180576]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-20 182184]
R2 SafetyNutManager;SafetyNut Manager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [2013-10-09 3422728]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2012-09-07 587472]
R2 Update DiVapton;Update DiVapton; C:\Program Files\DiVapton\updateDiVapton.exe [2013-10-01 65304]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-19 136176]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 22208]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-19 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Samsung UPD Service2;Samsung UPD Service2; C:\WINDOWS\system32\SUPDSvc2.exe [2012-04-06 129536]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 24 říj 2013 11:12

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Jirka26 · #3 Příspěvek od **Jirka26** » 25 říj 2013 13:03

Dobrý den, tady je log z combofixu.

Dival jsem se, že je v logu spusteny MS essentials, i když ten tam být neměl. Snažil jsem se ho odstranit, ale asi se to nepovedlo.
Nicmeně v "Přidat odebrat programy" v ovladacím panelu není a nenašel jsem ho ani mezi spuštěnými procesy v task manageru. Abych řekl pravdu, tak nevím, jak jej odstranit. Možná snad jen přeinstalací.. Je to velký problém, když byl zapnutý? Znehodnotil práci Combofixu?

ComboFix 13-10-24.01 - Martina 25.10.2013 11:08:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1362 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martina\Dokumenty\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Martina\LOCALS~1\DATAAP~1\Google\Desktop\Install
c:\docume~1\Martina\LOCALS~1\DATAAP~1\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\C3C1~1\01C8~1\CFFE~1\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\@
c:\docume~1\Martina\LOCALS~1\Temp\TeamViewer\Version5\TeamViewer.exe
c:\docume~1\Martina\LOCALS~1\Temp\TeamViewer\Version5\TeamViewer_Resource_cs.dll
c:\docume~1\Martina\LOCALS~1\Temp\TeamViewer\Version5\TV.dll
c:\documents and settings\Martina\Local Settings\Temp\TeamViewer\Version5\TeamViewer.exe
c:\documents and settings\Martina\Local Settings\Temp\TeamViewer\Version5\TeamViewer_Resource_cs.dll
c:\documents and settings\Martina\Local Settings\Temp\TeamViewer\Version5\TV.dll
c:\documents and settings\Martina\WINDOWS
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\0103~1\0103~1\CFFE~1\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\@
c:\program files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\0103~1\0103~1\CFFE~1\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\L\00000004.@
c:\program files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\0103~1\0103~1\CFFE~1\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\L\201d3dde
c:\program files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\0103~1\0103~1\CFFE~1\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\L\76603ac3
c:\program files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\0103~1\0103~1\CFFE~1\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\U\00000008.@
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-25 do 2013-10-25 )))))))))))))))))))))))))))))))
.
.
2013-10-24 09:37 . 2013-10-24 09:37 -------- d-----w- c:\documents and settings\Martina\Local Settings\Data aplikací\HP
2013-10-24 08:40 . 2013-10-24 08:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2013-10-24 08:38 . 2013-10-24 08:38 -------- d-----w- c:\documents and settings\All Users\Documents
2013-10-24 08:38 . 2013-10-24 08:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Hewlett-Packard
2013-10-24 08:37 . 2010-09-19 13:51 167480 ----a-w- c:\windows\system32\hppccompio.dll
2013-10-24 08:37 . 2010-09-23 12:05 299008 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp101.dll
2013-10-24 08:37 . 2010-09-23 12:05 176128 ----a-w- c:\windows\system32\hpcpn101.dll
2013-10-24 07:55 . 2010-12-14 20:07 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2013-10-24 07:55 . 2010-12-14 20:07 751160 ----a-w- c:\windows\system32\hpptsp06.dll
2013-10-24 07:55 . 2010-12-14 20:06 26648 ----a-w- c:\windows\system32\drivers\hppcgenio.sys
2013-10-24 07:55 . 2010-12-14 20:06 755256 ----a-w- c:\windows\system32\hpxp1530.dll
2013-10-24 07:55 . 2010-12-14 20:07 188416 ----a-w- c:\windows\system32\hpmldmfax01.dll
2013-10-24 07:55 . 2010-12-14 20:07 21528 ----a-w- c:\windows\system32\drivers\hppcfaxio.sys
2013-10-24 07:55 . 2010-12-14 20:06 59928 ----a-w- c:\windows\system32\hppcfaxcompio.dll
2013-10-24 07:55 . 2010-12-14 20:08 188416 ----a-w- c:\windows\system32\hpmldm01.dll
2013-10-24 07:55 . 2010-12-14 20:06 20504 ----a-w- c:\windows\system32\drivers\hppcbulkio.sys
2013-10-24 07:55 . 2010-12-14 20:07 238080 ----a-w- c:\windows\system32\hpbcoins32.dll
2013-10-24 07:54 . 2013-10-24 08:38 -------- d-----w- c:\program files\HP
2013-10-24 07:45 . 2013-10-24 07:45 -------- d-----w- C:\M1530_MFP_Series_Basic_Solution
2013-10-24 07:27 . 2013-10-24 07:28 -------- d-----w- c:\program files\trend micro
2013-10-24 07:27 . 2013-10-24 07:29 -------- d-----w- C:\rsit
2013-10-23 17:18 . 2013-10-25 07:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2013-10-23 17:18 . 2013-10-23 17:18 -------- d-----w- c:\program files\Kaspersky Lab
2013-10-23 17:18 . 2013-06-08 18:18 93280 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-10-23 17:15 . 2013-10-23 17:15 -------- d-----w- c:\program files\Microsoft.NET
2013-10-23 10:40 . 2013-10-23 10:40 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2013-10-23 10:08 . 2013-10-23 10:08 -------- d-----w- c:\documents and settings\Martina\Data aplikací\Minibar
2013-10-23 10:08 . 2013-10-23 10:08 -------- d-----w- c:\documents and settings\Martina\Local Settings\Data aplikací\AppsHat Mobile Apps
2013-10-23 10:08 . 2013-10-23 10:08 -------- d-----w- c:\documents and settings\Martina\Local Settings\Data aplikací\WebPlayer
2013-10-23 10:08 . 2013-10-23 10:08 -------- d-----w- c:\documents and settings\Martina\Local Settings\Data aplikací\Minibar
2013-10-23 10:08 . 2013-10-23 10:08 -------- d-----w- c:\program files\Minibar
2013-10-23 10:07 . 2013-10-24 10:08 -------- d-----w- c:\program files\DiVapton
2013-10-23 10:07 . 2013-10-23 10:07 -------- d-----w- c:\documents and settings\Martina\AppData
2013-10-23 10:07 . 2013-10-23 10:07 -------- d-----w- c:\documents and settings\Martina\Data aplikací\searchresultstb
2013-10-23 10:07 . 2013-10-23 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Wincert
2013-10-23 10:07 . 2013-10-23 10:07 -------- d-----w- c:\documents and settings\Martina\Local Settings\Data aplikací\somotomoviestoolbar1
2013-10-23 10:07 . 2013-10-23 10:26 -------- d-----w- c:\documents and settings\Martina\Data aplikací\somotomoviestoolbar1
2013-10-23 10:07 . 2013-10-25 09:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SafetyNut
2013-10-23 10:07 . 2013-10-23 10:07 -------- d-----w- c:\program files\Movies Toolbar
2013-10-23 05:01 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1D9A3A32-C5AA-44D3-A4AB-9CD45904227F}\mpengine.dll
2013-10-21 10:00 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-11 04:48 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-11 04:48 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 04:48 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-11 04:48 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 04:47 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-11 04:47 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-11 04:47 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-23 17:28 . 2013-05-05 20:42 24672 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-10-23 17:28 . 2013-05-06 07:22 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-10-23 17:28 . 2013-05-05 20:42 24160 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-10-09 06:01 . 2012-06-08 06:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 06:01 . 2011-06-22 06:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2007-10-29 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2007-10-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2007-10-29 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2007-10-29 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-31 10:37 . 2013-08-31 10:37 23776770 ----a-w- C:\partitionMagic.ZIP
2013-08-31 10:21 . 2013-08-31 10:21 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-08-31 10:21 . 2013-08-31 10:21 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-08-31 10:19 . 2013-08-31 10:19 190872968 ----a-w- C:\Acronis_Disk_Director_11_Home_Demoverze_CZ.exe
2013-08-31 09:17 . 2013-08-31 09:17 125497040 ----a-w- C:\NGH150_AllWin_EnglishTryBuy30.exe
2013-08-29 07:01 . 2007-10-29 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-20 07:29 . 2013-08-20 07:29 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-20 07:29 . 2013-08-20 07:29 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-20 07:29 . 2012-09-27 17:05 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-09 01:56 . 2007-10-29 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2007-10-29 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2010-12-23 08:18 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2007-10-29 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2007-10-29 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-15 614400]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2012-09-07 00:02 2777296 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
2012-09-07 00:02 2777296 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2012-09-07 00:03 3673808 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
2012-09-07 00:03 3673808 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [31.8.2013 12:21 76768]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12.4.2013 15:34 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [14.5.2013 17:34 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [6.6.2013 17:38 145120]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [27.12.2011 11:45 32768]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 84520]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SafetyNutManager;SafetyNut Manager;c:\program files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [23.10.2013 12:07 3422728]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [27.12.2011 11:45 587472]
R2 Update DiVapton;Update DiVapton;c:\program files\DiVapton\updateDiVapton.exe [1.10.2013 3:04 65304]
R2 Util DiVapton;Util DiVapton;c:\program files\DiVapton\bin\utilDiVapton.exe [24.10.2013 12:08 65304]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [24.10.2013 9:55 20504]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [24.10.2013 9:55 21528]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19.4.2013 11:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5.5.2013 22:42 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5.5.2013 22:42 24672]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [22.12.2010 17:00 44032]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.12.2010 16:59 1691480]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [13.9.2013 11:38 89600]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [26.7.2012 11:16 129536]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [6.2.2011 14:21 25088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-21 05:50 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 06:01]
.
2013-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 05:09]
.
2013-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 05:09]
.
2013-10-25 c:\windows\Tasks\User_Feed_Synchronization-{356F6231-122B-4D75-991D-E9777A26F13F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2013-10-25 c:\windows\Tasks\User_Feed_Synchronization-{C12AB4B9-0A18-4946-A9B1-E12482487CD3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cpzp.cz\portal
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
Trusted Zone: ozp.cz\portal
Trusted Zone: portalzp.cz\www
Trusted Zone: postsignum.cz\www
Trusted Zone: rbp-zp.cz\portal
Trusted Zone: samsungsetup.com\www
Trusted Zone: vozp.cz\portal
Trusted Zone: zpskoda.cz\portal
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-25 11:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Movies Toolbar\SafetyNut\safetycrt.dll
.
Celkový čas: 2013-10-25 11:20:03
ComboFix-quarantined-files.txt 2013-10-25 09:19
.
Před spuštěním: Volných bajtů: 205 341 048 832
Po spuštění: Volných bajtů: 206 635 859 968
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3090D689C90D5FE215DEBB94E3FE5325
413FC2A0C716421B3158746D63736515

Jirka26 · #4 Příspěvek od **Jirka26** » 25 říj 2013 13:08

Tady je ještě log z rkillu:

Windows Version: Microsoft Windows XP Service Pack 3

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 1Checking for Windows services to stop:

0/25/2013 10:47:23 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (PID: 2848) [WD-HEUR]
* C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (PID: 2848) [WD-HEUR]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\AppsHat\WebPlayer.exe (PID: 3132) [UP-HEUR]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\AppsHat\WebPlayer.exe (PID: 3132) [UP-HEUR]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\FLV Player\WebPlayer.exe (PID: 3160) [UP-HEUR]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer\FLV Player\WebPlayer.exe (PID: 3160) [UP-HEUR]
* C:\DOCUME~1\Martina\LOCALS~1\Temp\TeamViewer\Version5\TeamViewer.exe (PID: 192) [T-HEUR]
* C:\DOCUME~1\Martina\LOCALS~1\Temp\TeamViewer\Version5\TeamViewer.exe (PID: 192) [T-HEUR]
* c:\docume~1\martina\locals~1\temp\teamviewer\version5\TeamViewer_Desktop.exe (PID: 3736) [T-HEUR]
* c:\docume~1\martina\locals~1\temp\teamviewer\version5\TeamViewer_Desktop.exe (PID: 3736) [T-HEUR]

5 proccesses terminated!

5 proccesses terminated!

Checking Registry for malware related settings:

Checking Registry for malware related settings:

* No issues found in the Registry.
* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a6
* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\❤≸⋙\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\❤≸⋙\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
* C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ [ZA Dir]
19}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ \ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ \ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ \ﯹ๛\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ \ﯹ๛\{c79494f0-06ac-94eb-1f43-4fcf22 * C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ \ﯹ๛\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ \ \ﯹ๛\{c79494f0-06ac-94eb-1f43-4fcf22c0a619}\ [ZA Dir]
c0a619}\ [ZA Dir]

* ALERT: ZEROACCESS Reparse Point/Junction found!

* C:\Program Files\Microsoft Security Client\Antimalware => c:\windows\system32\config\ [Dir]
* C:\Program Files\Microsoft Security Client\Backup => c:\windows\system32\config\ [Dir]
* C:\Program Files\Microsoft Security Client\cs-cz => c:\windows\system32\config\ [Dir]
* C:\Program Files\Microsoft Security Client\DbgHelp.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\Drivers => c:\windows\system32\config\ [Dir]
* C:\Program Files\Microsoft Security Client\en-us => c:\windows\system32\config\ [Dir]
* C:\Program Files\Microsoft Security Client\EppManifest.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\LegitLib.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpCommu.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpOAv.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MpSvc.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MsMpEng.exe => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\msseces.exe => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MsseWat.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\Setup.exe => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\SetupRes.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\shellext.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\sqmapi.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\SymSrv.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\SymSrv.yes => c:\windows\syste32\config [File]
* C:\Program Files\Microsoft Security Client\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\msseces.exe => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\MsseWat.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\Setup.exe => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\SetupRes.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\shellext.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\sqmapi.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\SymSrv.dll => c:\windows\system32\config [File]
* C:\Program Files\Microsoft Security Client\SymSrv.yes => c:\windows\system32\config [File]

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
m32\config [File]

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

* BITS [Missing Service]
* PolicyAgent [Missing Service]
* RemoteAccess [Missing Service]
* wscsvc [Missing Service]

Checking Windows Service Integrity:

* BITS [Missing Service]
* PolicyAgent [Missing Service]
* RemoteAccess [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

* No issues found.

Checking HOSTS File:

Checking HOSTS File:

* No issues found.

Program finished at: 10/25/2013 10:48:11 AM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/25/2013 10:48:11 AM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)

#5 Příspěvek od **vyosek** » 25 říj 2013 21:37

CF si vypnuti MSE vynutil, takze v poradku

Pouzijte tyto removery k odstraneni MSE

Odinstalujte SpywareTerminator

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Jirka26 · #6 Příspěvek od **Jirka26** » 29 říj 2013 13:51

Zdravím,

takže MSE odstraněno, Terminátor odinstalován a zde je log z AdwCleaneru. Jak to vypadá, už je vše pryč?

# AdwCleaner v3.010 - Report created 29/10/2013 at 13:39:59
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Martina - ZORYCHTOVA
# Running from : C:\Documents and Settings\Martina\Dokumenty\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Program Files\Minibar
[!] Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Documents and Settings\Martina\Local Settings\Data aplikací\Minibar
Folder Deleted : C:\Documents and Settings\Martina\Data aplikací\Minibar
Folder Deleted : C:\Documents and Settings\Martina\Data aplikací\searchresultstb

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\Martina\Nabídka Start\Programy\FLV Player\Uninstall.lnk
Shortcut Disinfected : C:\Documents and Settings\Martina\Nabídka Start\Programy\AppsHat\Uninstall.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Minibar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4996 octets] - [29/10/2013 13:38:31]
AdwCleaner[S0].txt - [4664 octets] - [29/10/2013 13:39:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4724 octets] ##########

#7 Příspěvek od **vyosek** » 29 říj 2013 17:17

Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Jirka26 · #8 Příspěvek od **Jirka26** » 03 lis 2013 17:00

Dobrý večer, omlouvám se za delší odmlku.

Zde je log z FRST, v příloze potom najdete addition log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Martina (administrator) on ZORYCHTOVA on 03-11-2013 16:53:37
Running from C:\Documents and Settings\Martina\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(DiVapton) C:\Program Files\DiVapton\updateDiVapton.exe
(DiVapton) C:\Program Files\DiVapton\bin\utilDiVapton.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(forum.viry.cz) C:\Documents and Settings\Martina\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [19522592 2010-03-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-15] ()
HKLM\...\Run: [Print2PDF Print Monitor] - C:\Program Files\Software602\Print2PDF\Print2PDF.exe [141368 2010-12-03] (Software602)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKU\Administrator\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\safetynut\safetycrt.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {43E3BD61-1AAC-458A-AEAA-8BAC8ABDC015} URL = http://websearch.ask.com/redirect?clien ... 0442138F67
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

========================== Services (Whitelisted) =================

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [84520 2011-03-14] (Software602 a.s.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 Samsung UPD Service2; C:\WINDOWS\system32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics)
R2 Update DiVapton; C:\Program Files\DiVapton\updateDiVapton.exe [65304 2013-10-01] (DiVapton)
R2 Util DiVapton; C:\Program Files\DiVapton\bin\utilDiVapton.exe [65304 2013-10-24] (DiVapton)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 SafetyNutManager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238208 2010-09-27] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2010-09-27] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [19968 2010-12-23] (Aladdin Knowledge Systems)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2010-09-27] (SafeNet Inc.)
R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2010-12-23] (Aladdin Knowledge Systems)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-12-14] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-12-14] (Hewlett Packard)
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [44032 2009-07-27] (Atheros Communications, Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (TeamViewer GmbH)
S3 catchme; \??\C:\DOCUME~1\Martina\LOCALS~1\Temp\catchme.sys [x]
U2 CertPropSvc;
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-03 16:52 - 2013-11-03 16:52 - 00000000 ____D C:\FRST
2013-11-03 16:52 - 2013-11-03 16:50 - 01089445 _____ (Farbar) C:\Documents and Settings\Martina\Plocha\FRST.exe
2013-11-03 16:52 - 2013-11-03 16:50 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Plocha\FRSTLauncher.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 01089445 _____ (Farbar) C:\Documents and Settings\Martina\Dokumenty\FRST.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Dokumenty\FRSTLauncher.exe
2013-10-29 14:04 - 2013-11-03 16:49 - 00000366 ____H C:\WINDOWS\Tasks\MpIdleTask.job
2013-10-29 13:38 - 2013-10-29 13:40 - 00000000 ____D C:\AdwCleaner
2013-10-29 13:37 - 2013-10-29 13:07 - 01060070 _____ C:\Documents and Settings\Martina\Dokumenty\adwcleaner.exe
2013-10-29 13:06 - 2013-10-29 13:06 - 00000000 ____D C:\WINSSLog
2013-10-29 13:03 - 2013-10-29 13:03 - 00020186 _____ C:\FixitRegBackup.reg
2013-10-29 13:02 - 2013-10-29 12:47 - 00756776 _____ (Microsoft Corporation) C:\Documents and Settings\Martina\Dokumenty\OneCareCleanUp.exe
2013-10-29 13:02 - 2013-10-29 12:46 - 00806400 _____ C:\Documents and Settings\Martina\Dokumenty\MicrosoftFixit50692.msi
2013-10-25 10:20 - 2013-10-25 10:20 - 00018682 _____ C:\ComboFix.txt
2013-10-25 10:06 - 2013-10-25 10:06 - 00000000 _RSHD C:\cmdcons
2013-10-25 10:06 - 2013-03-09 18:16 - 00000211 _____ C:\Boot.bak
2013-10-25 10:06 - 2004-08-03 22:00 - 00261312 __RSH C:\cmldr
2013-10-25 09:53 - 2013-10-25 10:21 - 00000000 ____D C:\Qoobox
2013-10-25 09:53 - 2013-10-25 10:18 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-25 09:53 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-25 09:53 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-25 09:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-25 09:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-25 09:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-25 09:53 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-25 09:53 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-25 09:53 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-25 09:53 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-25 09:47 - 2013-10-25 09:48 - 00020292 _____ C:\Documents and Settings\Martina\Plocha\Rkill.txt
2013-10-25 08:43 - 2013-10-25 08:43 - 05136677 ____R (Swearware) C:\Documents and Settings\Martina\Dokumenty\ComboFix.exe
2013-10-25 08:42 - 2013-10-25 08:40 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Martina\Dokumenty\rkill.com
2013-10-25 07:12 - 2013-11-01 11:13 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\Napomenutí
2013-10-25 07:04 - 2013-11-01 14:37 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\Inzerce
2013-10-24 14:33 - 2013-10-29 13:34 - 00272174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1957994488-1060284298-839522115-1004-0.dat
2013-10-24 14:33 - 2013-10-24 14:33 - 00159112 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2013-10-24 10:37 - 2013-10-24 10:37 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\HP
2013-10-24 09:40 - 2013-10-24 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\HP
2013-10-24 09:38 - 2013-10-24 09:38 - 00000899 _____ C:\Documents and Settings\All Users\Plocha\HP LJ M1530 Scan.lnk
2013-10-24 09:38 - 2013-10-24 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\HP
2013-10-24 09:38 - 2013-10-24 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
2013-10-24 09:37 - 2013-10-24 09:37 - 00000000 ____D C:\Documents and Settings\Martina\Nabídka Start\Programy\HP
2013-10-24 09:37 - 2010-09-23 13:05 - 00176128 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpcpn101.dll
2013-10-24 09:37 - 2010-09-19 14:51 - 00167480 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppccompio.dll
2013-10-24 08:55 - 2010-12-14 21:08 - 00188416 _____ (Hewlett Packard) C:\WINDOWS\system32\hpmldm01.dll
2013-10-24 08:55 - 2010-12-14 21:07 - 00751160 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpptsp06.dll
2013-10-24 08:55 - 2010-12-14 21:07 - 00238080 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpbcoins32.dll
2013-10-24 08:55 - 2010-12-14 21:07 - 00188416 _____ (Hewlett Packard) C:\WINDOWS\system32\hpmldmfax01.dll
2013-10-24 08:55 - 2010-12-14 21:07 - 00187960 _____ (Hewlett Packard) C:\WINDOWS\system32\hppscancoins32.dll
2013-10-24 08:55 - 2010-12-14 21:07 - 00021528 _____ (Hewlett Packard) C:\WINDOWS\system32\Drivers\hppcfaxio.sys
2013-10-24 08:55 - 2010-12-14 21:06 - 00755256 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpxp1530.dll
2013-10-24 08:55 - 2010-12-14 21:06 - 00059928 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppcfaxcompio.dll
2013-10-24 08:55 - 2010-12-14 21:06 - 00026648 _____ (Hewlett Packard) C:\WINDOWS\system32\Drivers\hppcgenio.sys
2013-10-24 08:55 - 2010-12-14 21:06 - 00020504 _____ (Hewlett Packard) C:\WINDOWS\system32\Drivers\hppcbulkio.sys
2013-10-24 08:55 - 2010-12-14 21:06 - 00003211 _____ C:\WINDOWS\system32\hppls1530.spf
2013-10-24 08:54 - 2013-10-24 09:38 - 00000000 ____D C:\Program Files\HP
2013-10-24 08:45 - 2013-10-24 08:45 - 00000000 ____D C:\M1530_MFP_Series_Basic_Solution
2013-10-24 08:29 - 2013-10-24 07:52 - 42218424 _____ C:\Documents and Settings\Martina\Dokumenty\hp_M1530_MFP_Basic_usb_n_w.exe
2013-10-24 08:27 - 2013-10-24 08:29 - 00000000 ____D C:\rsit
2013-10-24 08:27 - 2013-10-24 08:28 - 00000000 ____D C:\Program Files\trend micro
2013-10-24 08:25 - 2013-10-24 07:54 - 00781383 _____ C:\Documents and Settings\Martina\Dokumenty\RSIT.exe
2013-10-24 08:20 - 2013-10-24 07:57 - 00466185 _____ C:\Documents and Settings\Martina\Dokumenty\RSIT.zip
2013-10-24 06:02 - 2013-10-29 13:34 - 00272174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2013-10-24 05:55 - 2013-10-24 06:01 - 00001024 ____H C:\WINDOWS\system32\config\elam.LOG
2013-10-24 05:55 - 2013-10-24 05:55 - 00262144 _____ C:\WINDOWS\system32\config\elam
2013-10-23 18:15 - 2013-10-23 18:15 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-23 18:12 - 2013-10-23 18:12 - 246159904 _____ (Kaspersky Lab) C:\Documents and Settings\Martina\Dokumenty\kav14.0.0.4651cs-cz.exe
2013-10-23 17:58 - 2013-10-29 13:53 - 11258192 _____ (Microsoft Corporation) C:\Documents and Settings\Martina\Dokumenty\mseinstall.exe
2013-10-23 11:40 - 2013-10-23 11:40 - 00000000 ___RD C:\Documents and Settings\LocalService\Oblíbené položky
2013-10-23 11:08 - 2013-10-29 13:40 - 00000000 ____D C:\Documents and Settings\Martina\Nabídka Start\Programy\FLV Player
2013-10-23 11:08 - 2013-10-29 13:40 - 00000000 ____D C:\Documents and Settings\Martina\Nabídka Start\Programy\AppsHat
2013-10-23 11:08 - 2013-10-23 11:08 - 00002150 _____ C:\Documents and Settings\Martina\Plocha\AppsHat.lnk
2013-10-23 11:08 - 2013-10-23 11:08 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer
2013-10-23 11:07 - 2013-10-29 13:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SafetyNut
2013-10-23 11:07 - 2013-10-24 11:08 - 00000000 ____D C:\Program Files\DiVapton
2013-10-23 11:07 - 2013-10-23 11:26 - 00000000 ____D C:\Documents and Settings\Martina\Data aplikací\somotomoviestoolbar1
2013-10-23 11:07 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\somotomoviestoolbar1
2013-10-23 11:07 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Wincert
2013-10-23 11:03 - 2013-10-24 05:47 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-23 11:01 - 2013-10-23 11:01 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Macromedia
2013-10-23 11:01 - 2013-10-23 11:01 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Adobe
2013-10-23 07:41 - 2013-11-01 15:07 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\Katka
2013-10-22 11:59 - 2013-10-22 11:59 - 00495616 _____ (Simon Tatham) C:\Documents and Settings\Martina\Dokumenty\putty.exe
2013-10-11 11:09 - 2013-10-11 11:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 11:08 - 2013-10-11 11:08 - 00015360 _____ C:\WINDOWS\KB2862335.log
2013-10-11 11:08 - 2013-10-11 11:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 11:03 - 2013-10-11 11:03 - 00016417 _____ C:\WINDOWS\KB2868038.log
2013-10-11 11:03 - 2013-10-11 11:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 11:02 - 2013-10-11 11:02 - 00017010 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 11:02 - 2013-10-11 11:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 05:48 - 2013-10-11 11:09 - 00020238 _____ C:\WINDOWS\KB2847311.log
2013-10-11 05:48 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-11 05:48 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-11 05:48 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-11 05:48 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-11 05:47 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-11 05:47 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-11 05:47 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-11-03 16:53 - 2010-12-23 07:25 - 00000470 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{356F6231-122B-4D75-991D-E9777A26F13F}.job
2013-11-03 16:52 - 2013-11-03 16:52 - 00000000 ____D C:\FRST
2013-11-03 16:52 - 2010-12-23 09:29 - 00000000 ___HD C:\Documents and Settings\Martina\Local Settings\Data aplikací
2013-11-03 16:52 - 2010-12-23 09:29 - 00000000 ____D C:\Documents and Settings\Martina\Plocha
2013-11-03 16:51 - 2010-12-22 15:12 - 01898370 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-03 16:50 - 2013-11-03 16:52 - 01089445 _____ (Farbar) C:\Documents and Settings\Martina\Plocha\FRST.exe
2013-11-03 16:50 - 2013-11-03 16:52 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Plocha\FRSTLauncher.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 01089445 _____ (Farbar) C:\Documents and Settings\Martina\Dokumenty\FRST.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Dokumenty\FRSTLauncher.exe
2013-11-03 16:50 - 2012-09-19 06:09 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-03 16:50 - 2010-12-23 09:29 - 00000000 ___RD C:\Documents and Settings\Martina\Dokumenty
2013-11-03 16:49 - 2013-10-29 14:04 - 00000366 ____H C:\WINDOWS\Tasks\MpIdleTask.job
2013-11-03 16:49 - 2010-12-23 09:48 - 00000470 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C12AB4B9-0A18-4946-A9B1-E12482487CD3}.job
2013-11-03 16:44 - 2012-09-19 06:09 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-03 16:44 - 2007-10-29 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-03 16:39 - 2010-12-22 16:06 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-03 16:39 - 2010-12-22 16:06 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-11-03 16:39 - 2010-12-22 15:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-01 15:35 - 2010-12-23 09:29 - 00000178 ___SH C:\Documents and Settings\Martina\ntuser.ini
2013-11-01 15:35 - 2010-12-23 09:29 - 00000000 ____D C:\Documents and Settings\Martina
2013-11-01 15:35 - 2010-12-22 15:53 - 00032412 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-01 15:07 - 2013-10-23 07:41 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\Katka
2013-11-01 15:06 - 2010-12-23 09:30 - 00000000 ___RD C:\Documents and Settings\Martina\Dokumenty\Obrázky
2013-11-01 15:01 - 2012-06-08 07:08 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-01 14:37 - 2013-10-25 07:04 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\Inzerce
2013-11-01 12:12 - 2012-02-10 13:06 - 00370688 _____ C:\Documents and Settings\Martina\Plocha\ČERPÁNÍ NAFTY.xls
2013-11-01 11:45 - 2011-01-20 11:06 - 00013030 _____ C:\PDOXUSRS.NET
2013-11-01 11:13 - 2013-10-25 07:12 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\Napomenutí
2013-11-01 07:16 - 2011-01-24 14:33 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\TANKOMAT
2013-10-30 11:06 - 2010-12-22 15:15 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-30 07:01 - 2010-12-22 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office
2013-10-30 07:01 - 2010-12-22 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-10-29 13:54 - 2012-05-02 11:01 - 00001698 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Security Essentials.lnk
2013-10-29 13:54 - 2011-12-27 09:38 - 00001912 _____ C:\WINDOWS\epplauncher.mif
2013-10-29 13:54 - 2011-12-27 09:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-29 13:54 - 2010-12-22 16:04 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-10-29 13:53 - 2013-10-23 17:58 - 11258192 _____ (Microsoft Corporation) C:\Documents and Settings\Martina\Dokumenty\mseinstall.exe
2013-10-29 13:43 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SafetyNut
2013-10-29 13:40 - 2013-10-29 13:38 - 00000000 ____D C:\AdwCleaner
2013-10-29 13:40 - 2013-10-23 11:08 - 00000000 ____D C:\Documents and Settings\Martina\Nabídka Start\Programy\FLV Player
2013-10-29 13:40 - 2013-10-23 11:08 - 00000000 ____D C:\Documents and Settings\Martina\Nabídka Start\Programy\AppsHat
2013-10-29 13:40 - 2010-12-23 09:29 - 00000000 __RHD C:\Documents and Settings\Martina\Data aplikací
2013-10-29 13:39 - 2010-12-22 16:04 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-10-29 13:35 - 2013-01-31 15:36 - 00102450 _____ C:\WINDOWS\setupapi.log
2013-10-29 13:35 - 2013-01-09 12:02 - 00001806 _____ C:\WINDOWS\setupact.log
2013-10-29 13:34 - 2013-10-24 14:33 - 00272174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1957994488-1060284298-839522115-1004-0.dat
2013-10-29 13:34 - 2013-10-24 06:02 - 00272174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2013-10-29 13:14 - 2012-01-31 13:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-29 13:07 - 2013-10-29 13:37 - 01060070 _____ C:\Documents and Settings\Martina\Dokumenty\adwcleaner.exe
2013-10-29 13:06 - 2013-10-29 13:06 - 00000000 ____D C:\WINSSLog
2013-10-29 13:03 - 2013-10-29 13:03 - 00020186 _____ C:\FixitRegBackup.reg
2013-10-29 12:50 - 2010-12-22 16:04 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-10-29 12:47 - 2013-10-29 13:02 - 00756776 _____ (Microsoft Corporation) C:\Documents and Settings\Martina\Dokumenty\OneCareCleanUp.exe
2013-10-29 12:46 - 2013-10-29 13:02 - 00806400 _____ C:\Documents and Settings\Martina\Dokumenty\MicrosoftFixit50692.msi
2013-10-29 12:31 - 2010-12-22 16:04 - 01125096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-29 08:58 - 2012-01-31 14:13 - 00002385 _____ C:\Documents and Settings\All Users\Plocha\PartnerLink.lnk
2013-10-25 10:21 - 2013-10-25 09:53 - 00000000 ____D C:\Qoobox
2013-10-25 10:20 - 2013-10-25 10:20 - 00018682 _____ C:\ComboFix.txt
2013-10-25 10:18 - 2013-10-25 09:53 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-25 10:18 - 2007-10-29 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-25 10:06 - 2013-10-25 10:06 - 00000000 _RSHD C:\cmdcons
2013-10-25 10:06 - 2010-12-22 16:02 - 00000327 __RSH C:\boot.ini
2013-10-25 09:48 - 2013-10-25 09:47 - 00020292 _____ C:\Documents and Settings\Martina\Plocha\Rkill.txt
2013-10-25 08:43 - 2013-10-25 08:43 - 05136677 ____R (Swearware) C:\Documents and Settings\Martina\Dokumenty\ComboFix.exe
2013-10-25 08:40 - 2013-10-25 08:42 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Martina\Dokumenty\rkill.com
2013-10-24 14:33 - 2013-10-24 14:33 - 00159112 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2013-10-24 14:33 - 2010-12-22 15:53 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2013-10-24 11:08 - 2013-10-23 11:07 - 00000000 ____D C:\Program Files\DiVapton
2013-10-24 10:37 - 2013-10-24 10:37 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\HP
2013-10-24 09:40 - 2013-10-24 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\HP
2013-10-24 09:40 - 2010-12-23 09:29 - 00000000 ___RD C:\Documents and Settings\Martina\Nabídka Start\Programy\Po spuštění
2013-10-24 09:38 - 2013-10-24 09:38 - 00000899 _____ C:\Documents and Settings\All Users\Plocha\HP LJ M1530 Scan.lnk
2013-10-24 09:38 - 2013-10-24 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\HP
2013-10-24 09:38 - 2013-10-24 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
2013-10-24 09:38 - 2013-10-24 08:54 - 00000000 ____D C:\Program Files\HP
2013-10-24 09:38 - 2010-12-22 15:57 - 00000000 ____D C:\WINDOWS\twain_32
2013-10-24 09:37 - 2013-10-24 09:37 - 00000000 ____D C:\Documents and Settings\Martina\Nabídka Start\Programy\HP
2013-10-24 09:37 - 2010-12-23 09:29 - 00000000 ___RD C:\Documents and Settings\Martina\Nabídka Start\Programy
2013-10-24 08:45 - 2013-10-24 08:45 - 00000000 ____D C:\M1530_MFP_Series_Basic_Solution
2013-10-24 08:29 - 2013-10-24 08:27 - 00000000 ____D C:\rsit
2013-10-24 08:28 - 2013-10-24 08:27 - 00000000 ____D C:\Program Files\trend micro
2013-10-24 07:57 - 2013-10-24 08:20 - 00466185 _____ C:\Documents and Settings\Martina\Dokumenty\RSIT.zip
2013-10-24 07:54 - 2013-10-24 08:25 - 00781383 _____ C:\Documents and Settings\Martina\Dokumenty\RSIT.exe
2013-10-24 07:52 - 2013-10-24 08:29 - 42218424 _____ C:\Documents and Settings\Martina\Dokumenty\hp_M1530_MFP_Basic_usb_n_w.exe
2013-10-24 06:03 - 2012-09-19 06:09 - 00000000 ____D C:\Program Files\Google
2013-10-24 06:01 - 2013-10-24 05:55 - 00001024 ____H C:\WINDOWS\system32\config\elam.LOG
2013-10-24 05:55 - 2013-10-24 05:55 - 00262144 _____ C:\WINDOWS\system32\config\elam
2013-10-24 05:47 - 2013-10-23 11:03 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-23 18:15 - 2013-10-23 18:15 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-23 18:12 - 2013-10-23 18:12 - 246159904 _____ (Kaspersky Lab) C:\Documents and Settings\Martina\Dokumenty\kav14.0.0.4651cs-cz.exe
2013-10-23 17:37 - 2012-09-19 06:09 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\Google
2013-10-23 17:36 - 2012-09-19 06:09 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Google
2013-10-23 11:40 - 2013-10-23 11:40 - 00000000 ___RD C:\Documents and Settings\LocalService\Oblíbené položky
2013-10-23 11:40 - 2010-12-22 15:53 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-23 11:26 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\Martina\Data aplikací\somotomoviestoolbar1
2013-10-23 11:08 - 2013-10-23 11:08 - 00002150 _____ C:\Documents and Settings\Martina\Plocha\AppsHat.lnk
2013-10-23 11:08 - 2013-10-23 11:08 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\WebPlayer
2013-10-23 11:07 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\somotomoviestoolbar1
2013-10-23 11:07 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Wincert
2013-10-23 11:01 - 2013-10-23 11:01 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Macromedia
2013-10-23 11:01 - 2013-10-23 11:01 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Adobe
2013-10-23 11:01 - 2010-12-22 15:53 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2013-10-22 12:25 - 2010-12-23 10:44 - 00000600 _____ C:\Documents and Settings\Martina\Local Settings\Data aplikací\PUTTY.RND
2013-10-22 11:59 - 2013-10-22 11:59 - 00495616 _____ (Simon Tatham) C:\Documents and Settings\Martina\Dokumenty\putty.exe
2013-10-22 06:55 - 2010-12-23 09:29 - 00000000 ___RD C:\Documents and Settings\Martina\Oblíbené položky
2013-10-21 10:35 - 2012-04-19 09:48 - 00001779 _____ C:\Documents and Settings\Martina\Plocha\Mzdový a personální systém - profesional.lnk
2013-10-21 10:35 - 2012-04-16 09:04 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\RON Software
2013-10-21 06:53 - 2012-09-19 06:10 - 00001813 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2013-10-11 12:17 - 2010-12-22 16:03 - 00270984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-11 11:09 - 2013-10-11 11:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 11:09 - 2013-10-11 05:48 - 00020238 _____ C:\WINDOWS\KB2847311.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00285661 _____ C:\WINDOWS\iis6.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00265867 _____ C:\WINDOWS\FaxSetup.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00127108 _____ C:\WINDOWS\ocgen.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00121260 _____ C:\WINDOWS\tsoc.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00088363 _____ C:\WINDOWS\comsetup.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00053521 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00046569 _____ C:\WINDOWS\netfxocm.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00038171 _____ C:\WINDOWS\updspapi.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00018275 _____ C:\WINDOWS\MedCtrOC.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00016598 _____ C:\WINDOWS\ocmsn.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00013373 _____ C:\WINDOWS\tabletoc.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00013287 _____ C:\WINDOWS\msgsocm.log
2013-10-11 11:09 - 2013-01-09 12:02 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-11 11:08 - 2013-10-11 11:08 - 00015360 _____ C:\WINDOWS\KB2862335.log
2013-10-11 11:08 - 2013-10-11 11:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 11:08 - 2013-08-19 11:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 11:08 - 2013-01-09 12:02 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-11 11:04 - 2010-12-23 07:14 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-11 11:03 - 2013-10-11 11:03 - 00016417 _____ C:\WINDOWS\KB2868038.log
2013-10-11 11:03 - 2013-10-11 11:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 11:02 - 2013-10-11 11:02 - 00017010 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 11:02 - 2013-10-11 11:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 11:01 - 2013-10-11 11:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 10:29 - 2013-02-06 07:08 - 00000000 ____D C:\Documents and Settings\Martina\Plocha\náplně práce
2013-10-09 07:01 - 2012-06-08 07:08 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 07:01 - 2011-06-22 07:56 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-07 14:11 - 2012-02-10 11:40 - 00000000 ____D C:\Documents and Settings\Martina\Dokumenty\AutoPlan

Some content of TEMP:
====================
C:\Documents and Settings\Martina\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2007-10-29 13:00] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2007-10-29 13:00] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2007-10-29 13:00] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2007-10-29 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2007-10-29 13:00] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2007-10-29 13:00] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2007-10-29 13:00] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.88 GB) (Free:191.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive t: () (Network) (Total:67.73 GB) (Free:15.05 GB) NTFS
Drive z: (Data) (Network) (Total:499.87 GB) (Free:458.31 GB) NTFS

Available physical RAM: 1161.47 MB
Total physical RAM: 2037.42 MB
Percentage of memory in use: 42%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 233 GB) (Disk ID: C9C45562)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MpIdleTask.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{356F6231-122B-4D75-991D-E9777A26F13F}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C12AB4B9-0A18-4946-A9B1-E12482487CD3}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Martina\Plocha" je 9176 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Martina\\Local Settings\\Temp\\TeamViewer\\Version5\\TeamViewer.exe"="C:\\Documents and Settings\\Martina\\Local Settings\\Temp\\TeamViewer\\Version5\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

Děkuji.

#9 Příspěvek od **vyosek** » 03 lis 2013 21:12

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\safetynut\safetycrt.dll
HKU\Administrator\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... nrs=AG1&q={searchTerms}
SearchScopes: HKCU - {43E3BD61-1AAC-458A-AEAA-8BAC8ABDC015} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^CZ&apn_uid=14D512DA-8745-492D-A01D-DDC1F7AAEFF6&apn_sauid=2F54C0F1-6400-48C3-A722-310442138F67
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... nrs=AG1&q={searchTerms}
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S2 SafetyNutManager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [x]
S3 catchme; \??\C:\DOCUME~1\Martina\LOCALS~1\Temp\catchme.sys [x]
U2 CertPropSvc;
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
U2 V2iMount; 

C:\Program Files\Enigma Software Group
c:\program files\movies toolbar
2013-11-03 16:52 - 2013-11-03 16:50 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Plocha\FRSTLauncher.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 01089445 _____ (Farbar) C:\Documents and Settings\Martina\Dokumenty\FRST.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Dokumenty\FRSTLauncher.exe
2013-10-25 09:47 - 2013-10-25 09:48 - 00020292 _____ C:\Documents and Settings\Martina\Plocha\Rkill.txt
2013-10-25 08:43 - 2013-10-25 08:43 - 05136677 ____R (Swearware) C:\Documents and Settings\Martina\Dokumenty\ComboFix.exe
2013-10-25 08:42 - 2013-10-25 08:40 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Martina\Dokumenty\rkill.com
2013-10-29 13:03 - 2013-10-29 13:03 - 00020186 _____ C:\FixitRegBackup.reg
2013-10-29 13:02 - 2013-10-29 12:47 - 00756776 _____ (Microsoft Corporation) C:\Documents and Settings\Martina\Dokumenty\OneCareCleanUp.exe
2013-10-29 13:02 - 2013-10-29 12:46 - 00806400 _____ C:\Documents and Settings\Martina\Dokumenty\MicrosoftFixit50692.msi
2013-10-23 11:07 - 2013-10-29 13:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SafetyNut
2013-10-23 11:07 - 2013-10-23 11:26 - 00000000 ____D C:\Documents and Settings\Martina\Data aplikací\somotomoviestoolbar1
2013-10-23 11:07 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\somotomoviestoolbar1

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MpIdleTask.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{356F6231-122B-4D75-991D-E9777A26F13F}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C12AB4B9-0A18-4946-A9B1-E12482487CD3}.job => C:\WINDOWS\system32\msfeedssync.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater" /f

Hosts:

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Jirka26 · #10 Příspěvek od **Jirka26** » 04 lis 2013 10:49

Tady je žádaný log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by Martina at 2013-11-04 10:43:24 Run:1
Running from C:\Documents and Settings\Martina\Plocha\Jirka
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\safetynut\safetycrt.dll
HKU\Administrator\...\Run: [SpywareTerminatorUpdate] - "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... nrs=AG1&q={searchTerms}
SearchScopes: HKCU - {43E3BD61-1AAC-458A-AEAA-8BAC8ABDC015} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^CZ&apn_uid=14D512DA-8745-492D-A01D-DDC1F7AAEFF6&apn_sauid=2F54C0F1-6400-48C3-A722-310442138F67
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... nrs=AG1&q={searchTerms}
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S2 SafetyNutManager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [x]
S3 catchme; \??\C:\DOCUME~1\Martina\LOCALS~1\Temp\catchme.sys [x]
U2 CertPropSvc;
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
U2 V2iMount;

C:\Program Files\Enigma Software Group
c:\program files\movies toolbar
2013-11-03 16:52 - 2013-11-03 16:50 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Plocha\FRSTLauncher.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 01089445 _____ (Farbar) C:\Documents and Settings\Martina\Dokumenty\FRST.exe
2013-11-03 16:50 - 2013-11-03 16:50 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martina\Dokumenty\FRSTLauncher.exe
2013-10-25 09:47 - 2013-10-25 09:48 - 00020292 _____ C:\Documents and Settings\Martina\Plocha\Rkill.txt
2013-10-25 08:43 - 2013-10-25 08:43 - 05136677 ____R (Swearware) C:\Documents and Settings\Martina\Dokumenty\ComboFix.exe
2013-10-25 08:42 - 2013-10-25 08:40 - 01898232 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Martina\Dokumenty\rkill.com
2013-10-29 13:03 - 2013-10-29 13:03 - 00020186 _____ C:\FixitRegBackup.reg
2013-10-29 13:02 - 2013-10-29 12:47 - 00756776 _____ (Microsoft Corporation) C:\Documents and Settings\Martina\Dokumenty\OneCareCleanUp.exe
2013-10-29 13:02 - 2013-10-29 12:46 - 00806400 _____ C:\Documents and Settings\Martina\Dokumenty\MicrosoftFixit50692.msi
2013-10-23 11:07 - 2013-10-29 13:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SafetyNut
2013-10-23 11:07 - 2013-10-23 11:26 - 00000000 ____D C:\Documents and Settings\Martina\Data aplikací\somotomoviestoolbar1
2013-10-23 11:07 - 2013-10-23 11:07 - 00000000 ____D C:\Documents and Settings\Martina\Local Settings\Data aplikací\somotomoviestoolbar1

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MpIdleTask.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{356F6231-122B-4D75-991D-E9777A26F13F}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C12AB4B9-0A18-4946-A9B1-E12482487CD3}.job => C:\WINDOWS\system32\msfeedssync.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater" /f

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdate => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\SearchAssistant => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\CustomizeSearch => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43E3BD61-1AAC-458A-AEAA-8BAC8ABDC015} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{43E3BD61-1AAC-458A-AEAA-8BAC8ABDC015} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Value deleted successfully.
HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
SafetyNutManager => Service deleted successfully.
catchme => Service deleted successfully.
CertPropSvc => Service deleted successfully.
DgiVecp => Service deleted successfully.
esgiguard => Service deleted successfully.
gdrv => Service deleted successfully.
GenericMount => Service deleted successfully.
GMSIPCI => Service deleted successfully.
IntelIde => Service deleted successfully.
ScsiPort => Service deleted successfully.
SSPORT => Service deleted successfully.
V2iMount => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
"c:\program files\movies toolbar" => File/Directory not found.
"C:\Documents and Settings\Martina\Plocha\FRSTLauncher.exe" => File/Directory not found.
C:\Documents and Settings\Martina\Dokumenty\FRST.exe => Moved successfully.
C:\Documents and Settings\Martina\Dokumenty\FRSTLauncher.exe => Moved successfully.
"C:\Documents and Settings\Martina\Plocha\Rkill.txt" => File/Directory not found.
C:\Documents and Settings\Martina\Dokumenty\ComboFix.exe => Moved successfully.
C:\Documents and Settings\Martina\Dokumenty\rkill.com => Moved successfully.
C:\FixitRegBackup.reg => Moved successfully.
C:\Documents and Settings\Martina\Dokumenty\OneCareCleanUp.exe => Moved successfully.
C:\Documents and Settings\Martina\Dokumenty\MicrosoftFixit50692.msi => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\SafetyNut => Moved successfully.
C:\Documents and Settings\Martina\Data aplikací\somotomoviestoolbar1 => Moved successfully.
C:\Documents and Settings\Martina\Local Settings\Data aplikací\somotomoviestoolbar1 => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\MpIdleTask.job => Moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{356F6231-122B-4D75-991D-E9777A26F13F}.job => Moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{C12AB4B9-0A18-4946-A9B1-E12482487CD3}.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Děkuji.

#11 Příspěvek od **vyosek** » 04 lis 2013 10:51

Fajn, jak se chova nas pacient??

Jirka26 · #12 Příspěvek od **Jirka26** » 04 lis 2013 12:30

Tváří se, že je v pořádku..

Mnohokrát Vám děkuji za pomoc.

Přeji pěkný den.

Jirka

#13 Příspěvek od **vyosek** » 04 lis 2013 14:31

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Jirka26 · #14 Příspěvek od **Jirka26** » 05 lis 2013 13:30

Tak a je uklizeno. Jeste jednou Vam dekuji za pomoc i vedomosti.

Preji pekny den.

Jirka

#15 Příspěvek od **vyosek** » 05 lis 2013 16:43

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Nějaký vir

Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir

Re: Nějaký vir