Prosím o preventivní kontrolu logu, občas dochází k zamrznutí
spuštěného programu v počítači.
Děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by RH at 2013-11-08 22:16:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (31%) free of 153 GB
Total RAM: 1014 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:17:13, on 8.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\Nové\RSIT.exe
C:\Program Files\trend micro\RH.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5813 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files\Free Download Manager\iefdm2.dll [2013-03-11 365056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-04-26 102400]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2011-03-24 167936]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-09-16 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-16 178712]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-09-16 150040]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Reviver]
C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-12-26 295072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
C:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
C:\PROGRA~1\COMMON~1\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-01-05 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVerMedia\AVerQuick\AVerQuick.exe [2011-05-19 675840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
C:\Corel\GRAPHI~1\Programs\MFINDE~1.EXE [1998-01-12 83456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2
"TermService"=3
"TapiSrv"=3
"RemoteRegistry"=2
"RasMan"=3
"AVerScheduleService"=2
"AVerRemote"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-09-11 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveTrack"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe:*:Enabled:Nokia Launch Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Super Internet TV\Super Internet TV.exe"="C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Super Internet TV\Super Internet TV.exe:*:Enabled:Super Internet TV"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"msacm.ac3filter"=ac3filter.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.ACDV"=ACDV.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"wave1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-11-07 16:18:47 ----D---- C:\imgs
2013-11-07 16:18:47 ----D---- C:\css
2013-11-07 00:09:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\VS
2013-10-10 14:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 14:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 14:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2884256$
2013-10-10 13:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 13:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 13:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$
======List of files/folders modified in the last 1 month======
2013-11-08 22:17:07 ----D---- C:\Program Files\trend micro
2013-11-08 22:16:13 ----D---- C:\WINDOWS\Temp
2013-11-08 22:15:51 ----SD---- C:\WINDOWS\Tasks
2013-11-08 22:14:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-08 22:09:24 ----D---- C:\WINDOWS\Prefetch
2013-11-08 21:38:56 ----D---- C:\WINDOWS\system32\drivers
2013-11-08 18:05:26 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\Ancestry
2013-11-07 23:17:38 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-07 23:03:19 ----D---- C:\WINDOWS\Debug
2013-11-07 23:03:18 ----D---- C:\WINDOWS
2013-11-07 14:47:12 ----RSD---- C:\WINDOWS\assembly
2013-11-07 14:47:08 ----D---- C:\WINDOWS\Microsoft.NET
2013-11-07 13:44:23 ----SHD---- C:\WINDOWS\Installer
2013-11-07 13:44:23 ----D---- C:\Config.Msi
2013-11-07 13:39:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-11-07 13:38:17 ----D---- C:\WINDOWS\system32
2013-11-07 00:39:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-07 00:39:23 ----D---- C:\WINDOWS\WinSxS
2013-11-04 16:40:38 ----D---- C:\WINDOWS\History
2013-10-20 20:22:04 ----D---- C:\Program Files\Zoom Player
2013-10-18 17:50:53 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\vlc
2013-10-16 16:46:24 ----A---- C:\WINDOWS\NeroDigital.ini
2013-10-10 17:31:31 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-10 14:12:27 ----HD---- C:\WINDOWS\inf
2013-10-10 14:12:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-10-10 14:07:11 ----D---- C:\WINDOWS\system32\MRT
2013-10-10 14:01:59 ----A---- C:\WINDOWS\system32\MRT.exe
2013-10-10 13:58:44 ----D---- C:\Program Files\Internet Explorer
2013-10-10 13:58:15 ----D---- C:\WINDOWS\ie8updates
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-08-30 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-30 177864]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-01-26 20576]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-08-30 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-30 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-30 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-08-30 56080]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-08-30 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2011-01-06 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-01-22 120064]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2012-01-12 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [2010-10-07 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service; C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys [2010-10-07 38144]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2010-04-27 348160]
S4 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-04-01 403456]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-12-31 247152]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: kontrola logu
Zdravim 
Vidim tam MBAM. Nasel neco pri kompletni kontrole?
Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.
Vidim tam MBAM. Nasel neco pri kompletni kontrole? Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola logu
Log z CrystalDisk -
----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2013/11/09 14:22:39
-- Controller Map ----------------------------------------------------------
+ Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVDRAM GSA-H12L
- Sekundární kanál IDE (1)
+ Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 [ATA]
- Primární kanál IDE (0)
+ Sekundární kanál IDE (1)
- WDC WD1600AAJS-00L7A0
-- Disk List ---------------------------------------------------------------
(1) WDC WD1600AAJS-00L7A0 : 160,0 GB [0/2/0, pd1]
----------------------------------------------------------------------------
(1) WDC WD1600AAJS-00L7A0
----------------------------------------------------------------------------
Model : WDC WD1600AAJS-00L7A0
Firmware : 01.03E01
Serial Number : WD-WMAV3A971046
Disk Size : 160,0 GB (8,4/137,4/160,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 12141 hod.
Power On Count : 2625 krát
Temparature : 32 C (89 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 135 134 _21 000000001091 Čas na roztočení ploten
04 _98 _98 __0 000000000AC1 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _84 _84 __0 000000002F6D Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _98 _98 __0 000000000A41 Počet cyklů zapnutí zařízení
C0 200 200 __0 0000000000A8 Počet vypnutí disku
C1 200 200 __0 000000000AC1 Počet cyklů načítání/vymazání
C2 111 101 __0 000000000020 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000000 Počet chyb při zápisu sektorů
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 574D 3341 3341 3937 3130 3436
020: 0000 4000 0032 3031 2E30 3031 3031 5744 4320 5744
030: 3136 3030 4141 4A53 2D30 3741 3741 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0706 0706 0000 0044 0040
080: 01FE 0000 746B 7F61 4123 BC41 BC41 4123 207F 000F
090: 000F 0000 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 9EB0 12A1 0000 0000 0000 0000 0000 0000 5001 4EE0
110: AC8F 13FC 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16CB 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 3037 3037 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 5FA5
----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2013/11/09 14:22:39
-- Controller Map ----------------------------------------------------------
+ Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVDRAM GSA-H12L
- Sekundární kanál IDE (1)
+ Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 [ATA]
- Primární kanál IDE (0)
+ Sekundární kanál IDE (1)
- WDC WD1600AAJS-00L7A0
-- Disk List ---------------------------------------------------------------
(1) WDC WD1600AAJS-00L7A0 : 160,0 GB [0/2/0, pd1]
----------------------------------------------------------------------------
(1) WDC WD1600AAJS-00L7A0
----------------------------------------------------------------------------
Model : WDC WD1600AAJS-00L7A0
Firmware : 01.03E01
Serial Number : WD-WMAV3A971046
Disk Size : 160,0 GB (8,4/137,4/160,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 12141 hod.
Power On Count : 2625 krát
Temparature : 32 C (89 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 135 134 _21 000000001091 Čas na roztočení ploten
04 _98 _98 __0 000000000AC1 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _84 _84 __0 000000002F6D Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _98 _98 __0 000000000A41 Počet cyklů zapnutí zařízení
C0 200 200 __0 0000000000A8 Počet vypnutí disku
C1 200 200 __0 000000000AC1 Počet cyklů načítání/vymazání
C2 111 101 __0 000000000020 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000000 Počet chyb při zápisu sektorů
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 574D 3341 3341 3937 3130 3436
020: 0000 4000 0032 3031 2E30 3031 3031 5744 4320 5744
030: 3136 3030 4141 4A53 2D30 3741 3741 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0706 0706 0000 0044 0040
080: 01FE 0000 746B 7F61 4123 BC41 BC41 4123 207F 000F
090: 000F 0000 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 9EB0 12A1 0000 0000 0000 0000 0000 0000 5001 4EE0
110: AC8F 13FC 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16CB 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 3037 3037 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 5FA5
Re: kontrola logu
Log z AdwCleaner -
# AdwCleaner v3.011 - Report created 09/11/2013 at 14:25:56
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : RH - RH-9B6AEB81C62A
# Running from : C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Freecorder
Folder Found C:\Program Files\Ask.com
Folder Found C:\Program Files\BS_Player
Folder Found C:\Program Files\Complitly
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ConduitEngine
Folder Found C:\Program Files\Freecorder
Folder Found C:\Program Files\vShare
Folder Found C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\BS_Player
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Freecorder
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\BS_Player
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B0B22AD-4958-4649-8120-23F63F7066A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D0781BC-57E5-4DA4-9D84-8DD5DE4188CB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EC7C92D-6B79-49ED-BEF8-BFEEE5D0023C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1E312D1-1B15-49C8-934F-17939B819E2D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\Software\SimplyGen
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6362 octets] - [09/11/2013 14:25:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6422 octets] ##########
# AdwCleaner v3.011 - Report created 09/11/2013 at 14:25:56
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : RH - RH-9B6AEB81C62A
# Running from : C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Freecorder
Folder Found C:\Program Files\Ask.com
Folder Found C:\Program Files\BS_Player
Folder Found C:\Program Files\Complitly
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ConduitEngine
Folder Found C:\Program Files\Freecorder
Folder Found C:\Program Files\vShare
Folder Found C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\BS_Player
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Freecorder
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\BS_Player
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B0B22AD-4958-4649-8120-23F63F7066A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D0781BC-57E5-4DA4-9D84-8DD5DE4188CB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EC7C92D-6B79-49ED-BEF8-BFEEE5D0023C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1E312D1-1B15-49C8-934F-17939B819E2D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\Software\SimplyGen
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6362 octets] - [09/11/2013 14:25:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6422 octets] ##########
Re: kontrola logu
MBAM -
při kontrole našel 1 soubor který jsem vymazal.
při kontrole našel 1 soubor který jsem vymazal.
Re: kontrola logu
Znovu ukoncete vsechny programy a spustte AdwCleaner.Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola logu
Provedeno -
# AdwCleaner v3.011 - Report created 09/11/2013 at 16:55:42
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : RH - RH-9B6AEB81C62A
# Running from : C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Freecorder
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\vShare
Folder Deleted : C:\Program Files\BS_Player
Folder Deleted : C:\Program Files\Freecorder
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1E312D1-1B15-49C8-934F-17939B819E2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D0781BC-57E5-4DA4-9D84-8DD5DE4188CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B0B22AD-4958-4649-8120-23F63F7066A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EC7C92D-6B79-49ED-BEF8-BFEEE5D0023C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\BS_Player
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\BS_Player
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6502 octets] - [09/11/2013 14:25:56]
AdwCleaner[R1].txt - [6562 octets] - [09/11/2013 16:50:38]
AdwCleaner[S0].txt - [5955 octets] - [09/11/2013 16:55:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6015 octets] ##########
# AdwCleaner v3.011 - Report created 09/11/2013 at 16:55:42
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : RH - RH-9B6AEB81C62A
# Running from : C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Freecorder
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\vShare
Folder Deleted : C:\Program Files\BS_Player
Folder Deleted : C:\Program Files\Freecorder
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEA886A4-F251-4001-A786-B571B9330C13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1E312D1-1B15-49C8-934F-17939B819E2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D0781BC-57E5-4DA4-9D84-8DD5DE4188CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B0B22AD-4958-4649-8120-23F63F7066A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EC7C92D-6B79-49ED-BEF8-BFEEE5D0023C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\BS_Player
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\BS_Player
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6502 octets] - [09/11/2013 14:25:56]
AdwCleaner[R1].txt - [6562 octets] - [09/11/2013 16:50:38]
AdwCleaner[S0].txt - [5955 octets] - [09/11/2013 16:55:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6015 octets] ##########
Re: kontrola logu
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola logu
zpráva -
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : RH [Práva správce]
Mód : Kontrola -- Datum : 11/09/2013 21:45:38
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][křižovatka] $NtUninstallKB8778$ : C:\WINDOWS\$NtUninstallKB8778$ >> \systemroot\system32\config [-] --> NALEZENO
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @iexplore.exe (HttpSendRequestA) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4730)
[Inline] EAT @iexplore.exe (HttpSendRequestW) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4770)
[Inline] EAT @iexplore.exe (InternetCloseHandle) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4710)
[Inline] EAT @iexplore.exe (InternetReadFile) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE46C0)
[Inline] EAT @iexplore.exe (WSAGetOverlappedResult) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE5740)
[Inline] EAT @iexplore.exe (WSARecv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4580)
[Inline] EAT @iexplore.exe (WSASend) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE43C0)
[Inline] EAT @iexplore.exe (closesocket) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE46A0)
[Inline] EAT @iexplore.exe (recv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE44E0)
[Inline] EAT @iexplore.exe (send) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4320)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600AAJS-00L7A0 +++++
--- User ---
[MBR] 0ebd4b947214d42558570eecf4966c9b
[BSP] 50f5ded20cf357aac243474a284a214f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_11092013_214538.txt >>
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : RH [Práva správce]
Mód : Kontrola -- Datum : 11/09/2013 21:45:38
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][křižovatka] $NtUninstallKB8778$ : C:\WINDOWS\$NtUninstallKB8778$ >> \systemroot\system32\config [-] --> NALEZENO
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @iexplore.exe (HttpSendRequestA) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4730)
[Inline] EAT @iexplore.exe (HttpSendRequestW) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4770)
[Inline] EAT @iexplore.exe (InternetCloseHandle) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4710)
[Inline] EAT @iexplore.exe (InternetReadFile) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE46C0)
[Inline] EAT @iexplore.exe (WSAGetOverlappedResult) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE5740)
[Inline] EAT @iexplore.exe (WSARecv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4580)
[Inline] EAT @iexplore.exe (WSASend) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE43C0)
[Inline] EAT @iexplore.exe (closesocket) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE46A0)
[Inline] EAT @iexplore.exe (recv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE44E0)
[Inline] EAT @iexplore.exe (send) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x02AE4320)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600AAJS-00L7A0 +++++
--- User ---
[MBR] 0ebd4b947214d42558570eecf4966c9b
[BSP] 50f5ded20cf357aac243474a284a214f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_11092013_214538.txt >>
Re: kontrola logu
Ajeje, ZeroAccess. Tak to mozna bude zajimave 
Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola logu
Zpráva 1 -
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : RH [Práva správce]
Mód : Odebrat -- Datum : 11/10/2013 12:42:13
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][křižovatka] $NtUninstallKB8778$ : C:\WINDOWS\$NtUninstallKB8778$ >> \systemroot\system32\config [-] --> křižovatka VYMAZÁNO
[ZeroAccess][křižovatka] 2462749475 : C:\WINDOWS\$NtUninstallKB8778$\2462749475 >> \systemroot\system32\config [-] --> křižovatka VYMAZÁNO
[ZeroAccess][soubor] 2462749475 : C:\WINDOWS\$NtUninstallKB8778$\2462749475 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @ : C:\WINDOWS\$NtUninstallKB8778$\925887130\@ [-] --> VYMAZÁNO
[ZeroAccess][soubor] dabeqamt : C:\WINDOWS\$NtUninstallKB8778$\925887130\L\dabeqamt [-] --> VYMAZÁNO
[ZeroAccess][desky] L : C:\WINDOWS\$NtUninstallKB8778$\925887130\L [-] --> VYMAZÁNO
[ZeroAccess][soubor] loader.tlb : C:\WINDOWS\$NtUninstallKB8778$\925887130\loader.tlb [-] --> VYMAZÁNO
[ZeroAccess][soubor] @00000001 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@00000001 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @000000c0 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@000000c0 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @000000cb : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@000000cb [-] --> VYMAZÁNO
[ZeroAccess][soubor] @000000cf : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@000000cf [-] --> VYMAZÁNO
[ZeroAccess][soubor] @80000000 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@80000000 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @800000c0 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@800000c0 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @800000cb : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@800000cb [-] --> VYMAZÁNO
[ZeroAccess][soubor] @800000cf : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@800000cf [-] --> VYMAZÁNO
[ZeroAccess][desky] U : C:\WINDOWS\$NtUninstallKB8778$\925887130\U [-] --> VYMAZÁNO
[ZeroAccess][desky] 925887130 : C:\WINDOWS\$NtUninstallKB8778$\925887130 [-] --> VYMAZÁNO
[ZeroAccess][desky] $NtUninstallKB8778$ : C:\WINDOWS\$NtUninstallKB8778$ [-] --> VYMAZÁNO
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @iexplore.exe (HttpSendRequestA) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4730)
[Inline] EAT @iexplore.exe (HttpSendRequestW) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4770)
[Inline] EAT @iexplore.exe (InternetCloseHandle) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4710)
[Inline] EAT @iexplore.exe (InternetReadFile) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D46C0)
[Inline] EAT @iexplore.exe (WSAGetOverlappedResult) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D5740)
[Inline] EAT @iexplore.exe (WSARecv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4580)
[Inline] EAT @iexplore.exe (WSASend) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D43C0)
[Inline] EAT @iexplore.exe (closesocket) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D46A0)
[Inline] EAT @iexplore.exe (recv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D44E0)
[Inline] EAT @iexplore.exe (send) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4320)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600AAJS-00L7A0 +++++
--- User ---
[MBR] 0ebd4b947214d42558570eecf4966c9b
[BSP] 50f5ded20cf357aac243474a284a214f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_11102013_124213.txt >>
RKreport[0]_S_11092013_214538.txt;RKreport[0]_S_11102013_124112.txt
Zpráva 2 -
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : RH [Práva správce]
Mód : Oprava HOSTS -- Datum : 11/10/2013 12:43:44
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_11102013_124344.txt >>
RKreport[0]_D_11102013_124213.txt;RKreport[0]_S_11092013_214538.txt;RKreport[0]_S_11102013_124112.txt
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : RH [Práva správce]
Mód : Odebrat -- Datum : 11/10/2013 12:42:13
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][křižovatka] $NtUninstallKB8778$ : C:\WINDOWS\$NtUninstallKB8778$ >> \systemroot\system32\config [-] --> křižovatka VYMAZÁNO
[ZeroAccess][křižovatka] 2462749475 : C:\WINDOWS\$NtUninstallKB8778$\2462749475 >> \systemroot\system32\config [-] --> křižovatka VYMAZÁNO
[ZeroAccess][soubor] 2462749475 : C:\WINDOWS\$NtUninstallKB8778$\2462749475 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @ : C:\WINDOWS\$NtUninstallKB8778$\925887130\@ [-] --> VYMAZÁNO
[ZeroAccess][soubor] dabeqamt : C:\WINDOWS\$NtUninstallKB8778$\925887130\L\dabeqamt [-] --> VYMAZÁNO
[ZeroAccess][desky] L : C:\WINDOWS\$NtUninstallKB8778$\925887130\L [-] --> VYMAZÁNO
[ZeroAccess][soubor] loader.tlb : C:\WINDOWS\$NtUninstallKB8778$\925887130\loader.tlb [-] --> VYMAZÁNO
[ZeroAccess][soubor] @00000001 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@00000001 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @000000c0 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@000000c0 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @000000cb : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@000000cb [-] --> VYMAZÁNO
[ZeroAccess][soubor] @000000cf : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@000000cf [-] --> VYMAZÁNO
[ZeroAccess][soubor] @80000000 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@80000000 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @800000c0 : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@800000c0 [-] --> VYMAZÁNO
[ZeroAccess][soubor] @800000cb : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@800000cb [-] --> VYMAZÁNO
[ZeroAccess][soubor] @800000cf : C:\WINDOWS\$NtUninstallKB8778$\925887130\U\@800000cf [-] --> VYMAZÁNO
[ZeroAccess][desky] U : C:\WINDOWS\$NtUninstallKB8778$\925887130\U [-] --> VYMAZÁNO
[ZeroAccess][desky] 925887130 : C:\WINDOWS\$NtUninstallKB8778$\925887130 [-] --> VYMAZÁNO
[ZeroAccess][desky] $NtUninstallKB8778$ : C:\WINDOWS\$NtUninstallKB8778$ [-] --> VYMAZÁNO
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @iexplore.exe (HttpSendRequestA) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4730)
[Inline] EAT @iexplore.exe (HttpSendRequestW) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4770)
[Inline] EAT @iexplore.exe (InternetCloseHandle) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4710)
[Inline] EAT @iexplore.exe (InternetReadFile) : WININET.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D46C0)
[Inline] EAT @iexplore.exe (WSAGetOverlappedResult) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D5740)
[Inline] EAT @iexplore.exe (WSARecv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4580)
[Inline] EAT @iexplore.exe (WSASend) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D43C0)
[Inline] EAT @iexplore.exe (closesocket) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D46A0)
[Inline] EAT @iexplore.exe (recv) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D44E0)
[Inline] EAT @iexplore.exe (send) : ws2_32.dll -> HOOKED (C:\Program Files\Free Download Manager\flvsniff.dll @ 0x028D4320)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600AAJS-00L7A0 +++++
--- User ---
[MBR] 0ebd4b947214d42558570eecf4966c9b
[BSP] 50f5ded20cf357aac243474a284a214f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_11102013_124213.txt >>
RKreport[0]_S_11092013_214538.txt;RKreport[0]_S_11102013_124112.txt
Zpráva 2 -
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : RH [Práva správce]
Mód : Oprava HOSTS -- Datum : 11/10/2013 12:43:44
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_11102013_124344.txt >>
RKreport[0]_D_11102013_124213.txt;RKreport[0]_S_11092013_214538.txt;RKreport[0]_S_11102013_124112.txt
Re: kontrola logu
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola logu
Zpráva z ComboFix -
ComboFix 13-11-10.01 - RH 10.11.2013 15:59:52.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.570 [GMT 1:00]
Spuštěný z: c:\documents and settings\RH.RH-9B6AEB81C62A\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\RH.RH-9B6AEB81C62A\WINDOWS
c:\program files\Windows User
c:\program files\Windows User\Administrator@QWERT-53E68D71A.txt
c:\program files\Windows User\dwm.ini
c:\program files\Windows User\logeristry.txt
c:\program files\Windows User\todo.txt
c:\program files\Windows User\ver.txt
c:\windows\system32\Cache
c:\windows\system32\mspaint.exe.exe
c:\windows\system32\pthreadVC.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-10 do 2013-11-10 )))))))))))))))))))))))))))))))
.
.
2013-11-09 13:25 . 2013-11-09 15:55 -------- d-----w- C:\AdwCleaner
2013-11-09 11:52 . 2013-11-09 11:52 -------- d-----w- c:\program files\CCleaner
2013-11-07 15:18 . 2013-11-07 15:20 -------- d-----w- C:\imgs
2013-11-07 15:18 . 2013-11-07 15:18 -------- d-----w- C:\css
2013-11-06 23:09 . 2013-11-06 23:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\VS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 12:44 . 2012-07-18 18:51 205984 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2013-10-08 19:00 . 2012-03-29 13:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 19:00 . 2012-03-13 18:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-30 07:48 . 2013-05-10 14:33 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-10 14:33 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-15 21:58 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-10 14:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2013-05-10 14:33 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-15 21:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-10 14:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-03-15 21:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-10 14:32 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-10 14:33 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 07:01 . 2006-03-02 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2004-08-03 23:08 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2004-10-01 14:00 . 2010-04-08 12:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-26 14:47 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"AVerScheduleService"=2 (0x2)
"AVerRemote"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\RH.RH-9B6AEB81C62A\\Local Settings\\Data aplikací\\Super Internet TV\\Super Internet TV.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [15.3.2013 22:58 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [15.3.2013 22:58 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2013 15:33 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2013 15:33 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2013 15:33 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [15.3.2013 22:58 66336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.5.2013 22:40 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.5.2013 22:40 22856]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.SYS [12.1.2012 21:23 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [17.12.2012 17:09 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [17.12.2012 17:09 38144]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [8.1.2011 18:26 406016]
S4 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17.12.2012 17:06 348160]
S4 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17.12.2012 17:06 403456]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29.11.2012 20:31 38608]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:00]
.
2013-11-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-10 07:47]
.
2013-11-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-10 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 213.211.45.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-10 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-11-10 16:13:54
ComboFix-quarantined-files.txt 2013-11-10 15:13
.
Před spuštěním: Volných bajtů: 48 662 147 072
Po spuštění: Volných bajtů: 48 720 052 224
.
- - End Of File - - 7A8B723F0BDA01E1AC0D5699F28F8F19
413FC2A0C716421B3158746D63736515
ComboFix 13-11-10.01 - RH 10.11.2013 15:59:52.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.570 [GMT 1:00]
Spuštěný z: c:\documents and settings\RH.RH-9B6AEB81C62A\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\RH.RH-9B6AEB81C62A\WINDOWS
c:\program files\Windows User
c:\program files\Windows User\Administrator@QWERT-53E68D71A.txt
c:\program files\Windows User\dwm.ini
c:\program files\Windows User\logeristry.txt
c:\program files\Windows User\todo.txt
c:\program files\Windows User\ver.txt
c:\windows\system32\Cache
c:\windows\system32\mspaint.exe.exe
c:\windows\system32\pthreadVC.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-10 do 2013-11-10 )))))))))))))))))))))))))))))))
.
.
2013-11-09 13:25 . 2013-11-09 15:55 -------- d-----w- C:\AdwCleaner
2013-11-09 11:52 . 2013-11-09 11:52 -------- d-----w- c:\program files\CCleaner
2013-11-07 15:18 . 2013-11-07 15:20 -------- d-----w- C:\imgs
2013-11-07 15:18 . 2013-11-07 15:18 -------- d-----w- C:\css
2013-11-06 23:09 . 2013-11-06 23:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\VS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 12:44 . 2012-07-18 18:51 205984 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2013-10-08 19:00 . 2012-03-29 13:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 19:00 . 2012-03-13 18:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-30 07:48 . 2013-05-10 14:33 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-10 14:33 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-15 21:58 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-10 14:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2013-05-10 14:33 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-15 21:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-10 14:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-03-15 21:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-10 14:32 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-10 14:33 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 07:01 . 2006-03-02 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2004-08-03 23:08 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2004-10-01 14:00 . 2010-04-08 12:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-26 14:47 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"AVerScheduleService"=2 (0x2)
"AVerRemote"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\RH.RH-9B6AEB81C62A\\Local Settings\\Data aplikací\\Super Internet TV\\Super Internet TV.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [15.3.2013 22:58 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [15.3.2013 22:58 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2013 15:33 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2013 15:33 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2013 15:33 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [15.3.2013 22:58 66336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.5.2013 22:40 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.5.2013 22:40 22856]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.SYS [12.1.2012 21:23 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [17.12.2012 17:09 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [17.12.2012 17:09 38144]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [8.1.2011 18:26 406016]
S4 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17.12.2012 17:06 348160]
S4 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17.12.2012 17:06 403456]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29.11.2012 20:31 38608]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:00]
.
2013-11-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-10 07:47]
.
2013-11-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-10 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 213.211.45.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-10 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-11-10 16:13:54
ComboFix-quarantined-files.txt 2013-11-10 15:13
.
Před spuštěním: Volných bajtů: 48 662 147 072
Po spuštění: Volných bajtů: 48 720 052 224
.
- - End Of File - - 7A8B723F0BDA01E1AC0D5699F28F8F19
413FC2A0C716421B3158746D63736515
Re: kontrola logu
Postupujte podle navodu kolegy
vyosek píše:
- Ulozte nejlepe na Plochu a rozbalte
- Spustte kliknutim na mbar
- Nyni postupne kliknete na Next a Update
- Po dokonceni update (aktualizace) databaze kliknete opet na Next
- Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
- Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
- Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
- Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
- PC bude restartovan
- Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
vyosek píše:
- Kliknete na volbu Change parametrs
- V okne Additional Option zakliknete vsechny moznosti
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola logu
Provedl jsem kontrolu pomocí Malwarebytes Anti-Rootkit -
nalezeno 6 souborů, po zvolení CleanUp se nedělo půl hodiny
vůbec nic.Program jsem ukončil a dál zatím nepokračoval.
Zde je log -
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.11.10.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
RH :: RH-9B6AEB81C62A [administrator]
10.11.2013 18:06:23
mbar-log-2013-11-10 (18-06-23).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 410117
Time elapsed: 17 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 6
HKCR\exefile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\batfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\comfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\piffile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> No action taken.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: (regedit.exe "%1") -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\WINDOWS\system32\c_31475.nls (Backdoor.0Access) -> No action taken.
C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\372fea9a\@ (Backdoor.0Access) -> No action taken.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
nalezeno 6 souborů, po zvolení CleanUp se nedělo půl hodiny
vůbec nic.Program jsem ukončil a dál zatím nepokračoval.
Zde je log -
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.11.10.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
RH :: RH-9B6AEB81C62A [administrator]
10.11.2013 18:06:23
mbar-log-2013-11-10 (18-06-23).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 410117
Time elapsed: 17 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 6
HKCR\exefile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\batfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\comfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\piffile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> No action taken.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: (regedit.exe "%1") -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\WINDOWS\system32\c_31475.nls (Backdoor.0Access) -> No action taken.
C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\372fea9a\@ (Backdoor.0Access) -> No action taken.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Přispějete na provoz fóra?