Prosím o preventivku - FRST log

[ras099]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Martin (administrator) on MARTINRASZKA-PC on 11-11-2013 14:55:20
Running from C:\Documents and Settings\Martin\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Martin\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-03-23] ()
HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\WINDOWS\system32\HdAShCut.exe [61952 2005-01-07] (Windows (R) Server 2003 DDK provider)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [15473664 2005-11-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\Alcmtr.exe [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe [774168 2013-02-18] (ZONER software)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\REALTEK 11n USB Wireless LAN Utility.lnk
ShortcutTarget: REALTEK 11n USB Wireless LAN Utility.lnk -> C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 7764883328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7765927656
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\49rnlpde.default
FF Homepage: http://www.google.cz
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\49rnlpde.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.novinky.cz/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Martin\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Martin\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Martin\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Martin\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Themes for Facebook\u2122) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\nnokmfkhggegacbiaknbocbboniaajdg\1.5_0
CHR Extension: (Gmail) - C:\DOCUME~1\Martin\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-05-05] (Cisco Systems, Inc.)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43008 2006-07-01] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2013-07-20] (REALiX(tm))
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [904680 2011-05-09] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [904680 2011-05-09] (Realtek Semiconductor Corporation )
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
S3 WINIO; \??\C:\Documents and Settings\Martin\Plocha\Power-Supply-Calculator-2.071_-Gio\Power Supply Calculator 2.071_ Gio\winio.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-11 14:45 - 2013-11-11 14:45 - 01090275 _____ (Farbar) C:\Documents and Settings\Martin\Plocha\FRST.exe
2013-11-11 14:45 - 2013-11-11 14:45 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martin\Plocha\FRSTLauncher.exe
2013-11-11 14:24 - 2013-11-11 14:24 - 00000641 _____ C:\Documents and Settings\Martin\Plocha\Enya Best Of.lnk
2013-11-07 19:01 - 2013-11-07 19:01 - 00000008 _____ C:\Documents and Settings\Martin\Plocha\heslo.txt
2013-11-06 16:06 - 2013-11-06 19:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-31 11:20 - 2013-10-31 14:50 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-26 18:07 - 2013-10-26 18:07 - 00001685 _____ C:\Documents and Settings\Martin\Plocha\ICQ.lnk
2013-10-26 18:07 - 2013-10-26 18:07 - 00001685 _____ C:\Documents and Settings\Martin\Nabídka Start\ICQ.lnk
2013-10-26 18:07 - 2013-10-26 18:07 - 00000000 ____D C:\Documents and Settings\Martin\Nabídka Start\Programy\ICQ
2013-10-26 18:06 - 2013-10-26 18:14 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\ICQ-Profile
2013-10-26 18:06 - 2013-10-26 18:06 - 00000000 ____D C:\Program Files\ICQM
2013-10-26 18:06 - 2013-10-26 18:06 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\ICQM
2013-10-20 18:10 - 2013-10-20 18:10 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\Fotografie-0024.jpg.uid-zps
2013-10-20 08:16 - 2013-11-06 19:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-20 08:16 - 2013-10-20 08:16 - 00000736 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2013-10-20 08:16 - 2013-10-20 08:16 - 00000730 _____ C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2013-10-19 20:18 - 2013-10-19 20:20 - 00000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\VDownloader
2013-10-19 20:18 - 2013-10-19 20:18 - 00000000 ____D C:\Program Files\WinPcap
2013-10-19 20:18 - 2013-10-19 20:18 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\VDownloader
2013-10-19 20:17 - 2013-10-19 20:18 - 00000000 ____D C:\Program Files\VDownloader
2013-10-19 20:17 - 2013-10-19 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\VDownloader
2013-10-19 20:17 - 2010-01-26 10:11 - 00444283 _____ C:\Program Files\Common Files\WinPcapNmap.exe
2013-10-18 19:23 - 2013-10-18 19:23 - 00090112 _____ C:\WINDOWS\Minidump\Mini101813-01.dmp
2013-10-16 12:23 - 2013-10-16 12:23 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\1383147_479721378792752_1003138717_n.jpg.uid-zps
2013-10-15 13:19 - 2013-10-15 13:19 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\280658-original1-riet6 (1).jpg.uid-zps
2013-10-13 11:04 - 2013-10-13 11:04 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\267006_107456202685940_2917902_o.jpg.uid-zps
2013-10-12 15:49 - 2013-10-12 15:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp
2013-10-12 15:27 - 2005-10-31 17:17 - 00135168 _____ () C:\WINDOWS\system32\RtlCPAPI.dll
2013-10-12 15:26 - 2005-05-03 17:43 - 00069632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\Alcmtr.exe
2013-10-12 15:18 - 2013-10-27 14:46 - 00034638 _____ C:\WINDOWS\setupapi.log
2013-10-12 14:36 - 2013-10-12 14:36 - 00000570 _____ C:\Documents and Settings\Martin\Plocha\Zástupce - Vydaje.lnk
2013-10-12 14:36 - 2013-10-12 14:36 - 00000562 _____ C:\Documents and Settings\Martin\Plocha\Zástupce - Mzda.lnk
2013-10-12 08:14 - 2013-10-12 08:14 - 00135151 _____ C:\test.txt
2013-10-12 08:12 - 2013-10-12 08:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Chit Chat For Facebook
2013-10-12 08:12 - 2013-10-12 08:12 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\EurekaLog

==================== One Month Modified Files and Folders =======

2013-11-11 14:53 - 2013-05-10 23:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-11-11 14:53 - 2013-05-05 15:03 - 00000000 ___HD C:\Documents and Settings\Martin\Local Settings\Data aplikací
2013-11-11 14:53 - 2013-05-05 15:03 - 00000000 ____D C:\Documents and Settings\Martin\Plocha
2013-11-11 14:51 - 2013-09-12 08:26 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-11 14:51 - 2013-05-05 14:59 - 01316967 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-11 14:50 - 2013-05-05 16:53 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-11-11 14:50 - 2013-05-05 16:53 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-11 14:50 - 2013-05-05 16:50 - 00297256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-11 14:50 - 2013-05-05 15:40 - 00000000 ____D C:\WINDOWS\system32\Lang
2013-11-11 14:50 - 2013-05-05 15:10 - 00000000 _____ C:\WINDOWS\RTacDbg.txt
2013-11-11 14:50 - 2013-05-05 15:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-11 14:48 - 2013-05-10 23:46 - 00524288 _____ C:\WINDOWS\system32\config\CaptureL.evt
2013-11-11 14:48 - 2013-05-07 08:34 - 00032398 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-11 14:48 - 2013-05-05 17:59 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-11-11 14:48 - 2013-05-05 15:03 - 00000178 ___SH C:\Documents and Settings\Martin\ntuser.ini
2013-11-11 14:46 - 2013-05-05 17:54 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-11-11 14:45 - 2013-11-11 14:45 - 01090275 _____ (Farbar) C:\Documents and Settings\Martin\Plocha\FRST.exe
2013-11-11 14:45 - 2013-11-11 14:45 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Martin\Plocha\FRSTLauncher.exe
2013-11-11 14:45 - 2013-08-11 14:48 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-11 14:45 - 2013-05-10 23:35 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-11-11 14:45 - 2013-05-05 16:51 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-11 14:44 - 2013-08-11 14:28 - 00000000 ____D C:\Program Files\MSBuild
2013-11-11 14:43 - 2013-05-05 16:50 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-11-11 14:24 - 2013-11-11 14:24 - 00000641 _____ C:\Documents and Settings\Martin\Plocha\Enya Best Of.lnk
2013-11-11 13:39 - 2013-05-12 02:28 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\Canon
2013-11-11 13:38 - 2013-05-05 15:03 - 00000000 ____D C:\Documents and Settings\Martin
2013-11-11 00:46 - 2013-05-10 23:58 - 05043078 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-507921405-117609710-839522115-1004-0.dat
2013-11-11 00:46 - 2013-05-10 23:58 - 00334382 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2013-11-11 00:45 - 2013-05-05 15:03 - 00000000 ___RD C:\Documents and Settings\Martin\Dokumenty
2013-11-10 14:01 - 2013-05-05 16:36 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\vlc
2013-11-09 16:20 - 2013-05-07 00:41 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\Skype
2013-11-09 16:19 - 2013-05-11 09:58 - 00103424 ___SH C:\Documents and Settings\Martin\Plocha\Thumbs.db
2013-11-09 15:28 - 2013-05-07 00:41 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2013-11-08 10:55 - 2013-05-12 13:17 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-07 19:01 - 2013-11-07 19:01 - 00000008 _____ C:\Documents and Settings\Martin\Plocha\heslo.txt
2013-11-06 19:23 - 2013-11-06 16:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-06 19:22 - 2013-08-22 17:18 - 00002511 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office Word Viewer 2003.lnk
2013-11-06 19:21 - 2013-10-20 08:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-04 17:14 - 2013-05-05 15:29 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-11-04 17:14 - 2006-03-02 13:00 - 00013676 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-31 14:50 - 2013-10-31 11:20 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-28 10:15 - 2013-05-05 16:51 - 01119330 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-27 14:46 - 2013-10-12 15:18 - 00034638 _____ C:\WINDOWS\setupapi.log
2013-10-26 18:14 - 2013-10-26 18:06 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\ICQ-Profile
2013-10-26 18:08 - 2013-05-05 15:13 - 00077160 _____ C:\Documents and Settings\Martin\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2013-10-26 18:07 - 2013-10-26 18:07 - 00001685 _____ C:\Documents and Settings\Martin\Plocha\ICQ.lnk
2013-10-26 18:07 - 2013-10-26 18:07 - 00001685 _____ C:\Documents and Settings\Martin\Nabídka Start\ICQ.lnk
2013-10-26 18:07 - 2013-10-26 18:07 - 00000000 ____D C:\Documents and Settings\Martin\Nabídka Start\Programy\ICQ
2013-10-26 18:07 - 2013-05-05 15:03 - 00000000 ___RD C:\Documents and Settings\Martin\Nabídka Start\Programy
2013-10-26 18:07 - 2013-05-05 15:03 - 00000000 ___RD C:\Documents and Settings\Martin\Nabídka Start
2013-10-26 18:06 - 2013-10-26 18:06 - 00000000 ____D C:\Program Files\ICQM
2013-10-26 18:06 - 2013-10-26 18:06 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\ICQM
2013-10-26 18:06 - 2013-05-05 15:03 - 00000000 __RHD C:\Documents and Settings\Martin\Data aplikací
2013-10-23 20:49 - 2013-05-08 22:22 - 00025088 _____ C:\Documents and Settings\Martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-20 18:10 - 2013-10-20 18:10 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\Fotografie-0024.jpg.uid-zps
2013-10-20 18:09 - 2013-05-05 15:03 - 00000000 ___RD C:\Documents and Settings\Martin\Dokumenty\Obrázky
2013-10-20 18:08 - 2013-05-07 01:05 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
2013-10-20 08:16 - 2013-10-20 08:16 - 00000736 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2013-10-20 08:16 - 2013-10-20 08:16 - 00000730 _____ C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2013-10-20 08:16 - 2013-05-05 16:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-10-20 08:08 - 2013-05-07 00:41 - 00000000 ___RD C:\Program Files\Skype
2013-10-20 08:04 - 2006-03-02 13:00 - 00000600 _____ C:\WINDOWS\win.ini
2013-10-20 08:04 - 2006-03-02 13:00 - 00000253 _____ C:\WINDOWS\system.ini
2013-10-19 21:16 - 2013-08-11 14:28 - 00334080 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2013-10-19 21:16 - 2013-05-05 15:03 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2013-10-19 20:20 - 2013-10-19 20:18 - 00000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\VDownloader
2013-10-19 20:18 - 2013-10-19 20:18 - 00000000 ____D C:\Program Files\WinPcap
2013-10-19 20:18 - 2013-10-19 20:18 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\VDownloader
2013-10-19 20:18 - 2013-10-19 20:17 - 00000000 ____D C:\Program Files\VDownloader
2013-10-19 20:17 - 2013-10-19 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\VDownloader
2013-10-18 19:23 - 2013-10-18 19:23 - 00090112 _____ C:\WINDOWS\Minidump\Mini101813-01.dmp
2013-10-18 19:23 - 2013-08-03 20:02 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-16 12:23 - 2013-10-16 12:23 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\1383147_479721378792752_1003138717_n.jpg.uid-zps
2013-10-15 13:19 - 2013-10-15 13:19 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\280658-original1-riet6 (1).jpg.uid-zps
2013-10-14 19:33 - 2013-05-05 16:37 - 00002347 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2013-10-13 16:57 - 2013-08-09 11:20 - 00000000 ____D C:\Program Files\Chit Chat For Facebook
2013-10-13 16:57 - 2013-05-05 16:50 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-10-13 11:04 - 2013-10-13 11:04 - 00000110 ____H C:\Documents and Settings\Martin\Plocha\267006_107456202685940_2917902_o.jpg.uid-zps
2013-10-12 15:49 - 2013-10-12 15:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini101213-01.dmp
2013-10-12 15:27 - 2013-05-05 15:38 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2013-10-12 15:27 - 2013-05-05 15:25 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-10-12 15:26 - 2013-05-05 15:06 - 00000000 ____D C:\Program Files\REALTEK
2013-10-12 15:04 - 2013-06-10 10:19 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\Mp3tag
2013-10-12 14:36 - 2013-10-12 14:36 - 00000570 _____ C:\Documents and Settings\Martin\Plocha\Zástupce - Vydaje.lnk
2013-10-12 14:36 - 2013-10-12 14:36 - 00000562 _____ C:\Documents and Settings\Martin\Plocha\Zástupce - Mzda.lnk
2013-10-12 11:18 - 2013-05-05 15:03 - 00000000 ___RD C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění
2013-10-12 11:17 - 2013-06-07 00:41 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\Winamp
2013-10-12 11:11 - 2013-06-20 14:58 - 00000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\Facebook
2013-10-12 08:14 - 2013-10-12 08:14 - 00135151 _____ C:\test.txt
2013-10-12 08:13 - 2013-10-12 08:12 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Chit Chat For Facebook
2013-10-12 08:12 - 2013-10-12 08:12 - 00000000 ____D C:\Documents and Settings\Martin\Data aplikací\EurekaLog
2013-10-12 08:06 - 2013-05-05 15:41 - 00000000 __SHD C:\Documents and Settings\Martin\UserData

Some content of TEMP:
====================
C:\Documents and Settings\Martin\Local Settings\temp\CCFFacebookSetup-v1.52.exe
C:\Documents and Settings\Martin\Local Settings\temp\FreemakeAudioConverter_1.1.0.48.exe
C:\Documents and Settings\Martin\Local Settings\temp\FreemakeVideoDownloader_3.5.4.0.exe
C:\Documents and Settings\Martin\Local Settings\temp\FreemakeYoutubeMp3Converter_3.5.4.0.exe
C:\Documents and Settings\Martin\Local Settings\temp\installapi.exe
C:\Documents and Settings\Martin\Local Settings\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2006-03-02 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2006-03-02 13:00] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 13:00] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System) (Fixed) (Total:45.3 GB) (Free:28.52 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Dokumenty) (Fixed) (Total:13.3 GB) (Free:5.85 GB) NTFS
Drive e: (Data) (Fixed) (Total:130 GB) (Free:79.55 GB) NTFS

Available physical RAM: 2782.89 MB
Total physical RAM: 3519.48 MB
Percentage of memory in use: 20%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 233 GB) (Disk ID: 062F062F)
Partition 1: (Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=174 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Martin\Plocha" je 1 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
C:\Documents and Settings\Martin\Data aplikac\ICQM\icq.exe -CU [x]


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
ose REG_DWORD 0x2
AdobeFlashPlayerUpdateSvc REG_DWORD 0x3

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"="C:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe:*:Enabled:RtWlan"
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"="C:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe:*:Enabled:Daemonu.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"="C:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Maxthon\\Bin\\Maxthon.exe"="C:\\Program Files\\Maxthon\\Bin\\Maxthon.exe:*:Enabled:Maxthon"
"C:\\Program Files\\Maxthon\\Bin\\MxUp.exe"="C:\\Program Files\\Maxthon\\Bin\\MxUp.exe:*:Enabled:MxUp"
"C:\\WINDOWS\\KMSEmulator.exe"="C:\\WINDOWS\\KMSEmulator.exe:*:Enabled:KMSEmulator"
"C:\\Documents and Settings\\Martin\\Data aplikac\\ICQM\\icq.exe"="C:\\Documents and Settings\\Martin\\Data aplikac\\ICQM\\icq.exe:*:Enabled:ICQ"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP"="1542:TCP:*:Enabled:Realtek WPS TCP Prot"
"1542:UDP"="1542:UDP:*:Enabled:Realtek WPS UDP Prot"
"53:UDP"="53:UDP:*:Enabled:Realtek AP UDP Prot"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[Roli]

Zdravím, copak uděláme s tím nelegálním produktem od Microsoftu ?

[ras099]

???

[Roli]

???

Máš tam crack na Windows nebo Office.

[ras099]

Nemám nainastalovaný ani nelegální Office ani Windows. Co mám dělat s tím crackem?

[Roli]

Nemám nainastalovaný ani nelegální Office ani Windows. Co mám dělat s tím crackem?

No co smažem ho.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\ComboFix
C:\\WINDOWS\\KMSEmulator.exe

:services
catchme

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\KMSEmulator.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


Pak použij Mbam z mého podpisu a také mi sem z něj dej log, předem nic nemazat !

[ras099]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\ComboFix not found.
File/Folder C:\\WINDOWS\\KMSEmulator.exe not found.
========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\WINDOWS\\KMSEmulator.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Martin
->Temp folder emptied: 555635493 bytes
->Temporary Internet Files folder emptied: 15439081 bytes
->FireFox cache emptied: 382347276 bytes
->Google Chrome cache emptied: 287968275 bytes
->Flash cache emptied: 4627 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 184,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11132013_184437

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[ras099]

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.11.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Martin :: MARTINRASZKA-PC [administrátor]

13.11.2013 19:01:15
MBAM-log-2013-11-13 (20-29-53).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 78218
Uplynulý čas: 1 hodin, 23 minut, 1 sekund [přerušeno]

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Documents and Settings\Martin\Dokumenty\Stažené soubory\bsplayer265.1074.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\AutoKMS.exe (Riskware.Keygen) -> Nebyla provedena žádná instrukce.
E:\Programy\Prehravace\bsplayer-setup.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.

(konec)

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Vše co Mbam našel nech smazat a pak mi sem dej zase log.

[ras099]

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.11.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Martin :: MARTINRASZKA-PC [administrátor]

14.11.2013 18:16:58
mbam-log-2013-11-14 (18-16-58).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 270222
Uplynulý čas: 9 minut,

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\WINDOWS\AutoKMS.exe (Riskware.Keygen) -> Přesun do karantény a smazání se zdařilo.

(konec)

[Roli]

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[ras099]

ComboFix 13-11-12.01 - Martin 14.11.2013 20:05:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3519.3001 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-14 do 2013-11-14 )))))))))))))))))))))))))))))))
.
.
2013-11-13 17:56 . 2013-11-13 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-13 17:56 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-31 10:20 . 2013-10-31 13:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-10-26 17:06 . 2013-10-26 17:14 -------- d-----w- c:\documents and settings\Martin\Data aplikací\ICQ-Profile
2013-10-26 17:06 . 2013-10-26 17:06 -------- d-----w- c:\documents and settings\Martin\Data aplikací\ICQM
2013-10-26 17:06 . 2013-10-26 17:06 -------- d-----w- c:\program files\ICQM
2013-10-20 07:16 . 2013-11-06 18:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-10-19 19:18 . 2013-10-19 19:20 -------- d-----w- c:\documents and settings\Martin\Local Settings\Data aplikací\VDownloader
2013-10-19 19:18 . 2013-10-19 19:18 -------- d-----w- c:\documents and settings\Martin\Data aplikací\VDownloader
2013-10-19 19:18 . 2013-10-19 19:18 -------- d-----w- c:\program files\WinPcap
2013-10-19 19:17 . 2010-01-26 09:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2013-10-19 19:17 . 2013-10-19 19:17 -------- d-----w- C:\ProgramData
2013-10-19 19:17 . 2013-10-19 19:18 -------- d-----w- c:\program files\VDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-25 09:41 . 2013-09-25 09:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-25 09:41 . 2013-09-25 09:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-25 09:41 . 2013-05-12 01:48 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-25 09:41 . 2013-05-12 01:48 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-30 07:48 . 2013-05-05 15:19 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-05 15:19 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-05 15:19 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-05 15:19 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2013-05-05 15:19 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-05 15:19 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-05 15:19 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-05 15:19 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-05 15:19 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-05 15:19 229648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2013-02-18 774168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-21 15517984]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-22 1982312]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe /H [2013-6-27 1044480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
2013-10-26 17:06 29919576 ----a-w- c:\documents and settings\Martin\Data aplikací\ICQM\icq.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Documents and Settings\\Martin\\Data aplikací\\ICQM\\icq.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [5.5.2013 16:19 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [5.5.2013 16:19 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2013 16:19 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.5.2013 16:19 369584]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [20.7.2013 20:39 22560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.5.2013 16:19 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5.5.2013 16:19 66336]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [25.9.2013 23:28 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.11.2013 18:56 22856]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [27.1.2010 3:09 50704]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtwlanu.sys [27.6.2013 10:17 904680]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.11.2013 18:56 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtwlanu.sys [27.6.2013 10:17 904680]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-05 07:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\49rnlpde.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - ExtSQL: 2013-10-20 09:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\49rnlpde.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-14 20:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3960)
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2013-11-14 20:12:10
ComboFix-quarantined-files.txt 2013-11-14 19:12
.
Před spuštěním: Volných bajtů: 30 917 599 232
Po spuštění: Volných bajtů: 30 903 308 288
.
- - End Of File - - 6AB69B01F7ED2442E49F1215B218369D
413FC2A0C716421B3158746D63736515

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[ras099]

Díky moc. Vypatá to, že počítač je v pořádku .

[Roli]

Není zač a