vytížení CPU 100%

Zpráva

Verulina · #1 Příspěvek od **Verulina** » 25 úno 2014 21:37

Doíbrý den, prosím o pomoc s problémem vysokého vytížení CPU, pc se velmi zpomalil, přehrávané video se neustále zasekává, otevírané aplikace se dlouho načítají, po otevření Chrome vyskočí CPU na 100% a pc téměř zamrzne. PC vyčištěn CC Cleanrem, Malwarebytes Anti-Malware nic nenašel.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by Jiří Žák (administrator) on DFQ352L1 on 25-02-2014 21:33:43
Running from C:\Documents and Settings\Jiří Žák\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\PersistenceThread.exe
(Dell) C:\Program Files\WSED\WSED.exe
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [488960 2009-05-26] (ELAN Microelectronic Corp.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [17529856 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PersistenceThread] - C:\WINDOWS\system32\PersistenceThread.exe [96792 2009-07-06] (Intel Corporation)
HKLM\...\Run: [WSED] - C:\Program Files\WSED\WSED.exe [247080 2009-05-27] (Dell)
HKLM\...\Run: [BTMeter] - C:\Program Files\Battery Meter\BTMeter.exe [623984 2009-07-22] (Dell)
HKLM\...\Run: [CapsLKNotify] - C:\Program Files\CapsLKNotify\CapsLKNotify.exe [320808 2009-03-18] (Compal Electronics, Inc)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll ()
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1709672725-1700433170-3794135092-1006\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... F9D027EFAC
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60049
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\crawlersrch.bak
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
FF Extension: Seznam lištička - C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2012-09-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-05]
CHR Extension: (Disk Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-05] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-03-30] (Creative)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1950976 2009-02-18] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2009-02-10] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2009-02-10] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-02-10] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2009-02-10] (Broadcom Corporation.)
R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2009-02-10] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-02-10] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 EMSC; C:\WINDOWS\System32\DRIVERS\EMSC.SYS [14248 2008-11-05] (Windows (R) Codename Longhorn DDK provider)
R3 ETD; C:\WINDOWS\System32\DRIVERS\ETD.sys [93952 2009-05-26] (ELAN Microelectronic Corp.)
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5097632 2009-06-25] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-03-30] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 OA012Afx; C:\WINDOWS\system32\Drivers\OA012Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA012Ufd; C:\WINDOWS\System32\DRIVERS\OA012Ufd.sys [133472 2008-11-26] (Creative Technology Ltd.)
R3 OA012Vid; C:\WINDOWS\System32\DRIVERS\OA012Vid.sys [271328 2009-01-14] (Creative Technology Ltd.)
R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-12-23] (Realtek Semiconductor Corp.)
R3 catchme; \??\C:\DOCUME~1\JIK~1\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr;
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-25 21:27 - 2014-02-25 21:33 - 00013938 _____ () C:\Documents and Settings\Jiří Žák\Plocha\FRST.txt
2014-02-25 21:26 - 2014-02-25 21:33 - 00000000 ____D () C:\FRST
2014-02-25 21:26 - 2014-02-25 21:26 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
2014-02-25 21:25 - 2014-02-25 21:25 - 01144320 _____ (Farbar) C:\Documents and Settings\Jiří Žák\Plocha\FRST.exe
2014-02-25 20:52 - 2014-02-25 20:52 - 00000786 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-25 17:33 - 2014-02-25 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-02-25 17:24 - 2014-02-25 17:24 - 00011091 _____ () C:\ComboFix.txt
2014-02-25 00:13 - 2014-02-25 00:13 - 00000348 _____ () C:\WINDOWS\spupdsvc.log
2014-02-25 00:12 - 2014-02-25 00:12 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-25 00:12 - 2014-02-25 00:12 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-25 00:11 - 2014-02-25 00:12 - 00026906 _____ () C:\WINDOWS\setupapi.log
2014-02-25 00:11 - 2014-02-25 00:11 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-24 23:58 - 2014-02-24 23:58 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 23:57 - 2014-02-25 17:24 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ___RD () C:\Program Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-02-24 23:53 - 2014-02-24 23:53 - 00000957 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
2014-02-24 23:53 - 2014-02-24 23:53 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909921$
2014-02-24 23:27 - 2014-02-24 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-24 22:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-24 22:51 - 2014-02-24 22:51 - 00000000 _RSHD () C:\cmdcons
2014-02-24 22:51 - 2009-12-11 11:52 - 00000211 _____ () C:\Boot.bak
2014-02-24 22:51 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2014-02-24 22:29 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-24 22:29 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-24 22:27 - 2014-02-16 20:52 - 00000426 _____ () C:\AVScanner.ini
2014-02-24 22:25 - 2014-02-25 17:24 - 00000000 ____D () C:\Qoobox
2014-02-24 22:25 - 2014-02-24 23:03 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-24 22:10 - 2014-02-24 22:10 - 00000000 ____D () C:\ce79b8cfec5276ce60e345e22a1242
2014-02-23 20:59 - 2014-02-23 20:59 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-08 19:21 - 2014-02-25 20:58 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-08 19:21 - 2014-02-23 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

==================== One Month Modified Files and Folders =======

2014-02-25 21:33 - 2014-02-25 21:27 - 00013938 _____ () C:\Documents and Settings\Jiří Žák\Plocha\FRST.txt
2014-02-25 21:33 - 2014-02-25 21:26 - 00000000 ____D () C:\FRST
2014-02-25 21:33 - 2010-03-02 19:13 - 03114577 _____ () C:\WINDOWS\pfirewall.log
2014-02-25 21:33 - 2009-12-11 11:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Plocha
2014-02-25 21:29 - 2009-12-11 11:52 - 00000000 ___HD () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací
2014-02-25 21:26 - 2014-02-25 21:26 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
2014-02-25 21:25 - 2014-02-25 21:25 - 01144320 _____ (Farbar) C:\Documents and Settings\Jiří Žák\Plocha\FRST.exe
2014-02-25 21:14 - 2010-08-04 19:48 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 21:14 - 2010-08-04 19:48 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 20:58 - 2014-02-08 19:21 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-25 20:52 - 2014-02-25 20:52 - 00000786 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2009-12-11 11:52 - 00000000 __RHD () C:\Documents and Settings\Jiří Žák\Data aplikací
2014-02-25 20:52 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-02-25 20:52 - 2008-05-08 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-02-25 20:52 - 2008-05-08 13:18 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-02-25 20:50 - 2010-08-04 19:49 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Skype
2014-02-25 18:14 - 2008-05-09 01:28 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-25 17:33 - 2014-02-25 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-02-25 17:24 - 2014-02-25 17:24 - 00011091 _____ () C:\ComboFix.txt
2014-02-25 17:24 - 2014-02-24 23:57 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-02-25 17:24 - 2014-02-24 22:25 - 00000000 ____D () C:\Qoobox
2014-02-25 17:24 - 2008-05-09 01:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-25 17:24 - 2008-05-09 01:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-25 17:22 - 2008-05-08 20:13 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-25 03:03 - 2008-05-09 01:25 - 01277918 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-25 00:34 - 2008-05-08 20:13 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-25 00:27 - 2008-05-09 01:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-25 00:13 - 2014-02-25 00:13 - 00000348 _____ () C:\WINDOWS\spupdsvc.log
2014-02-25 00:12 - 2014-02-25 00:12 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-25 00:12 - 2014-02-25 00:12 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-25 00:12 - 2014-02-25 00:11 - 00026906 _____ () C:\WINDOWS\setupapi.log
2014-02-25 00:11 - 2014-02-25 00:11 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-25 00:03 - 2009-12-11 11:52 - 00000000 ___RD () C:\Documents and Settings\Jiří Žák\Dokumenty
2014-02-24 23:58 - 2014-02-24 23:58 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ___RD () C:\Program Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-02-24 23:57 - 2010-08-04 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-02-24 23:53 - 2014-02-24 23:53 - 00000957 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
2014-02-24 23:53 - 2014-02-24 23:53 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-24 23:35 - 2009-12-11 23:12 - 00000000 ___SD () C:\Documents and Settings\Jiří Žák\UserData
2014-02-24 23:35 - 2009-12-11 11:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák
2014-02-24 23:33 - 2008-05-08 13:21 - 00000157 ____N () C:\WINDOWS\wiadebug.log
2014-02-24 23:33 - 2008-05-08 13:21 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909921$
2014-02-24 23:27 - 2014-02-24 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-24 23:22 - 2008-05-08 13:19 - 01020096 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-24 23:17 - 2009-12-11 11:52 - 00000178 ___SH () C:\Documents and Settings\Jiří Žák\ntuser.ini
2014-02-24 23:03 - 2014-02-24 22:25 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-24 22:51 - 2014-02-24 22:51 - 00000000 _RSHD () C:\cmdcons
2014-02-24 22:51 - 2008-05-08 20:13 - 00000327 __RSH () C:\boot.ini
2014-02-24 22:49 - 2012-11-24 20:46 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Seznam.cz
2014-02-24 22:48 - 2011-10-04 19:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-24 22:47 - 2009-12-03 04:13 - 00000000 ____D () C:\Program Files\Creative
2014-02-24 22:47 - 2009-12-03 04:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-24 22:47 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-02-24 22:44 - 2011-02-03 18:33 - 00001912 _____ () C:\WINDOWS\epplauncher.mif
2014-02-24 22:37 - 2009-12-03 04:04 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-02-24 22:27 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-02-24 22:10 - 2014-02-24 22:10 - 00000000 ____D () C:\ce79b8cfec5276ce60e345e22a1242
2014-02-24 22:10 - 2013-07-29 09:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-24 22:09 - 2010-03-11 08:06 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Media Player Classic
2014-02-24 18:27 - 2009-12-24 20:10 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-23 20:59 - 2014-02-23 20:59 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-23 20:59 - 2014-02-08 19:21 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-23 20:59 - 2011-08-13 12:13 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-23 20:07 - 2010-11-15 18:22 - 00002280 _____ () C:\Documents and Settings\Jiří Žák\Plocha\Google Chrome.lnk
2014-02-16 20:52 - 2014-02-24 22:27 - 00000426 _____ () C:\AVScanner.ini
2014-02-04 05:49 - 2011-06-22 05:52 - 00852992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-04 05:49 - 2011-06-21 19:18 - 00037888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-04 05:49 - 2010-11-05 06:02 - 00532480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-04 05:49 - 2010-09-09 15:23 - 00450048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-04 05:49 - 2010-03-10 05:43 - 01025024 ____C (Společnost Microsoft) C:\WINDOWS\system32\dllcache\browseui.dll
2014-02-04 05:49 - 2010-02-26 06:43 - 00251904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 03115520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 01510912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shdocvw.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00669696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00628224 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2014-02-04 05:49 - 2009-10-29 06:26 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdc.ocx
2014-02-04 05:49 - 2008-05-08 20:13 - 01510912 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-02-04 05:49 - 2008-05-08 20:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 03115520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 01025024 _____ (Společnost Microsoft) C:\WINDOWS\system32\browseui.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-02-04 05:48 - 2008-05-08 20:12 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-05-08 20:12] - [2008-04-14 13:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2008-05-08 20:13] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2008-05-08 20:13] - [2008-04-14 13:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-05-08 20:13] - [2008-04-14 13:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

==================== End Of Log ============================

#2 Příspěvek od **Rudy** » 25 úno 2014 21:57

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Verulina · #3 Příspěvek od **Verulina** » 25 úno 2014 22:11

# AdwCleaner v3.019 - Report created 25/02/2014 at 22:03:53
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jiří Žák - DFQ352L1
# Running from : C:\Documents and Settings\Jiří Žák\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
File Deleted : C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2577 octets] - [25/02/2014 21:59:11]
AdwCleaner[S0].txt - [2532 octets] - [25/02/2014 22:03:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2592 octets] ##########

#4 Příspěvek od **Rudy** » 25 úno 2014 22:35

Dejte nový log FRST.

Verulina · #5 Příspěvek od **Verulina** » 25 úno 2014 22:44

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by Jiří Žák (administrator) on DFQ352L1 on 25-02-2014 22:42:17
Running from C:\Documents and Settings\Jiří Žák\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\PersistenceThread.exe
(Dell) C:\Program Files\WSED\WSED.exe
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Compal Electronics, Inc) C:\Program Files\CapsLKNotify\CapsLKNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [488960 2009-05-26] (ELAN Microelectronic Corp.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [17529856 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PersistenceThread] - C:\WINDOWS\system32\PersistenceThread.exe [96792 2009-07-06] (Intel Corporation)
HKLM\...\Run: [WSED] - C:\Program Files\WSED\WSED.exe [247080 2009-05-27] (Dell)
HKLM\...\Run: [BTMeter] - C:\Program Files\Battery Meter\BTMeter.exe [623984 2009-07-22] (Dell)
HKLM\...\Run: [CapsLKNotify] - C:\Program Files\CapsLKNotify\CapsLKNotify.exe [320808 2009-03-18] (Compal Electronics, Inc)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll ()
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1709672725-1700433170-3794135092-1006\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\crawlersrch.bak
FF Extension: Seznam lištička - C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2012-09-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-05]
CHR Extension: (Disk Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-05] (Oracle Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-03-30] (Creative)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1950976 2009-02-18] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2009-02-10] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2009-02-10] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-02-10] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2009-02-10] (Broadcom Corporation.)
R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2009-02-10] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-02-10] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 EMSC; C:\WINDOWS\System32\DRIVERS\EMSC.SYS [14248 2008-11-05] (Windows (R) Codename Longhorn DDK provider)
R3 ETD; C:\WINDOWS\System32\DRIVERS\ETD.sys [93952 2009-05-26] (ELAN Microelectronic Corp.)
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5097632 2009-06-25] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-03-30] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 OA012Afx; C:\WINDOWS\system32\Drivers\OA012Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA012Ufd; C:\WINDOWS\System32\DRIVERS\OA012Ufd.sys [133472 2008-11-26] (Creative Technology Ltd.)
R3 OA012Vid; C:\WINDOWS\System32\DRIVERS\OA012Vid.sys [271328 2009-01-14] (Creative Technology Ltd.)
R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-12-23] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\DOCUME~1\JIK~1\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-25 22:42 - 2014-02-25 22:42 - 00015327 _____ () C:\Documents and Settings\Jiří Žák\Plocha\LM.bat
2014-02-25 22:42 - 2014-02-25 22:42 - 00012562 _____ () C:\Documents and Settings\Jiří Žák\Plocha\FRST.txt
2014-02-25 22:41 - 2014-02-25 22:42 - 00029696 _____ () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\MSGBOX.EXE
2014-02-25 21:59 - 2014-02-25 22:04 - 00000000 ____D () C:\AdwCleaner
2014-02-25 21:58 - 2014-02-25 21:58 - 01241834 _____ () C:\Documents and Settings\Jiří Žák\Plocha\adwcleaner.exe
2014-02-25 21:38 - 2014-02-25 21:38 - 00009637 _____ () C:\Documents and Settings\Jiří Žák\Plocha\Addition.zip
2014-02-25 21:26 - 2014-02-25 22:42 - 00000000 ____D () C:\FRST
2014-02-25 21:26 - 2014-02-25 21:26 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
2014-02-25 21:25 - 2014-02-25 21:25 - 01144320 _____ (Farbar) C:\Documents and Settings\Jiří Žák\Plocha\FRST.exe
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-25 17:33 - 2014-02-25 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-02-25 17:24 - 2014-02-25 17:24 - 00011091 _____ () C:\ComboFix.txt
2014-02-24 23:58 - 2014-02-24 23:58 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 23:57 - 2014-02-25 22:38 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ___RD () C:\Program Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-02-24 23:53 - 2014-02-24 23:53 - 00000957 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
2014-02-24 23:53 - 2014-02-24 23:53 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909921$
2014-02-24 23:27 - 2014-02-24 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-24 22:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-24 22:51 - 2014-02-24 22:51 - 00000000 _RSHD () C:\cmdcons
2014-02-24 22:51 - 2009-12-11 11:52 - 00000211 _____ () C:\Boot.bak
2014-02-24 22:51 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2014-02-24 22:29 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-24 22:29 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-24 22:27 - 2014-02-16 20:52 - 00000426 _____ () C:\AVScanner.ini
2014-02-24 22:25 - 2014-02-25 17:24 - 00000000 ____D () C:\Qoobox
2014-02-24 22:25 - 2014-02-24 23:03 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-24 22:10 - 2014-02-24 22:10 - 00000000 ____D () C:\ce79b8cfec5276ce60e345e22a1242
2014-02-23 20:59 - 2014-02-23 20:59 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-08 19:21 - 2014-02-25 21:58 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-08 19:21 - 2014-02-23 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

==================== One Month Modified Files and Folders =======

2014-02-25 22:42 - 2014-02-25 22:42 - 00015327 _____ () C:\Documents and Settings\Jiří Žák\Plocha\LM.bat
2014-02-25 22:42 - 2014-02-25 22:42 - 00012562 _____ () C:\Documents and Settings\Jiří Žák\Plocha\FRST.txt
2014-02-25 22:42 - 2014-02-25 22:41 - 00029696 _____ () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\MSGBOX.EXE
2014-02-25 22:42 - 2014-02-25 21:26 - 00000000 ____D () C:\FRST
2014-02-25 22:42 - 2010-03-02 19:13 - 03374855 _____ () C:\WINDOWS\pfirewall.log
2014-02-25 22:42 - 2009-12-11 11:52 - 00000000 ___HD () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací
2014-02-25 22:42 - 2009-12-11 11:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Plocha
2014-02-25 22:38 - 2014-02-24 23:57 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-02-25 22:37 - 2009-12-11 23:12 - 00000000 ___SD () C:\Documents and Settings\Jiří Žák\UserData
2014-02-25 22:37 - 2009-12-11 11:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák
2014-02-25 22:36 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-02-25 22:36 - 2008-05-08 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-02-25 22:35 - 2010-08-04 19:49 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Skype
2014-02-25 22:35 - 2008-05-09 01:25 - 01316273 ____N () C:\WINDOWS\WindowsUpdate.log
2014-02-25 22:34 - 2010-08-04 19:48 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 22:34 - 2008-05-09 01:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-25 22:34 - 2008-05-08 13:21 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-02-25 22:34 - 2008-05-08 13:21 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-02-25 22:27 - 2009-12-11 11:52 - 00000178 ___SH () C:\Documents and Settings\Jiří Žák\ntuser.ini
2014-02-25 22:27 - 2008-05-09 01:28 - 00032628 ____N () C:\WINDOWS\SchedLgU.Txt
2014-02-25 22:27 - 2008-05-08 13:19 - 01061488 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-25 22:14 - 2010-08-04 19:48 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 22:04 - 2014-02-25 21:59 - 00000000 ____D () C:\AdwCleaner
2014-02-25 22:03 - 2008-05-08 13:18 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-02-25 21:58 - 2014-02-25 21:58 - 01241834 _____ () C:\Documents and Settings\Jiří Žák\Plocha\adwcleaner.exe
2014-02-25 21:58 - 2014-02-08 19:21 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-25 21:38 - 2014-02-25 21:38 - 00009637 _____ () C:\Documents and Settings\Jiří Žák\Plocha\Addition.zip
2014-02-25 21:26 - 2014-02-25 21:26 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
2014-02-25 21:25 - 2014-02-25 21:25 - 01144320 _____ (Farbar) C:\Documents and Settings\Jiří Žák\Plocha\FRST.exe
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2009-12-11 11:52 - 00000000 __RHD () C:\Documents and Settings\Jiří Žák\Data aplikací
2014-02-25 17:33 - 2014-02-25 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-02-25 17:24 - 2014-02-25 17:24 - 00011091 _____ () C:\ComboFix.txt
2014-02-25 17:24 - 2014-02-24 22:25 - 00000000 ____D () C:\Qoobox
2014-02-25 17:24 - 2008-05-09 01:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-25 17:22 - 2008-05-08 20:13 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-25 00:34 - 2008-05-08 20:13 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-25 00:27 - 2008-05-09 01:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-25 00:03 - 2009-12-11 11:52 - 00000000 ___RD () C:\Documents and Settings\Jiří Žák\Dokumenty
2014-02-24 23:58 - 2014-02-24 23:58 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ___RD () C:\Program Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-02-24 23:57 - 2010-08-04 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-02-24 23:53 - 2014-02-24 23:53 - 00000957 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
2014-02-24 23:53 - 2014-02-24 23:53 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909921$
2014-02-24 23:27 - 2014-02-24 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-24 23:03 - 2014-02-24 22:25 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-24 22:51 - 2014-02-24 22:51 - 00000000 _RSHD () C:\cmdcons
2014-02-24 22:51 - 2008-05-08 20:13 - 00000327 __RSH () C:\boot.ini
2014-02-24 22:49 - 2012-11-24 20:46 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Seznam.cz
2014-02-24 22:48 - 2011-10-04 19:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-24 22:47 - 2009-12-03 04:13 - 00000000 ____D () C:\Program Files\Creative
2014-02-24 22:47 - 2009-12-03 04:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-24 22:47 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-02-24 22:44 - 2011-02-03 18:33 - 00001912 _____ () C:\WINDOWS\epplauncher.mif
2014-02-24 22:37 - 2009-12-03 04:04 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-02-24 22:27 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-02-24 22:10 - 2014-02-24 22:10 - 00000000 ____D () C:\ce79b8cfec5276ce60e345e22a1242
2014-02-24 22:10 - 2013-07-29 09:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-24 22:09 - 2010-03-11 08:06 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Media Player Classic
2014-02-24 18:27 - 2009-12-24 20:10 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-23 20:59 - 2014-02-23 20:59 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-23 20:59 - 2014-02-08 19:21 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-23 20:59 - 2011-08-13 12:13 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-23 20:07 - 2010-11-15 18:22 - 00002280 _____ () C:\Documents and Settings\Jiří Žák\Plocha\Google Chrome.lnk
2014-02-16 20:52 - 2014-02-24 22:27 - 00000426 _____ () C:\AVScanner.ini
2014-02-04 05:49 - 2011-06-22 05:52 - 00852992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-04 05:49 - 2011-06-21 19:18 - 00037888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-04 05:49 - 2010-11-05 06:02 - 00532480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-04 05:49 - 2010-09-09 15:23 - 00450048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-04 05:49 - 2010-03-10 05:43 - 01025024 ____C (Společnost Microsoft) C:\WINDOWS\system32\dllcache\browseui.dll
2014-02-04 05:49 - 2010-02-26 06:43 - 00251904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 03115520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 01510912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shdocvw.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00669696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00628224 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2014-02-04 05:49 - 2009-10-29 06:26 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdc.ocx
2014-02-04 05:49 - 2008-05-08 20:13 - 01510912 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-02-04 05:49 - 2008-05-08 20:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 03115520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 01025024 _____ (Společnost Microsoft) C:\WINDOWS\system32\browseui.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-02-04 05:48 - 2008-05-08 20:12 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

Some content of TEMP:
====================
C:\Documents and Settings\Jiří Žák\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-05-08 20:12] - [2008-04-14 13:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2008-05-08 20:13] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2008-05-08 20:13] - [2008-04-14 13:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-05-08 20:13] - [2008-04-14 13:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

==================== End Of Log ============================

#6 Příspěvek od **Rudy** » 25 úno 2014 22:55

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\crawlersrch.bak
C:\Documents and Settings\Jiří Žák\Local Settings\temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Verulina · #7 Příspěvek od **Verulina** » 25 úno 2014 22:59

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by Jiří Žák (administrator) on DFQ352L1 on 25-02-2014 22:58:11
Running from C:\Documents and Settings\Jiří Žák\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\PersistenceThread.exe
(Dell) C:\Program Files\WSED\WSED.exe
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Compal Electronics, Inc) C:\Program Files\CapsLKNotify\CapsLKNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Adobe Systems Incorporated) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [488960 2009-05-26] (ELAN Microelectronic Corp.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [17529856 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PersistenceThread] - C:\WINDOWS\system32\PersistenceThread.exe [96792 2009-07-06] (Intel Corporation)
HKLM\...\Run: [WSED] - C:\Program Files\WSED\WSED.exe [247080 2009-05-27] (Dell)
HKLM\...\Run: [BTMeter] - C:\Program Files\Battery Meter\BTMeter.exe [623984 2009-07-22] (Dell)
HKLM\...\Run: [CapsLKNotify] - C:\Program Files\CapsLKNotify\CapsLKNotify.exe [320808 2009-03-18] (Compal Electronics, Inc)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll ()
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1709672725-1700433170-3794135092-1006\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\crawlersrch.bak
FF Extension: Seznam lištička - C:\Documents and Settings\Jiří Žák\Data aplikací\Mozilla\Firefox\Profiles\drkgewjk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2012-09-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-05]
CHR Extension: (Disk Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-05] (Oracle Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-03-30] (Creative)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1950976 2009-02-18] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2009-02-10] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2009-02-10] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-02-10] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2009-02-10] (Broadcom Corporation.)
R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2009-02-10] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-02-10] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 EMSC; C:\WINDOWS\System32\DRIVERS\EMSC.SYS [14248 2008-11-05] (Windows (R) Codename Longhorn DDK provider)
R3 ETD; C:\WINDOWS\System32\DRIVERS\ETD.sys [93952 2009-05-26] (ELAN Microelectronic Corp.)
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5097632 2009-06-25] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-03-30] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 OA012Afx; C:\WINDOWS\system32\Drivers\OA012Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA012Ufd; C:\WINDOWS\System32\DRIVERS\OA012Ufd.sys [133472 2008-11-26] (Creative Technology Ltd.)
R3 OA012Vid; C:\WINDOWS\System32\DRIVERS\OA012Vid.sys [271328 2009-01-14] (Creative Technology Ltd.)
R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-12-23] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\DOCUME~1\JIK~1\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-25 22:57 - 2014-02-25 22:57 - 00029696 _____ () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\MSGBOX.EXE
2014-02-25 22:57 - 2014-02-25 22:57 - 00015327 _____ () C:\Documents and Settings\Jiří Žák\Plocha\LM.bat
2014-02-25 22:57 - 2014-02-25 22:57 - 00000285 _____ () C:\Documents and Settings\Jiří Žák\Plocha\fixlist.txt
2014-02-25 22:42 - 2014-02-25 22:58 - 00012656 _____ () C:\Documents and Settings\Jiří Žák\Plocha\FRST.txt
2014-02-25 21:59 - 2014-02-25 22:04 - 00000000 ____D () C:\AdwCleaner
2014-02-25 21:58 - 2014-02-25 21:58 - 01241834 _____ () C:\Documents and Settings\Jiří Žák\Plocha\adwcleaner.exe
2014-02-25 21:38 - 2014-02-25 21:38 - 00009637 _____ () C:\Documents and Settings\Jiří Žák\Plocha\Addition.zip
2014-02-25 21:26 - 2014-02-25 22:43 - 00000000 ____D () C:\FRST
2014-02-25 21:26 - 2014-02-25 21:26 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
2014-02-25 21:25 - 2014-02-25 21:25 - 01144320 _____ (Farbar) C:\Documents and Settings\Jiří Žák\Plocha\FRST.exe
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-25 17:33 - 2014-02-25 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-02-25 17:24 - 2014-02-25 17:24 - 00011091 _____ () C:\ComboFix.txt
2014-02-24 23:58 - 2014-02-24 23:58 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 23:57 - 2014-02-25 22:38 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ___RD () C:\Program Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-02-24 23:53 - 2014-02-24 23:53 - 00000957 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
2014-02-24 23:53 - 2014-02-24 23:53 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909921$
2014-02-24 23:27 - 2014-02-24 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-24 22:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-24 22:51 - 2014-02-24 22:51 - 00000000 _RSHD () C:\cmdcons
2014-02-24 22:51 - 2009-12-11 11:52 - 00000211 _____ () C:\Boot.bak
2014-02-24 22:51 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2014-02-24 22:29 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-24 22:29 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-24 22:29 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-24 22:27 - 2014-02-16 20:52 - 00000426 _____ () C:\AVScanner.ini
2014-02-24 22:25 - 2014-02-25 17:24 - 00000000 ____D () C:\Qoobox
2014-02-24 22:25 - 2014-02-24 23:03 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-24 22:10 - 2014-02-24 22:10 - 00000000 ____D () C:\ce79b8cfec5276ce60e345e22a1242
2014-02-23 20:59 - 2014-02-23 20:59 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-08 19:21 - 2014-02-25 22:58 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-08 19:21 - 2014-02-23 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

==================== One Month Modified Files and Folders =======

2014-02-25 22:58 - 2014-02-25 22:42 - 00012656 _____ () C:\Documents and Settings\Jiří Žák\Plocha\FRST.txt
2014-02-25 22:58 - 2014-02-08 19:21 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-25 22:58 - 2010-03-02 19:13 - 03440963 _____ () C:\WINDOWS\pfirewall.log
2014-02-25 22:58 - 2009-12-11 11:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Plocha
2014-02-25 22:57 - 2014-02-25 22:57 - 00029696 _____ () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\MSGBOX.EXE
2014-02-25 22:57 - 2014-02-25 22:57 - 00015327 _____ () C:\Documents and Settings\Jiří Žák\Plocha\LM.bat
2014-02-25 22:57 - 2014-02-25 22:57 - 00000285 _____ () C:\Documents and Settings\Jiří Žák\Plocha\fixlist.txt
2014-02-25 22:57 - 2009-12-11 11:52 - 00000000 ___HD () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací
2014-02-25 22:43 - 2014-02-25 21:26 - 00000000 ____D () C:\FRST
2014-02-25 22:38 - 2014-02-24 23:57 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-02-25 22:37 - 2009-12-11 23:12 - 00000000 ___SD () C:\Documents and Settings\Jiří Žák\UserData
2014-02-25 22:37 - 2009-12-11 11:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák
2014-02-25 22:36 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-02-25 22:36 - 2008-05-08 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-02-25 22:36 - 2008-05-08 13:18 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-02-25 22:35 - 2010-08-04 19:49 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Skype
2014-02-25 22:35 - 2008-05-09 01:25 - 01316273 ____N () C:\WINDOWS\WindowsUpdate.log
2014-02-25 22:34 - 2010-08-04 19:48 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 22:34 - 2008-05-09 01:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-25 22:34 - 2008-05-08 13:21 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-02-25 22:34 - 2008-05-08 13:21 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-02-25 22:27 - 2009-12-11 11:52 - 00000178 ___SH () C:\Documents and Settings\Jiří Žák\ntuser.ini
2014-02-25 22:27 - 2008-05-09 01:28 - 00032628 ____N () C:\WINDOWS\SchedLgU.Txt
2014-02-25 22:27 - 2008-05-08 13:19 - 01061488 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-25 22:14 - 2010-08-04 19:48 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 22:04 - 2014-02-25 21:59 - 00000000 ____D () C:\AdwCleaner
2014-02-25 21:58 - 2014-02-25 21:58 - 01241834 _____ () C:\Documents and Settings\Jiří Žák\Plocha\adwcleaner.exe
2014-02-25 21:38 - 2014-02-25 21:38 - 00009637 _____ () C:\Documents and Settings\Jiří Žák\Plocha\Addition.zip
2014-02-25 21:26 - 2014-02-25 21:26 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jiří Žák\Plocha\FRSTLauncher (1).exe
2014-02-25 21:25 - 2014-02-25 21:25 - 01144320 _____ (Farbar) C:\Documents and Settings\Jiří Žák\Plocha\FRST.exe
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2014-02-25 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-25 20:52 - 2009-12-11 11:52 - 00000000 __RHD () C:\Documents and Settings\Jiří Žák\Data aplikací
2014-02-25 17:33 - 2014-02-25 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-02-25 17:24 - 2014-02-25 17:24 - 00011091 _____ () C:\ComboFix.txt
2014-02-25 17:24 - 2014-02-24 22:25 - 00000000 ____D () C:\Qoobox
2014-02-25 17:24 - 2008-05-09 01:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-25 17:22 - 2008-05-08 20:13 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-25 00:34 - 2008-05-08 20:13 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-25 00:27 - 2008-05-09 01:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-25 00:03 - 2009-12-11 11:52 - 00000000 ___RD () C:\Documents and Settings\Jiří Žák\Dokumenty
2014-02-24 23:58 - 2014-02-24 23:58 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ___RD () C:\Program Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-24 23:57 - 2014-02-24 23:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2014-02-24 23:57 - 2010-08-04 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-02-24 23:53 - 2014-02-24 23:53 - 00000957 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Windows Defender.lnk
2014-02-24 23:53 - 2014-02-24 23:53 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-24 23:28 - 2014-02-24 23:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909921$
2014-02-24 23:27 - 2014-02-24 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-24 23:03 - 2014-02-24 22:25 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-24 22:51 - 2014-02-24 22:51 - 00000000 _RSHD () C:\cmdcons
2014-02-24 22:51 - 2008-05-08 20:13 - 00000327 __RSH () C:\boot.ini
2014-02-24 22:49 - 2012-11-24 20:46 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Seznam.cz
2014-02-24 22:48 - 2011-10-04 19:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-24 22:47 - 2009-12-03 04:13 - 00000000 ____D () C:\Program Files\Creative
2014-02-24 22:47 - 2009-12-03 04:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-24 22:47 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-02-24 22:44 - 2011-02-03 18:33 - 00001912 _____ () C:\WINDOWS\epplauncher.mif
2014-02-24 22:37 - 2009-12-03 04:04 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-02-24 22:27 - 2008-05-08 13:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-02-24 22:10 - 2014-02-24 22:10 - 00000000 ____D () C:\ce79b8cfec5276ce60e345e22a1242
2014-02-24 22:10 - 2013-07-29 09:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-24 22:09 - 2010-03-11 08:06 - 00000000 ____D () C:\Documents and Settings\Jiří Žák\Data aplikací\Media Player Classic
2014-02-24 18:27 - 2009-12-24 20:10 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-23 20:59 - 2014-02-23 20:59 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-23 20:59 - 2014-02-08 19:21 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-23 20:59 - 2011-08-13 12:13 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-23 20:07 - 2010-11-15 18:22 - 00002280 _____ () C:\Documents and Settings\Jiří Žák\Plocha\Google Chrome.lnk
2014-02-16 20:52 - 2014-02-24 22:27 - 00000426 _____ () C:\AVScanner.ini
2014-02-04 05:49 - 2011-06-22 05:52 - 00852992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-04 05:49 - 2011-06-21 19:18 - 00037888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-04 05:49 - 2010-11-05 06:02 - 00532480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-04 05:49 - 2010-09-09 15:23 - 00450048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-04 05:49 - 2010-03-10 05:43 - 01025024 ____C (Společnost Microsoft) C:\WINDOWS\system32\dllcache\browseui.dll
2014-02-04 05:49 - 2010-02-26 06:43 - 00251904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 03115520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 01510912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shdocvw.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00669696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00628224 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-04 05:49 - 2009-12-03 03:57 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2014-02-04 05:49 - 2009-10-29 06:26 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdc.ocx
2014-02-04 05:49 - 2008-05-08 20:13 - 01510912 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-04 05:49 - 2008-05-08 20:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-02-04 05:49 - 2008-05-08 20:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 03115520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 01025024 _____ (Společnost Microsoft) C:\WINDOWS\system32\browseui.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-04 05:49 - 2008-05-08 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-02-04 05:48 - 2008-05-08 20:12 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

Some content of TEMP:
====================
C:\Documents and Settings\Jiří Žák\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-05-08 20:12] - [2008-04-14 13:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2008-05-08 20:13] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2008-05-08 20:13] - [2008-04-14 13:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2008-05-08 20:13] - [2008-04-14 13:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-05-08 20:13] - [2008-04-14 13:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

==================== End Of Log ============================

#8 Příspěvek od **Rudy** » 25 úno 2014 23:02

OK. Nastala nějaká změna?

Verulina · #9 Příspěvek od **Verulina** » 25 úno 2014 23:09

obávám se že bohužel ne:-(

#10 Příspěvek od **Rudy** » 26 úno 2014 09:52

OK, zkusíme něco jiného. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC.

Dále dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Verulina · #11 Příspěvek od **Verulina** » 26 úno 2014 18:42

ComboFix 14-02-24.02 - Jiří Žák 26.02.2014 18:32:02.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.332 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ji°Ý Äßk\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-26 do 2014-02-26 )))))))))))))))))))))))))))))))
.
.
2014-02-26 17:22 . 2014-02-26 17:22 -------- d-----w- C:\_OTM
2014-02-25 21:21 . 2014-02-17 00:32 7947048 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{3F5EA52D-3E7C-4586-A11E-5A9C76B108D5}\mpengine.dll
2014-02-25 20:59 . 2014-02-25 21:04 -------- d-----w- C:\AdwCleaner
2014-02-25 20:26 . 2014-02-25 21:58 -------- d-----w- C:\FRST
2014-02-25 19:52 . 2014-02-25 19:52 -------- d-----w- c:\documents and settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 19:52 . 2014-02-25 19:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-02-25 16:33 . 2014-02-25 16:33 -------- d-----w- c:\program files\ESET
2014-02-24 22:58 . 2014-02-24 22:58 -------- d-----w- c:\documents and settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 22:57 . 2014-02-24 22:57 -------- d-----w- c:\program files\Common Files\Skype
2014-02-24 22:57 . 2014-02-24 22:57 -------- d-----r- c:\program files\Skype
2014-02-24 22:57 . 2014-02-17 00:32 7947048 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-24 22:53 . 2014-02-24 22:53 -------- d-----w- c:\program files\Windows Defender
2014-02-24 21:10 . 2014-02-24 21:10 -------- d-----w- C:\ce79b8cfec5276ce60e345e22a1242
2014-02-23 19:59 . 2014-02-23 19:59 17858952 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-02-08 18:21 . 2014-02-23 19:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 19:59 . 2011-08-13 11:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 04:49 . 2008-05-08 19:13 669696 ----a-w- c:\windows\system32\wininet.dll
2014-02-04 04:49 . 2008-05-08 19:13 61952 ----a-w- c:\windows\system32\tdc.ocx
2014-02-04 04:49 . 2008-05-08 19:12 81920 ----a-w- c:\windows\system32\ieencode.dll
2014-02-04 04:48 . 2008-05-08 19:12 370176 ----a-w- c:\windows\system32\html.iec
2014-01-16 00:40 . 2014-01-16 00:40 487016 ----a-w- C:\SecurityScanner.dll
2014-01-05 15:36 . 2014-01-05 15:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-05 15:36 . 2012-09-03 18:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-31 00:45 . 2008-05-08 19:13 434176 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 05:13 . 2010-03-02 18:34 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-05 11:26 . 2008-05-08 19:12 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-05-26 488960]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-30 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-03-18 320808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-29 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-25 07:13 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3.12.2009 4:08 14248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3.12.2009 4:13 143840]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [3.12.2009 5:33 93952]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3.12.2009 5:34 5097632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3.12.2009 5:34 110080]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3.12.2009 5:34 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3.12.2009 5:34 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3.12.2009 5:34 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3.12.2009 5:33 157696]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 8:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.12.2009 5:32 1684736]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.8.2011 11:49 30312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [14.8.2011 11:49 77624]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.8.2011 11:49 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.8.2011 11:49 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.8.2011 11:49 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14.8.2011 11:49 114280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [14.8.2011 11:49 181432]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08 19:59]
.
2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 18:48]
.
2014-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 18:48]
.
2014-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-26 18:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-02-26 18:41:25
ComboFix-quarantined-files.txt 2014-02-26 17:41
ComboFix2.txt 2014-02-25 16:24
ComboFix3.txt 2014-02-24 22:05
.
Před spuštěním: Volných bajtů: 123 554 050 048
Po spuštění: Volných bajtů: 123 542 405 120
.
- - End Of File - - 2154667336085C27A970EB3F5FD6FAE3
7B53936AFA31AA818DDEE1F13C3004E3

#12 Příspěvek od **Rudy** » 26 úno 2014 19:23

ComboFix přesuňte na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte rovněž na kořenový adresář c:\ jako CFScript.txt. Pak jej myší v průzkumníku windows (nebo jiném souborovém manažeru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Verulina · #13 Příspěvek od **Verulina** » 26 úno 2014 20:21

ComboFix 14-02-24.02 - Jiří Žák 26.02.2014 20:05:48.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.435 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-26 do 2014-02-26 )))))))))))))))))))))))))))))))
.
.
2014-02-26 17:22 . 2014-02-26 17:22 -------- d-----w- C:\_OTM
2014-02-25 21:21 . 2014-02-17 00:32 7947048 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{3F5EA52D-3E7C-4586-A11E-5A9C76B108D5}\mpengine.dll
2014-02-25 20:59 . 2014-02-25 21:04 -------- d-----w- C:\AdwCleaner
2014-02-25 20:26 . 2014-02-25 21:58 -------- d-----w- C:\FRST
2014-02-25 19:52 . 2014-02-25 19:52 -------- d-----w- c:\documents and settings\Jiří Žák\Data aplikací\Malwarebytes
2014-02-25 19:52 . 2014-02-25 19:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-02-25 16:33 . 2014-02-25 16:33 -------- d-----w- c:\program files\ESET
2014-02-24 22:58 . 2014-02-24 22:58 -------- d-----w- c:\documents and settings\Jiří Žák\Local Settings\Data aplikací\Skype
2014-02-24 22:57 . 2014-02-24 22:57 -------- d-----w- c:\program files\Common Files\Skype
2014-02-24 22:57 . 2014-02-24 22:57 -------- d-----r- c:\program files\Skype
2014-02-24 22:57 . 2014-02-17 00:32 7947048 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-24 22:53 . 2014-02-24 22:53 -------- d-----w- c:\program files\Windows Defender
2014-02-24 21:10 . 2014-02-24 21:10 -------- d-----w- C:\ce79b8cfec5276ce60e345e22a1242
2014-02-23 19:59 . 2014-02-23 19:59 17858952 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-02-08 18:21 . 2014-02-23 19:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 19:59 . 2011-08-13 11:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 04:49 . 2008-05-08 19:13 669696 ----a-w- c:\windows\system32\wininet.dll
2014-02-04 04:49 . 2008-05-08 19:13 61952 ----a-w- c:\windows\system32\tdc.ocx
2014-02-04 04:49 . 2008-05-08 19:12 81920 ----a-w- c:\windows\system32\ieencode.dll
2014-02-04 04:48 . 2008-05-08 19:12 370176 ----a-w- c:\windows\system32\html.iec
2014-01-16 00:40 . 2014-01-16 00:40 487016 ----a-w- C:\SecurityScanner.dll
2014-01-05 15:36 . 2014-01-05 15:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-05 15:36 . 2012-09-03 18:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-31 00:45 . 2008-05-08 19:13 434176 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 05:13 . 2010-03-02 18:34 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-05 11:26 . 2008-05-08 19:12 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-05-26 488960]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-30 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-03-18 320808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-29 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-25 07:13 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3.12.2009 4:08 14248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3.12.2009 4:13 143840]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [3.12.2009 5:33 93952]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3.12.2009 5:34 5097632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3.12.2009 5:34 110080]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3.12.2009 5:34 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3.12.2009 5:34 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3.12.2009 5:34 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3.12.2009 5:33 157696]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 8:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.12.2009 5:32 1684736]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.8.2011 11:49 30312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [14.8.2011 11:49 77624]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.8.2011 11:49 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.8.2011 11:49 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.8.2011 11:49 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14.8.2011 11:49 114280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [14.8.2011 11:49 181432]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08 19:59]
.
2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 18:48]
.
2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 18:48]
.
2014-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-26 20:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2014-02-26 20:19:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-26 19:19
ComboFix2.txt 2014-02-26 17:41
ComboFix3.txt 2014-02-25 16:24
ComboFix4.txt 2014-02-24 22:05
.
Před spuštěním: Volných bajtů: 123 540 680 704
Po spuštění: Volných bajtů: 123 520 110 592
.
- - End Of File - - 2B3243BBAB46016DDBE3099909B897F4
7B53936AFA31AA818DDEE1F13C3004E3

#14 Příspěvek od **Rudy** » 26 úno 2014 21:01

Log je již OK. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?

Verulina · #15 Příspěvek od **Verulina** » 26 úno 2014 21:08

ne, bohužel nenastala...

VIRY.CZ

vytížení CPU 100%

vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%

Re: vytížení CPU 100%